Jump to content

Best way to configure Tailscale for remote LAN/server access?

Technicstat
 Share
Posted

Pretty much just as the title says... Just set up a Proxmox server and do NOT want to host it on WAN. I have done some looking into Tailscale and although some time I think Headscale would make more sense, I think this is a really elegant and reasonable solution for now. The main thing right now is just figuring out how to configure my exit node at home. Should I be running an Ubuntu Server VM and then running Tailscale within that as an exit node on the bare Proxmox network from the server's NIC? Should I run it in an LXC? If so, how? Separate hardware all together? Raspberry Pi? I have an old Thinkpad T430 that I would honestly love to run off AC power as a server, but then it's external of the server. I'm a bit lost as to what the norm is here and I'm looking for some help or pointers from anyone who has Tailscale configured for this purpose.

Thanks!

Link to post
Share on other sites
Posted
16 hours ago, Technicstat said:

Pretty much just as the title says... Just set up a Proxmox server and do NOT want to host it on WAN. I have done some looking into Tailscale and although some time I think Headscale would make more sense, I think this is a really elegant and reasonable solution for now. The main thing right now is just figuring out how to configure my exit node at home. Should I be running an Ubuntu Server VM and then running Tailscale within that as an exit node on the bare Proxmox network from the server's NIC? Should I run it in an LXC? If so, how? Separate hardware all together? Raspberry Pi? I have an old Thinkpad T430 that I would honestly love to run off AC power as a server, but then it's external of the server. I'm a bit lost as to what the norm is here and I'm looking for some help or pointers from anyone who has Tailscale configured for this purpose.

Thanks!

You can run the vpn on any system within your LAN. I wouldn’t run it, or anything, directly on Proxmox… there are a few cases where this is not true, but just create LXC’s, VM’s, or docker containers within VM’s to host the applications you want to host. 
 

Any of those options, from a data flow perspective, act as an individual computer on your LAN. LXC’s and VM’s get their own IP address on your network, so you can logically think of them as their own entire PC. And id run my VPN on one of those. 

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - DellAlienware AW3423DWF 34" -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Northern Lights Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 7x14TB Ultrastar RAID Z2 - - 45 HomeLab HL15 15 Drive 4U - - Corsair RM650i - - LSI 9305-16i HBA - - TreuNAS + many other VM’s

 

iPhone 14 Pro - MacBook Air M3

Link to post
Share on other sites
Posted
  • Author
3 minutes ago, LIGISTX said:

You can run the vpn on any system within your LAN. I wouldn’t run it, or anything, directly on Proxmox… there are a few cases where this is not true, but just create LXC’s, VM’s, or docker containers within VM’s to host the applications you want to host. 
 

Any of those options, from a data flow perspective, act as an individual computer on your LAN. LXC’s and VM’s get their own IP address on your network, so you can logically think of them as their own entire PC. And id run my VPN on one of those. 

Thanks for the input! That was poorly worded on my part because I meant to suggest running it in an LXC or VM from the start. Right now I set up a separate server on a thinkpad with Ubuntu Server and a ton of power optimizations. subnet routing and exit node. This is great because it's got a huge extended battery on it so even if the power goes out it will continue running for about 6 hours. It's hooked into LAN directly via ethernet on one of its two NICs. 

Link to post
Share on other sites
Posted
2 hours ago, Technicstat said:

This is great because it's got a huge extended battery on it so even if the power goes out it will continue running for about 6 hours.

If the rest of your networking infrastructure is not also on a battery backup, this won't matter much 😉

 

But you can set up the VPN anywhere you want, as long as its inside your LAN, itll work the same. Whatever makes the most sense to you is fine.

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - DellAlienware AW3423DWF 34" -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Northern Lights Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 7x14TB Ultrastar RAID Z2 - - 45 HomeLab HL15 15 Drive 4U - - Corsair RM650i - - LSI 9305-16i HBA - - TreuNAS + many other VM’s

 

iPhone 14 Pro - MacBook Air M3

Link to post
Share on other sites
Posted
  • Author
31 minutes ago, LIGISTX said:

If the rest of your networking infrastructure is not also on a battery backup, this won't matter much 😉

 

But you can set up the VPN anywhere you want, as long as its inside your LAN, itll work the same. Whatever makes the most sense to you is fine.

I do have a UPS in place for a lot of this equipment though, so hopefully it's not totally a lost cause.

Link to post
Share on other sites
Posted
1 hour ago, Technicstat said:

I do have a UPS in place for a lot of this equipment though, so hopefully it's not totally a lost cause.

As long as your networking and intenret are up, then yes, youd be able to access everything via the VPN.

Rig: i7 13700k - - Asus Z790-P Wifi - - RTX 4080 - - 4x16GB 6000MHz - - Samsung 990 Pro 2TB NVMe Boot + Main Programs - - Assorted SATA SSD's for Photo Work - - Corsair RM850x - - Sound BlasterX EA-5 - - Corsair XC8 JTC Edition - - Corsair GPU Full Cover GPU Block - - XT45 X-Flow 420 + UT60 280 rads - - EK XRES RGB PWM - - Fractal Define S2 - - DellAlienware AW3423DWF 34" -- Logitech G502 - - Logitech G710+ - - Logitech Z5500 - - LTT Northern Lights Deskpad

 

Headphones/amp/dac: Schiit Lyr 3 - - Fostex TR-X00 - - Sennheiser HD 6xx

 

Homelab/ Media Server: Proxmox VE host - - 512 NVMe Samsung 980 RAID Z1 for VM's/Proxmox boot - - Xeon e5 2660 V4- - Supermicro X10SRF-i - - 128 GB ECC 2133 - - 7x14TB Ultrastar RAID Z2 - - 45 HomeLab HL15 15 Drive 4U - - Corsair RM650i - - LSI 9305-16i HBA - - TreuNAS + many other VM’s

 

iPhone 14 Pro - MacBook Air M3

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×