Tailscale inside LXC | Secure remote access to your server | Proxmox Home Server

Tailscale inside LXC | Secure remote access to your server | Proxmox Home Server | Home Lab

Рет қаралды 41,110

Күн бұрын

Tailscale is a powerful service which will allow to link all your devices in to one single virtual network, it will allow all devices to communicated between each other, regadless where these devices are. No Port Forwarding required !!!
Tailscale tailscale.com/
Download Tailscale tailscale.com/download/
Tailscale LXC Setup tailscale.com/kb/1130/lxc-unp...
- Series Playlist
• Proxmox Home Server Tu...
- Time Stamps
00:00 Intro
00:15 Setting up LXC container
02:23 Enable SSH connection
02:48 Changing to Static IP
04:09 Update and Upgrade process
04:24 Tailscale Install
05:19 Extra setting to make Tailscale work
07:46 Start tailscale service
11:13 Subnet Advertising and Exit Node
13:04 The End Chat
- Social -
Insta : bit.ly/2ICNLH6
Twitter: bit.ly/2L2NlLS
Email me: speaktomrp@gmail.com
- Extra -
SamsungDeX Reddit : bit.ly/2Xu2ERC
#proxmox
#homelab
#tailscale
#selfhosted

Пікірлер: 141

@mijkal Жыл бұрын

Excellent guide - thank you! Got everything functioning in a Proxmox LXC by following along.

@gasparem16 10 ай бұрын

Absolutely great video! Clear, easy to follow and down to business :) Thanks a lot!

@paul9812-t3i Жыл бұрын

Dude, you're an absolute legend. What a well explained, easy to follow tutorial. Brilliant stuff! Thank you

@MarcelodeSouzaSilva Жыл бұрын

Great! Looking forward to the next video showing how to use Guacamole in this container...

@user-bt7vc7eh6f 2 ай бұрын

Successfully installed Tailscale on a LXC thanks to you! Thank you!

@rasbe6863 8 ай бұрын

Thank you so much for your video. This is one of the most clear and concise videos I found so far to set this up.

@BeYourselfMan 7 ай бұрын

Mr P, you are AMAZING!!!!! Big hug from Portugal. It works flawlessly.

@carlrudner 2 ай бұрын

The only way i have managed to get tailscale to work on my home server! Thanks for this walk through.

@MrSamyWageh Жыл бұрын

This video is a life saver as I was looking for a VPN solution. As usual, detailed instructions and great guide. Thanks MRP.

@HenriqueZacchi 9 ай бұрын

Excellent video. Short and precise!

@noquierounhandle 9 ай бұрын

Thank you so much for this tutorial. Clear as water!

@Redd00 11 ай бұрын

Really amazing work and for something i havent ever thought of or used before! works great and the video was awesome

@KristijanDujakovic 28 күн бұрын

Fantastic! Tried so many of the Tailscale Guides...this works from scratch, super easy 👍

@QEDAGI 2 ай бұрын

Don't know why I'd put off routing for a Proxmox server on my tailnet. You made it look so simple, I did it right away. Thanks!

@thehostler0 2 ай бұрын

Even though the video is just over a year old by now, the steps are exactly the same. I've followed your guide and ran into zero issues. Thank you :)

@pr0jectSkyneT 8 ай бұрын

Just found your channel. This video was very helpful to me. Subscribed

@strix4040 7 ай бұрын

Absolutely great video, thank you

@MartinHyett 7 ай бұрын

Thanks @MRPtech for such a useful video. It explained in exactly the right level of detail so I could get my Tailscale instance up and running in Proxmox, after previously struggling a bit with some of the steps needed. My only stumble was getting access to my LAN from my phone. It took me a while to realise that I needed to allow it to use the exit node. Then all worked perfectly!

@MRPtech 7 ай бұрын

Your welcome. Exit node will route all your traffic from your phone via your home network. Imagen it as VPN (Nord VM, Private Internet Access VPN and others). This is useful when you connected to public WiFi and all traffic goes from your phone back to your home network and then via ISP router to internet. I found this sometimes a bit slow as it need to go from my phone/laptop > home > router > ISP > internet If you want to access home network without Exit node, your tailscale instance at home can be converted into route-advertise node. Which makes that if you time local ip address for example 192.168.123.456 - tailscale will take that and push all traffic to your home network and everything else will go to World Wide Web.

