Client SSS

If you don’t want to use magic DNS like myself. I was having issues with it so I did this.

Add the following to ~/.bashrc this will allow you to SSH to clients in the following way tailssh $USER $HOSTNAME you can also just run tailssh and that will show you all of the servers

function tailssh () {
  if [[ -z $1 ]] && [[ -z $2 ]]; then
    tailscale status |  grep -v 'filter/INPUT' | column -t
  else
    host=$(tailscale status | grep $2 | awk '{ print $1 }')
    ssh ${1}@${host}
  fi
}

Now we need to install column apt install bsdmainutils

No you can use it and it works well

Sharing

Share machines between networks

headscale nodes share $NODE_ID --namespace $NODE_NAMESPACE $NAMESPACE_TO_SHARE_INTO

Auth

Preauth nodes

headscale preauthkeys -n $NAMESPACE create

On the client do the following

tailscale up --login-server https://headscale.domain.com --authkey $KEY_FROM_ABOVE


CLI Commands

headscale preauthkeys -n $NAMESPACE_TO_SHARE_INTO list


Routing

Enable IP Forwarding on host

echo 'net.ipv4.ip_forward = 1' | tee /etc/sysctl.d/ipforwarding.conf
echo 'net.ipv6.conf.all.forwarding = 1' | tee -a /etc/sysctl.d/ipforwarding.conf
sysctl -p /etc/sysctl.d/ipforwarding.conf

Advertise route via tailscale

tailscale up --advertise-routes=192.168.0.0/24 --login-server=https://headscale.domain.com

List routes to make sure it’s being presented

headscale routes list --namespace $NAMESPACE $NODE_NAME

This will return someting like this

Route          | Enabled
192.168.0.0/24 | false

Enable route within headscale

headscale routes enable --namespace $NAMESPACE $NODE_NAME 192.168.0.0/24

List routes to make sure it’s enabled

headscale routes list --namespace $NAMESPACE $NODE_NAME

This will return someting like this

Route          | Enabled
192.168.0.0/24 | true

This verifies the routes are enabled now on each client you want to be able to access the you have to run

tailscale up --accept-routes --login-server=https://headscale.domain.com

Now you can magically ping things. My mind was blown

My testing worked like this and I was amazed it worked

myPC -> router (Debian 11 | running tailscale) -> rPi (at moms house) -> (remote network I can access)


This is some crazy stuff