Background

I have a freebsd laptop at home but it doesn’t have a public ip so I can’t access it remotely, I also have a server so I’m trying to achieve access through tailscale networking.

Install Tailscale

Here I used pkg to install tailscale

Update pkg

1

pkg update

Install Tailscale

1

pkg install tailscale

Enable Tailscale

⚠️ It’s tailscaled not tailscale

1

sysrc tailscaled_enable="YES"

Start Tailscale

⚠️ It’s tailscaled not tailscale

1

service tailscaled start

Check Tailscale

1

service tailscaled status

you should see tailscale is running like this:

1

tailscaled is running as pid 67663.

Connect to server

I used headscale as my server, and I tried to connect to it with authkey. For more information on how to install and use headscale, please see the official documentation.

Generate authkey

We need to generate the authkey on the headscale server first.

1

headscale --namespace default preauthkeys create --reusable --expiration 24h

Then the authkey is like this:

1

c9bdab8d415f53940f920ee9e729b79ee4e7298cb5acd27d

Connect to server

1

tailscale up --login-server=http://<your-server-ip>:41641 --accept-routes=true --accept-dns=false --authkey=c9bdab8d415f53940f920ee9e729b79ee4e7298cb5acd27d

Now you have successfully connected to the server. This exposes only that node to other nodes.

Enable subnet routes

  1. Setting up the configuration file /etc/sysctl.conf

    1
2

    echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' >> /etc/sysctl.conf

  2. Connect to the server, the subnet range for this node is 192.168.0.1/24.

    1

    tailscale up --login-server=http://<your-server-ip>:41641 --accept-routes=true --accept-dns=false --advertise-routes=192.168.0.1/24 --authkey=c9bdab8d415f53940f920ee9e729b79ee4e7298cb5acd27d

  3. Get the node list on the server.

    1

    headscale node list --namespace default

    You can see this node on the server. The id of this node is 3.

  4. Enable subnet routes in the server.

    1
2

    # the id is 3, the subnet range is 192.168.0.1/24
headscale routes enable -i 3 -r "192.168.0.1/24"

  5. Check if subnet is enabled successfully.

    1

    headscale routes list -i 3

    we can see that the subnet is enabled like this:

    1
2

    Route            | Enabled
192.168.0.1/24   | true

Viewing nodes on the server

1

headscale node list --namespace default

You can see this node on the server.

Use ping to check connectivity between nodes

You can use ping to check connectivity between nodes. My current node’s ip is 100.64.0.2 and another node’s ip is 100.64.0.1. So I use ping 100.64.0.1 to check connectivity.

1

ping 100.64.0.1

You can see that the ping is successful like this:

1
2
3

PING 100.64.0.1 (100.64.0.1): 56 data bytes
64 bytes from 100.64.0.1: icmp_seq=0 ttl=64 time=965.130 ms
64 bytes from 100.64.0.1: icmp_seq=1 ttl=64 time=12.775 ms

You can also use tailscale netcheck to view the report of the connectivity.

1

tailscale netcheck