What are the steps to add tailscale to node? Any help would be appreciated .
If I can ask a preliminary question: What is the use case? Are you on ASL3?
There is a simple one-line curl command on the Tailscale website that will install the package and the key ring . It will then give you instructions on invoking it.
Carl/K6CRS
I need Tailscale to be able to log into the node at a repeater site remotely so as to make changes to things as needed without the need to travel to the site with a laptop. We are controlling two repeater sites with allstarlink as controllers. One is on a mountain and already has tailscale installed. Someone else did it for me.
Excellent time to learn, then. One line will do it:
(assuming you are NOT root…)
curl -fsSL https://www.tailscale.com/install.sh | sudo bash
and follow the directions, including going to the automatically generated URL it gives you at the end.
Carl/K6CRS
FYI, the install instructions for Tailscale are right on their website for each different operating system. This is a good opportunity to get a discussion going on Tailscale and learn how different nodes are configured for getting inbound traffic. You can make any public facing node an Exit Node. You can do port forwarding in the firewall rules to different Allstar Nodes on the Tailscale but I have unable to get this to work, as the node accepting the call rejects the connection, as it sees the incoming IP address as different from the public IP of the connecting node. IP Masquerading didn’t seem to get around this. Look for success stories.
Tailscale is ideally suited for anyone behind a CGNAT. Very simple and user friendly
You need any help, Get in touch and I’ll be ready to help …73
I am Robert ko4lxl. I have my note installed works great on my home network but when I connected to my T-Mobile HotSpot when I travel CGNAT blocks port forwarding. I have tail scale installed on my network at home along with my T-Mobile hotspot and I'll starlink three node. I also have a Raspberry Pi setup as an exit node on my home network. I don't know how to configure it to get by that T-Mobile issue. Any help or suggestions or link would be so helpful. Thanks in advance
73
Robert KO4LXL
Tailscale is not the solution for CGNAT issues. See 44Net Connect for ASL - AllStarLink Manual.
Robert:
I am doing exactly this with Tailscale and an exit node running on a VPS to get around CG-NAT issues on my ISP (Lumos Fiber, now T-Mobile Fiber).
Tailscale by itself isn’t particularly useful for this purpose, but when paired with an exit node that has unfiltered IPV4, then this can be done.
I will say that it may be easier for you to use 44net, and there is a page in the Allstarlink manual about how to set it up. I already had an established tailnet before this was written, so figured I could use it for that purpose. Turns out it works fine, provided you are aware of how to do NAT prerouting on your exit node.
Essentially, you need to do a few things:
Set up an exit node with appropriate NAT prerouting and firewall rules. If this exit node is also behind NAT, then any ports you want served need to be forwarded to the IP address of your exit node on the LAN.
Configure your ASL3 node with Tailscale to use your exit node, but also allow LAN traffic. For example: tailscale set –exit-node=100.123.123.123 –exit-node-allow-lan-access
where 100.123.123.123 is the tailscale IP address of your exit node.
That’s all that needs to be done from the perspective of Tailscale, both in terms of client and server. Everything else is down to firewall rules on the exit node.
I personally do all this stuff using native iptables only because that’s what I know. ufw might be a better way to go.
I have several nodes on different ports behind the same public IP address, which is associated with my Tailscale exit node, and I can accept traffic inbound on all of them, have no registration issues with HTTP, etc.
I can post some examples of firewall configuration later, but at the moment, I’m on my phone, and that’s kind of a pain, but, yes, this can absolutely be done through Tailscale successfully.
I like doing it this way because I can control my nodes and not route all my phone traffic through a VPN.
GitHub - hardenedpenguin/wg_vpn_rb: WireGuard VPN manager for Debian. Server setup, client management, and port forwarding with source IP preservation for ASL3. · GitHub This fully automates the setup of a vps locally so no need for any third party sites unless your cgnat completely for home internet. Simple server setup and client setup, has ability to forward to any port to a client. It been fully tested and deployed for multiple nodes already