tail:scaled

I can now hit my home network from anywhere on my phone, which is nice, makes my home nextcloud reachable which was the main thing I wanted, that way I can a) do syncs and b) have my full photo library everywhere. Using a headscale node running on my server rather than dealing with tailscale's free limitations.

I did consider just doing a manual wireguard setup and I might still depending on how this goes but the meshing features might be worth it all on their own.

Running Tailscale in a container on the server which is a little finicky, I'm actually subnet-routing out to the whole house which has upsides (I could WoL and SSH into my desktop from anywhere too) but is also kind of strange because it means that if I'm connected to the tailnet then 10.0.0.0/24 is routable even if I'm on mobile data.

got headscale working, now time to figure out how to use it. internal services is easy - connect the system providing X service and assign it an internal subdomain. external-facing is a bit harder but I think there's an inbuilt feature for that ?

Weekly output: Tech Talks podcast, SpaceX Starship, AI data privacy, Bluesky CEO Jay Graber, agentic AI, scaling AI, Trump scrubs NASA nomination

View On WordPress

Travel Router

Over the last few weeks, I have made posts about different software I have implemented to make my cyber life more secure, efficient, and personal. This week I will cover the most recent piece of hardware I have added to my arsenal. The Beryl AX is a pocket-sized Wifi-6 travel router. Now why would you need a travel router and what does it do?

The Beryl AX provides multiple functions to keep you secure with high-speed internet on the go. It provides enhanced security on public networks, reliable internet performance, multiple device connections, customization with different internet sources, and most importantly it’s portable. On top of all this, it doesn’t break the bank in terms of cost.

(Picture for size reference)

Focusing on its travel application, it allows you to create a secure connection between your devices and any public network you would like to use. It does this by coming with a personal firewall, VPN services, and its ability to isolate your devices away from the public network and keep them on your private network that Beryl establishes. It also can boost weak Wi-Fi signals from a public Wi-Fi source, such as a hotel or café Wi-Fi. This, with its Wi-Fi 6 technology allows for faster and better-performing signals that would generally be pretty poor. Beryl’s UI is also extremely user-friendly and easy to navigate with many built-in features like adding Tor capabilities and even adding Tailscale (I wrote about Tailscale previously if you don’t know what it is). The GL.iNeT is still updating the Beryl and their other devices with new and improved capabilities. My first big experience with Beryl will be coming up soon when I travel to Bangkok for a vacation.

Source:

Got distracted with setting up headscale instead. But now that works, so lets get back to Artix.

Darwin was one of the first things Apple open-sourced (24 years ago). It's been mostly a "throw it o...

Server misadventure report:

Tailscale will expire your devices' keys every few months by default, and I didn't realize my home server had expired until I couldn't connect to it from outside the house and saw on the admin console that it was offline and expired. I turned off key expiry and it was still offline. Okay, gotta log back in on the server itself. Fine.

When I got home, I TTYed into the server and I believe this is the order of events: I ran "tailscale up" to log back in. I checked my torrent client which is bound to the tailscale tunnel since I've only been able to get Mullvad to work on that device through Tailscale, and it still wasn't active. While I was trying to diagnose that, I ran "tailscale update" to update the version. I believe this is where the harder to solve problem happened.

While TS was updating itself, I realized the issue with the torrent client was that I had only joined the TS VPN but I hadn't connected to the Mullvad exit node. This is where the stupider problem happened, because you have to specify that you want to leave LAN access open when you connect to an exit node every time, and I forgot to do this when I used TTY over LAN to tell my headless server to connect to the exit node. Fortunately I got access back by removing the server from my VPN group and rebooting.

When the server was back up, responding to commands, and reauthorized on my TS VPN, I gave the appropriate command to connect to the Mullvad exit node and it gave an error. I thought I had selected the wrong address and told it to list available exit nodes, and it said no nodes found. This was the harder problem to solve. Rebooting didn't do it, it was already the most recent version. I had to leave it for a few days.