@MartinHyett 7 ай бұрын

Good point. I don't want to route internet traffic that way, just access those machines on my local network. So I guess I just need to use the advertise-routes argument and not the advertise-exit-node. I'm slowly beginning to understand it better. I hope!

@dimitristsoutsouras2712 9 ай бұрын

Nice presentation. I think you could also mention and make this guide more inclusive, by showing the way to create split or full tunnels for the clients.

@joelcriollo3427 9 ай бұрын

Thanks bro! i really appreciate your video! It-s very helpful! Blessings!

@jorgesoto7783 3 ай бұрын

Thanks a lot, worked like a treat!

@ren3059 7 ай бұрын

Your video was incredibly helpful, and I want to express my gratitude. Thank you so much!

@tonyMmonje 6 ай бұрын

exactly what I am looking for. thank you

@smneamat 10 ай бұрын

Excellent ! Thank you so much. :)

@hristoistoyanov 20 күн бұрын

Best tutorial ever!

@gabscar1 2 ай бұрын

Great video. Subscribed!

@SB-qm5wg 3 ай бұрын

Good video. TY

@daledroid Жыл бұрын

good work and explanation mrp, waiting for next video about guacamole

@meh8995 Жыл бұрын

did he post it?

@yarekm4270 Жыл бұрын

@@meh8995 im waiting as well

@BobWorrall Ай бұрын

very clean

@hotrodhunk7389 8 ай бұрын

I've tried so many other VPNs. Nothing worked with my cg-nat. But tailscale had zero problems finding a path. Works flawlessly for me.

@swubutu 6 ай бұрын

thanks for this tutorial ... Its Kungfu Magic !!!

@rogerrogerovo2760 2 ай бұрын

the follow up video when? :) but a really good proxmox playlist you got here

@daviduartecarvalho2796 8 ай бұрын

Thank you!

@krumelmonstertv2266 11 ай бұрын

Thank you so much

@rodrigopereira7365 3 ай бұрын

TY so much

@hypernarutouzumaki 3 ай бұрын

Hey, I really liked the setup! Could you also please do the promised video on setting up Guacamole that goes hand in hand with this tailscale setup?

@gentillidiego 20 күн бұрын

incredible

@YourWizBlog 9 ай бұрын

Thank you so much for this excellent video. Worked like charm. For others, what I did not know is that you can access all remote IP's in that network directly from your computer if they are both connected to tailscale. Not sure what happens if both of the networks share the same IP range... but that is not the case for me.

@MRPtech 9 ай бұрын

What happened with your setup is "subnet advertising" Let's say you have two devices and they are 1000 miles apart. One is in Europe and another one in US. Both are connected to same Tailscale Tailnet. You have turned on in EUROPE server. that means that when you connecting from US to Europe server you can access not only Europe server but all other devices that are in same network as Europe server. I hope that make sense

@MikeDeVincentis Ай бұрын

He's asking what happens when both sides have the same network scheme, like 192.168.1.x on both sides. Can you still access or will you have to change one of the networks?

@sp4m3r 3 ай бұрын

Great video! thank you very much. What would you say regarding security? I mean opening tailscale to access the whole home network?. Thanks!

@oztechsolutions 2 ай бұрын

Great video... thanks! Can you clear out something for me. Why do you need to SSH into that LXC container when you are already login on the terminal via proxmox?

@Bansmax 27 күн бұрын

Works perfectly - thank you very much! Do you ever feel weird that Talescale is hosted by a 3rd party?

@MRPtech 24 күн бұрын

to be honest ... i don't mind. As long as it works when i need to use it ... i am fine with that. Haven't said that, i am messing round with headscale - self-hosted tailscale server. This way i can host everything in my server, but at this moment i am not confident that i can do that fully and migrate all my connection to self-hosted state.

@Bansmax 23 күн бұрын

@@MRPtech nice one! After using Tailscale for a week - it’s been a treat. So easy to use! Do you have an automated torrent setup on your proxmox?

