Recently I wrote about how to use the Tor network as a free VPN and how to make as secure as possible in the Tor a hidden friend to SSH your home network entry. However, I recommended to use WireGuard to connect securely and fast to your home network if you could set port forwarding on your router and leave Tor as a last option, since it is slow and its main goal is to serve as a circumvent censorship tool rather than a VPN.
The other option was to pay and make use of a VPS and here is where Tailscale comes into play and from their website: Tailscale is
a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.
So Tailscale is a VPN that uses WireGuard, which means it is fast and secure. But WireGuard is used by other VPN providers… well the difference is that Unlike traditional VPNs, which tunnel all network traffic through a central gateway server, Tailscale creates a peer-to-peer mesh network (called a tailnet).
So, in short it "removes the man in the middle" (VPN hub) and allows your phone to connect directly to your Plex server, without routing in between.
Here I am saying that it "removes the man in the middle", but it is not completely true, since you have to login all your devices into the tailscale website through their app, so it is not completely private. The app will take care of all the needed configurations, this is the great thing because all you just need to do is to login. You will not need open ports and/or configure forwardings.
It might not be completely private and it does not fully removes the man in the middle, but for now it is free, you can register for 1 account and login until 20 devices.
Tailscale install on OpenWrt
You can install the app on every devices you want (remember you are limited to 20 in a free account) and by authorizing the login the website each device will be able to communicate between them directly.
Installation is very simple, as they claim it is a Zero config VPN and A secure network that just works. Go ahead and create your tailscale account first.
On OpenWrt you just have to run the following commands (or install it through Luci):
|
|
Once completed, enable the daemon and start it:
|
|
Now simply run:
|
|
A link will show, go to that link in your browser and login. et voila! the OpenWrt router is completely registered.
Since version 22.03 of OpenWrt you need to add the flag --netfilter-mode=off
and configure the firewall rules, due to OpenWrt uses now nftables.
Tailscale on Android
Yeah, just go to the Play Store, install the app and login. C'est tout!
Once logged in, start it, you will see your OpenWrt router. You can tap the router name to copy the address, paste it in the browser and you will be directed to the Luci page (assuming yours is OpenWrt).
You can repeat this within all your servers, it just works!
Alternatives
headscale
If you are able to set a VPS or can do port forwarding and are willing the keep running 24/7 a server, you could set headscale, which is an open source, self-hosted implementation of the Tailscale control server. This way you will be in full control of your devices without the need to register to tailscale. Using tailscale apps will work with headscale. Android app will not work, you will have to compile it your self or as explained in this post from icloudnative (in chinese), you could use the FZR-forks Tailscale Android Client (look in the Actions section to download the last compiled version) that allow custom urls for the Tailscale control server. This way the Android app will work.1
Netmaker
Another alternative is Netmaker, which does practically the same as tailscale or headscale using the WireGuard protocol. As headscale, you will need a VPS or perform port forwarding to keep your server running 24/7 the control server. They have app support for Linux, FreeBSD, Windows, Mac, etc… and for the ones that do not have app support, the official WireGuard app can be used without problem.
ZeroTier
There is also ZeroTier, which will do the same as the previous but without WireGuard. ZeroTier offers a self hosted controller (as headscale and Netmaker), a free ZeroTier Hosted Controller (as tailscale) and professional/enterprice plans. ZeroTier has support for practically all platforms.
Final thoughts
- I have installed Tailscale now in my OpenWrt router, where I connect, using my phone, to access the webui-aria2 (or you can choose AriaNg or jjling2011's AriaNgMod), so I can download Linux ISOs when I am away from home and will be ready when I arrive.
- I also have Wake-on-Lan (WoL) on the OpenWrt, which I use to wake a Plex server when I need it, since I do not like to have it powered on 24/7.
- Tailscale uses WireGuard, so all traffic is encrypted and it is faster that OpenVPN and IPsec.
- It is unsure how long the free service of Tailscale will last, you might have to pay later a fee to keep using it, but for now use it as much as you can. Remember that you have to create an account, so data usage might be sent to a third party.
- Tailscale was founded in 2019, while WireGuard has been under development since 2015/2016. Yeah, WireGuard is relatively new but has proved to be effective.
- By default Tailscale will only create an overlay to route traffic within devices, but will not touch the public traffic of the devices. You can configure an exit node so all the public traffic would be routed to one device to perform the internet connection, like a normal VPN.
- My ISP refuse to open ports in the router that sold me and I hate it for that. I will insist again so I can configure WireGuard peer-to-peer without any third party.
If you found this content useful, please support me:
BTC: 1E2YjL6ysiPxRF4AEdXChpzpesRuyzgE1y
Footnotes
Actually now, the official Tailscale android app allows you to select a custom server to make it work with headscale.