Credit: https://tailscale.com
OUR EXPERT
Matt Holder
is an IT professional of 15 years, Linux user for over 20 years, user of plenty of home-automation gear and self-professed geek.
You can learn a lot more about Tailscale by visiting the excellent website here: https://tailscale.com/kb/1017/install
We are going to investigate how we can use VPNs to keep our home networks safe, whilebeing able to access resources when we are away from home. We are also considering how to use a VPN to provide remote support while not opening up all the devices to which we have access to all users.
Before getting into specifics, let’s talk about what a VPN (virtual private network) is. A VPN allows us to expand our networks, while providing a virtual network layer. It is often used to bridge two networks at remote locations together or allow access to resources in a more secure manner than opening ports on a firewall.
There is a large number options available (OpenVPN, SSL VPN, ZeroTier and many others) and these operate at Levels 2, 3 or 4 of the OSI model, with some creating a star topology back to a central location and some operating in a peer-to-peer manner. In this article, we are focusing on the commercial Tailscale VPN, which has a generous free tier available.
Tailscale operates by providing a peer-to-peer network between your devices, where none of your traffic goes through its servers, but they are used to provide the control plane, including negotiation services, to initiate the connections. Tailscale refers to your private network as a Tailnet. Management of your Tailnet and Tailscale account is through its web portal and from here you can configure everything, including reauthentication times for devices, DNS settings and access control lists (ACLs).
Tailscale uses the modern and well-regarded (and secure) WireGuard VPN technology, and provides methods of key exchange and all of the other features that will be discussed.
So, with that little bit of introduction given, what will we do in this article? First of all, we will detail the creation of an account and download the client for one of your devices. While talking about devices, clients are available for Windows, Mac OS, iOS, Android and Linux. Once the account has been created and the first device added, we will investigate the admin portal a little further to demonstrate some of the key principles. Following this, we will spend some time talking about how you could use the Tailscale add-on for Home Assistant, which will allow access to your smart home kit without opening ports on your router. We will then spend some time introducing some of Tailscale’s additional functionality.
Usage scenarios
There are countless different things that Tailscale can be used for, with the first being access to your home network from external locations. This is more secure as it means that you do not need to open ports from the big wild internet to the safe haven of your home.
By adding the client to all your devices, you have an IP network wherever you are. This means you can do things like send files from worldwide locations to anyone in your household. LocalSend is perfect for this task and can run on most operating systems.