@riskyrun 11 ай бұрын

Can I access the proxmox web UI from outside the LAN using tailscale?

@cyrilpinto418 Ай бұрын

Hi your videos are amazing; could you consider making a video on Wireguard within a Container on a proxmox? Much appreciated.

@realabzhussain 5 ай бұрын

Do you have to enable subnets and exit node for EVERY machine in the network - or only 1 machine? Thanks

@manologitech 10 ай бұрын

Great

@ryd3v Ай бұрын

just wondering why allow root ssh login, when you can use ssh authorized key instead?

@netelijah Жыл бұрын

can you make a video on setting jellyfine, with sonarr and radarr on proxmox using truenas as the storage. please thanks

@TheStealthbob Жыл бұрын

Doing the same now...Truecharts while easy at first are a hot mess when they change. Migrating everything off of Truenas

@telefoonjoost Жыл бұрын

For some reason after following your guide, when I enable advertise-route from the admin panel of tailsce, my entire home network doesn't have a data connection anymore. When I disable advertise routes the devices on my network can connect to the outside Internet again. Very strange... Do you have any idea?

@MRPtech Жыл бұрын

1. On which side you do "advertise-routes" Inside LXC? 2. Once you have advertise-routes ON - are you confirming that inside tailscale Admin panel?

@stephenlau3690 2 ай бұрын

Unfortunately, tailscale conflicts to smb in synology nas, the intranet transfer will drop to 0kb once tailscale on in nas.😢 Any way to avoid it?

@theoqueiroz 8 ай бұрын

Great video. I just have one question: at 08:16 do we need to add the advertise options everytime the server comes up or just for the first time? I get a warning message saying that UDP GRO forwarding is suboptimally configured on eth0. Thanks for this awesome step-by-step!

@MRPtech 8 ай бұрын

During first initial setup you need to put advertising tag. If you restar lxc container, tailscale automatically will enable advertising on. If you run command "sudo tailscale down" and later you want to turn it on by running command "sudo tailscale up" you will have to add advertising on again as inside your tailscale net this node will be with advertising flag which means you need to initiate advertising again. I hope all this makes sense :)

@theoqueiroz 8 ай бұрын

@@MRPtech Got it, thanks! Any info on that warning message?

@GimmeAll 2 ай бұрын

@@theoqueiroz Did you ever figure it out, iam getting the same message ?

@caffeinatedw-w 8 ай бұрын

I finally was able to follow your video and setup Tailscale. Thanks a lot for this helpful video! I have a quick question btw, is router-advertising for the whole LAN devices a security concern? Let’s say I want to exclude one LXC from being exposed in Tailscale, is there any rule that I can set up? Many thanks!

@MRPtech 8 ай бұрын

Yes. but it is not that easy to tell in words. Basically - setting up Tailscale ACL security and assigning tags to your tailscale NODES. For example TAG_1 can only access TAG_2 and TAG_3 machines. if you LXC container is tagged with TAG_4 that makes it outside allowed list and can't be accessed. I am planning to get that video done over weekend in hope to be live by mid next week.

@caffeinatedw-w 7 ай бұрын

@@MRPtech Thank you, I ended up setting specific IP being exposed like this, tailscale set --advertise-routes=192.168.68.x/32,192.168.68.x2/32,192.168.68.x3/32

@MRPtech 7 ай бұрын

ok. i didn't know that. You can expose single IP instead of all network o.O? Well ... learn new thing every day. Thank you for sharing that !

@mikekane9734 10 ай бұрын

Thanks a lot! Question, did I miss the referred video with a remote system Remina/Guacamole? Or it is still in plans?

@MRPtech 10 ай бұрын

Remmina / Guacamole videos to come. as i have to publish couple videos in between to make more sense when you watching Remmina / Guacamole video.

@mikekane9734 10 ай бұрын

Thank you so much@@MRPtech ! Looking forward to it.

@mikekane9734 Ай бұрын

@@MRPtech Hi, I just re-watched this video. And still wondering if you shot that videos?

@baileyboy3687 Жыл бұрын

Good video and step by step very informative. So, the video just seemed to finish. How do we actually connect to our different home machines from outside world?