While I was trying to find a post online explaining why I couldn't find Mullvad exit nodes even though the device was authorized in my account to use Mullvad, I remembered that the last time it worked might have been before I updated the version. While I was wondering how to go about it back, I noticed that the update command in TS was flagged as "beta" and had a warning that it might not work correctly. I had Apt uninstall and reinstall Tailscale and everything worked correctly and I was finally back to normal.

https://www.threads.net/t/Cuo6YgbvUbU/?igshid=NTc4MTIwNjQ2YQ==

Awww yess I've figured out how to get Nocturnal to stream directly from Arkay so now I can play games on my TV with graphics on high!

Tailscale 4via6 — Simple, secure network connectivity that scales

Tailscale 4via6 | Disponibilidad general : conecte implementaciones de borde a escala.

setting up my pihole to block all x/twitter.com urls is the smartest thing I've done since I set up my pihole

the scp command is my favorite magic spell

How to create a Tailscale VPN connection to my Synology NAS

This article discusses how to create a Tailscale VPN connection to my Synology NAS. According to their documentation, Tailscale simplifies secure connections to your Network-Attached Storage (NAS) devices using WireGuard. Please see how to create New Users and Join Synology NAS to Active Directory, DSM Security: How to Protect Synology DS923+ NAS, and how to “Configure VPN on Windows Server: How���

View On WordPress

Tailscale

As promised, I will talk about the software Tailscale this week. This do-it-yourself VPN allows you to create a mesh network of all your devices in a simple accessible and user-friendly manner. It’s a modern VPN solution focuses on making secure and private networking as easy as possible. It uses peer to peer, or decentralization, model meaning devices are connected without passing through a central VPN network. It’s like a co-op grocery store but for devices. This means that each device that has Tailscale and is on your tailnet can talk to each other directly no matter where they are in the world. This allows for a wide plethora of different applications.

One common application and one that I use as well is establishing a Network Attached Storage (NAS) on your tailnet. A NAS is a device or system that stores data and allows people to access this data over the network. It’s much like the cloud in a sense, but I have the physical server with me, and in my case, have control over how it works, can upgrade it, and change its configuration. With a NAS onboard the tailnet and the ability to talk between devices on the tailnet, I have just established my cloud. Wherever I am, as long as I’m on my tailnet with the device I’m using and my NAS is up, I can access it.

In addition to its other many customizable features, it also can use devices as exit nodes. In my case this allows me to have my Raspberry Pi on my tailnet use it as an exit node and reap the benefits of the Pi-hole application that’s established on it. If you don’t know what Pi-hole is, I made a post about it previously. So not only can I now access my storage system anywhere, but I can also have DNS blocking anywhere.

There are so many more applications I’m yet to discover with Tailscale and it’s a very much growing software. They are constantly updating it, adding new features, and combining it with different hardware and software. I encourage you to check it and establish it on a few of your devices.

Sources:

so -- in case you end up in the same situation as me, and are trying to set up several small web projects with different domains onto one box in your house, but you're behind NAT and a dynamic ip as most are -- what will NOT work for you is tailscale funnel.

don't get me wrong. tailscale works great. but funnel is quirky, and it turns out it's VERY insistent on doing its own TLS stuff. in practical terms, this means that you can't CNAME to it, so you're stuck with just the auto-generated url. it's functional, but only in the most hacky scenarios.

instead, what i'm doing is:

renting a small ($5/mo) vps and adding it to my tailnet

running caddy, forwarding all requests to my home box via tailnet on http (see this guide)

on home box, also run caddy, accepting & trusting http from upstream proxies

using that caddy, distribute requests to proper servers on the box via docker network

that way each domain gets its TLS done right, but the fancy nat-punching and ddns-like work is handled by tailscale, and traffic to the home box is re-sorted to the right servers. i only got a proof of concept working tonight but im hopeful i can get this really going this week and kill my big vps's.