Skip to content

Setup Tailscale self-hosted for use external network and remote (single user)

Notifications You must be signed in to change notification settings

hypnguyen1209/ionscale-vpn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ionscale-vpn

Note: I built a self-hosted tailscale setup solution for the purpose of being able to use an external network at the office and still be able to use it remotely very simply.

What is Tailscale?

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open source WireGuard protocol, which means only devices on your private network can communicate with each other.

What is ionscale?

While the Tailscale software running on each node is open source, their centralized "coordination server" which act as a shared drop box for public keys is not.

ionscale aims to implement such lightweight, open source alternative Tailscale control server.

Setup

First, we need to configure the DNS of 1 public domain/subdomain to the IP VPS address we will use to deploy this solution.

You can use dig to make sure that DNS records are propagated:

dig ionscale.example.com

Next, you need to rename the ionscale configuation located in the ./ionscale folder:

mv config.yaml.example config.yaml

Modify this config to your options setup:

listen_addr: ":443"
public_addr: "ionscale.example.com:443"  # change to your domain/subdomain
stun_public_addr: "ionscale.example.com:3478" # change to your domain/subdomain

tls:
  acme: true
  acme_email: "[email protected]" # not required

keys:
  system_admin_key: "sha256(randomstring)" # Ex: tr -dc A-Za-z0-9 </dev/urandom | head -c 13 | sha256sum

database:
  url: "/data/ionscale.db?_pragma=busy_timeout(5000)&_pragma=journal_mode(WAL)"

logging:
  level: info

Modify file docker-compose.yml:

...
environment:
      - PUBLIC_ADDR= # public address in public_addr 
      - WARP_LICENSE_KEY= # License key for Warp+ (not required)
...
environment:
      - PUBLIC_ADDR= # public address in public_addr 

Next, i created the file ./run.sh by mistake and optimizes it when you execute it into the container

chmod +x ./run.sh
./run.sh init

image

Next, before creating an auth key, you need to create a tailnet first:

./run.sh tailnet create <name for tailnet>

Ex:

./run.sh tailnet create troller

image

Once we have created the tailnet, we will now create auth key mapping into that tailnet

./run.sh auth create <name for machine> <name for tailnet>

Ex:

./run.sh auth create warp-exit-node troller

./run.sh auth create nord-exit-node troller

image

Once you have auth, you can authenticate for 2 urls https://ionscale.example.com/a/r/<string>

To see the machines that have joined the tailnet:

./run.sh auth list <name for tailnet>

Ex:

./run.sh auth list troller

image

Now need to enable exit-node for 2 machines: warp, nordvpn

./run.sh enable_exit_node <ID of machines>

Ex:

./run.sh enable_exit_node 117216020300564994
./run.sh enable_exit_node 117216000016910850

image

Finally, you need to enable nordvpn

chmod +x nord.sh
./nord.sh login

Here i have configured Nordvpn's manual login, without 2FA to create API Token on the dashboard

image

Visit the url and login your Nordvpn account there

image

You copy the callback link that Nordvpn returns containing the exchange token for you

./nordvpn login --callback "nordvpn://login?action=login&exchange_token="

image

Connect vpn:

./nord.sh connect Vietnam

Now you can use your personal computer and join these tailnet networks

Guide:

Credit

https://support.nordvpn.com/hc/en-us/articles/20465811527057-How-to-build-the-NordVPN-Docker-image

https://jsiebens.github.io/ionscale/

https://github.com/cmj2002/warp-docker

About

Setup Tailscale self-hosted for use external network and remote (single user)

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published