@MRPtech Жыл бұрын

Because tailscale lxc has subnet advertising on. using any other device with tailscale install and same account used to login you can access your local network devices from anywhere in the world. I have tailscale app on my phone. and used same account to login. now i can access home NAS from anywhere in the world because tailscale lxc has --advertise-routes ON

@baileyboy3687 Жыл бұрын

@@MRPtech ah ok thank you and will give that a try

@SpikeCooks Ай бұрын

I can access the subroutes, however i cant connect to my truenas smb share? any settings I need to fiddle with in proxmox or the tailscale container to get it to work?

@SpikeCooks Ай бұрын

literally just solved it, but in my proxmox host, I went to firewall>add>macro>smb and it worked! hope this can help anyone else :)

@iamdiego87 21 күн бұрын

With your very food guide I was able to install tailscale in a Proxmox lxc. But how can I access my proxmox VM remotely? Es. In one VM I've installed home assistant and I would like to access It from my phone where I've installed tailscale.

@MRPtech 21 күн бұрын

You need to switch advertising-routes=A.B.C.0/24 inside that tailscale. And switch that option on in tailscale dashboard. Once you done that you can access all services that are in home network from you phone from anywhere in a world as long as you have tailscale running in your home lab and your phone.

@kvmgz 10 ай бұрын

Hi there. Is there a way or a need to update the tailscale server itself? Or the apt update & upgrade resolves this?

@MRPtech 10 ай бұрын

Hi, apt update // upgrade will do that for you. When you installing tailscale via command line, tailscale repo URLs added to a list of all the repos that apt update/upgrade need to do, tailscale will be one of them.

@wayland2837 10 ай бұрын

Great video and thanks for making it. I followed you video precisely and I even double checked my work and I cannot access the proxmox admin console remotely. I can access the tailscale lcx container via ssh. What am I missing? Thanks again.

@MRPtech 10 ай бұрын

1. Do you have subnet advertising active on tailscale node? 2. If subnet advertising active, did you approved that via tailscale admin dashboard for that node?

@wayland2837 10 ай бұрын

Yes I do have subnet advertising active on the tailscale node. I did approve the subnet advertising via the tailscale admin dashboard for the node.

@MRPtech 10 ай бұрын

How you trying to access proxmox dashboard. Via tailsclale IP or using local net IP 192.168.*.*:8006 ?

@mixtereE Ай бұрын

Dear Mr P: Can you provide the order of videos to have the ubuntu lxc template created and other settings needed to complete this tutorial? You mention that the ubuntu template was created in a previous video but I could not find it. Are you using a specific version of ubuntu 22.04, server or reguluar? Am I setting up the datacenter like you advise in your first proxmox video, to just have one pve and not local, local lvm and local network? You provide great content, just sometimes miss things that are crucial for us newbies. on another video I followed your guidance for a zfs cluster until I learned that my random old computer's mix of hardware could not run it- too late. Then I had to uninstall everything. It would be great to have some successes! thanks for doing this !

@MRPtech Ай бұрын

Hi, Setting up LXC Template : kzbin.info/www/bejne/Y3TXhIGimrKBnKssi=tsCuZ-URrQwKndxV If your setup has two drives inside, i suggest to remove Local-LVM and use 2nd drive to store your ISOs, Temaplate, VM Disks. 1st drive - leave that to Proxmox OS.

@mixtereE Ай бұрын

@@MRPtech Thanks. Got it up and running. For those other newbies there is a feature when you create an lxc that allows you to choose a template. I was under the impression that one had to be created, like in mr p's video in the proxmox playlist.

@bluesquadron593 Жыл бұрын

Hi, I am facing this issue for " tailscale status # Health check: # - Some peers are advertising routes but --accept-routes is false" I cant ping the IPs from the routes IP range given in the LXC tailscale-up command.

@MRPtech Жыл бұрын

1. Where is your main tailscale setup located? LXC/VM? 2. Which device you are using to try to ping local network IPs ? 3. Have you enabled "--advertise-routes=192.168.X.0/24" during first Tailscale run and turned on "IPV4 Forwarding" ?

@bluesquadron593 Жыл бұрын

@@MRPtech Hi, followed your guide. So I have it in an lxc. I am getting this message from a remote server with tailscale on it. That server still can't ping anything in 192.168.1.0/24.

@bluesquadron593 Жыл бұрын

@@MRPtech Ok, the solution was that on my other tailscale instances I had to spin down tailscale and bring them up with "tailscale up --accept-routes".

@Montagic 7 ай бұрын

Got this setup and everything connected, but I can't seem to figure out how to get my phone to connect over my data. I think it's working as I'm able to access my VMs from other VLANs like IoT and Guest, but not when I disconnect from wifi. I'm running Arista NG Firewall (untangled) so not sure if maybe that could be blocking things.

@MRPtech 7 ай бұрын

Hi, Have you turned "--advertise-routes" option during initial "tailscale up" setup?

@Montagic 7 ай бұрын

@@MRPtech Fixed it! Turns out it doesn't work if you are using it as an exit node on data. Not sure if that is a bug or feature..still new to how all of this works haha

@kiptanoi4422 4 ай бұрын

Hello, I have a question. I am new to proxmox, container and so on.... I am wondering, If I could run 2 stuff in the same container? I have one container with lxc "turnkey mysql" running And after I watched your video I have one container lxc "Tailscale" running Can I do one single container with both tailscale running and mysql running on it? And how do I do that?

@MRPtech 4 ай бұрын

If you want to have one LXC container with MySQL and Tailscale - i suggest to start with Ubuntu LXC container and install MySQL and Tailscale inside it. For more easier installation process i would go with Ubuntu Server VM.

@kiptanoi4422 4 ай бұрын

@@MRPtech Oh, cool thanks, do I win something in resourses and so on to have one single container that manage small stuff like MySQL and Tailscale in the same container, or do I want separate containers for MySQL and Tailscale running?

@nadpul Жыл бұрын

How to access proxmox and containers using hostname instead of IP? Thank you.

@MRPtech Жыл бұрын

I am using tailscale and its feature called "smart dns" which resolves all my local IPs in to hostnames. Alternative would be to use PiHole and its Local DNS option.

@snailprogrammer7483 8 ай бұрын

Will this allow me to login to the PVE panel (port 8006) to view everything away from my house?

@MRPtech 8 ай бұрын

Yes. As long device you are using to login is connected to same tailscale account as PVE tailscale instance

@meh8995 Жыл бұрын

i followed the guide step by step but the tailscale doesn't work also kindly did u post the following video for the apps u mentioned at the end (remena guacamole?) 13:35

@MRPtech Жыл бұрын

Remmina / Quacamole tutorial will be done. What errors do you get when trying to ping Tailscale IP ?

@meh8995 Жыл бұрын

@@MRPtech i wanna ask you what is a good way to access the OS of pve remotely without opening the panel of it

@meh8995 Жыл бұрын

@@MRPtech I fixed the tailscale, i think XD

@DanielPostma-xn2yr Ай бұрын

Hello, when i tried to ssh into the tailscale vm/ct. I get a erro Permission denied

@MRPtech Ай бұрын

Open your tailscale console via Proxmox and check file /etc/ssh/ssh_config check if line bellow is active (remove # from the start of that line) PasswordAuthentication yes This way you will be able to ssh into Tailscale VM/LXC using username + password.

@wali8976 Жыл бұрын

is there a way to make your proxmox GUI available from anywhere without IPV4 forwarding?

@JesusFranco01 Жыл бұрын

Yes. Cloudflare tunnel is a great way. Use the Applications Access feature to add additional layers of protection.

@meh8995 Жыл бұрын

@@JesusFranco01 any free way?

@JesusFranco01 Жыл бұрын

@@meh8995 cloudflare tunnel has a free tier ;)

@edgecrush3r 11 ай бұрын

Is there any way to tell my connected devices to us a local DNS server?

@MRPtech 10 ай бұрын

You need to install tailscale client on each device and login with same account to use DNS server. In my case i have local DNS server, this server IP is logged inside tailscale dashboard and any device (with tailscale client installed) hits that DNS server first before going to 1.1.1.1

@swubutu 2 ай бұрын

Hi MRP, i'm wondering if you are going to create a Tutorial Regarding Headscale ;)

@MRPtech 2 ай бұрын

I have already started to mess around with Headscale ... will see where this will take me ;)

@swubutu 2 ай бұрын

@@MRPtech I'm sure you going to fix this ... i'm messing around aswel but for some ReasonS, every time a new error pops up during setup :D

@heromasum Ай бұрын

Where's the remotely access proxmox server and container/lxc video?

@dominick253 10 ай бұрын

I tried it inside an lxc container and it threw kernel header errors. Switched to a vm and it works just fine 🙂

@MRPtech 10 ай бұрын

Error you where getting could be because LXC container was Unprivileged.

@sonny8085 3 ай бұрын

Why don't you just install Tailscale straight onto the Proxmox host?, instead of the need to create an LXC/VM?

@MRPtech 3 ай бұрын

When i started to mess around with Proxmox, i used to install a lot of stuff directly to Proxmox HOST. And one day Proxmox stopped working. Was it because i installed other stuff on the HOST or something else ... don't know. Now i follow a rule - do not install anything on Proxmox HOST unless o have no other option. For example Zabbix - i had to install Zabbix agent on Proxmox host to monitor each node, for Tailscale - there is no extra benefits to have tailscale inside proxmox host compared to LXC.

@mihleo6391 Жыл бұрын

Why dont you just use wireguard?

@MRPtech Жыл бұрын

1. With Wireguard for some reason i get slower speed connecting to server from outside home network. With tailscale i get close to full speed 2. Tailscale is based on wireguard so technically i am using wireguard.

@petermarin 8 ай бұрын

why did you uncomment the permit root access part?

@MRPtech 8 ай бұрын

Because i want to give SSH access to ROOT user. If i leave that commented, root user can't connect via SSH, only normal users will. This is not recommenced. If someone will guess root password and gain access via SSH, they will have access to entire system. I done it just out of convenience and not necessity

@petermarin 8 ай бұрын

@@MRPtech I appreciate the reply!! Can you show us the alternative that’s more secure? (New to this)

@MRPtech 8 ай бұрын

Instead of using root you can login with normal user. If you don't have a user created: first - login as user and type adduser Finish setting this up, next you need to add user to SUDO group, command: usermod -aG sudo On next fresh USER login SUDO will be activated. Now you can SSH with user instead of ROOT. Suggestion - create SSH keys for better security.

@user-lb6tw7zw8w 3 ай бұрын

good video but you didn't sht up for 1 second thruout the video... wish you took short breaks

@MRPtech 3 ай бұрын

Agree. This one was more like speedrun

@BeNtOoOoOo 6 күн бұрын

Why not just run Wireguard without tailscale, i don't get why would people add an extra layer when wireguard works wonders.

@MRPtech 6 күн бұрын

wireguard make connection and that is it Tailscale add sooooo much moooore to just making a connection.

@BeNtOoOoOo 6 күн бұрын

@@MRPtech it doesn't make a "connection" it makes a tunnel and a virtual network between the server and one or several clients. It also can route traffic from and to the LAN. So i really don't get what else tailscale can do...

@BeNtOoOoOo 6 күн бұрын

@@MRPtech also, wireguard is 100% private, yours, non internet or outside dependant. Everything i need to my wireguard to work is my own wireguard server... Nothing else. Is it ease of use? I can't see other reason really.

@MRPtech 6 күн бұрын

Can wireguard: a) allow me to connect to wireguard nodes via SSH using browser? b) allow me to expose service to a public via tunnel? c) give me split DNS feature? d) provide me with custome domain? for example ibis-galaxy.net ? e) provide me an easy way to setup ASL rules?

@BeNtOoOoOo 6 күн бұрын

@@MRPtech I don't think you understand how it works really... Wireguard it's a VPN, same as tailgate. ASL rules, split DNS and all you mentioned are handled by the server at your home. It just routes traffic to the tunnel, what you do with that traffic is up tou you... You want to split DNS? Then you just have to config it as such... You can do anything you want as if the client was in LAN, that's the point. You basicaly deal with wireguard trafic as you would deal with a VLAN. So yes... You can do all that and more, depends on your setup.