If you aren't managing your keys, someone else is. - Steve Gibson
@mrxmry32642 жыл бұрын
What could possibly go wrong? - Steve Gibson. trust no-one. - Steve Gibson.
@cillian_scott Жыл бұрын
@@totallynotgad damn, good to know. Thanks
@jerromerro9405 Жыл бұрын
you have to change your password anyway either before or after a hack -Michael Jackson
@frishgee707 Жыл бұрын
not your keys, not your cheese
@cjramseyer Жыл бұрын
@jerromerro9405 you need to be using more than just a password
@dougbas3980 Жыл бұрын
I am not an IT professional and I am not a beginner. You managed to use just the right level to be perfect for me. I just loaded Tailscale on 5 of my devices and working up the nerve to add it to my Terramaster NAS (scary 😮) if I mess up my 11 TB data store. I just heard about Tailscale two weeks ago. I do home automation with several small Linux machines (Raspberry PIs and Inovato, Quadra). It appears Tailscale will fix a lot of holes in my system. THANK YOU
@designer.3468 ай бұрын
Are you still using Tailscale? I wanna access to a SMB server remotely and safely
@leonardo.schwider2 жыл бұрын
Great video! This was definitely much easier and smoother than other previous attempts. Seems like Tailscale just works. Thanks for sharing this, Christian.
@christianlempa2 жыл бұрын
Np! Glad you liked the video 😀
@Excited-IT-Architect3 жыл бұрын
Hi Christian, another great video! Please continue with more detailed related stuff like MagicDNS etc. - thanks.
@christianlempa3 жыл бұрын
Thank you 😊, great suggestion!
@fretbuzzly Жыл бұрын
Unfortunately it's hard to hear you with the ridiculous music playing. Aside from that, how is this easier than setting up PiVPN? Install PiVPN, connect to PiVPN, access everything on your network. No need to manually setup individual devices/nodes as you seem to have to do with Tailscale. By comparison Tailscale seems incredibly laborious.
@Tibadude Жыл бұрын
Exactly!
@niallthebomb3 жыл бұрын
Great video Christian. From a security perspective it sounds like a hackers dream....compromise one node and have secure access to all the other nodes. I can see the use case for it for homelabs and remote access where you know each node is safe but from a business perspective I don't think it's a good idea. At least with the traditional VPN gateway you can implement 2FA and make sure it is enforced. Keep up the the good work.
@mahmoudshihab3 жыл бұрын
I was thinking that if you’re account is compromised, then you’ve got a real nightmare on your hand, but for a local set up, it should be fine, no?
@obijan423 жыл бұрын
If you compromise a node that is running a VPN.... its EXACTLY the same. Also: Tailscale support auth via 2FA.
@rogerthomas3683 жыл бұрын
One key thing is that you can configure the access rights each node (or group of nodes) has to other nodes - so you can easily remove the default configuration of all nodes being able to access all other nodes. This allows you to set up a configuration where staff with 2FA logins can access all or some of the deployed systems all from a single config file, which is pushed out to all the managed nodes.
@jirehla-ab1671 Жыл бұрын
@@rogerthomas368 how do i setup 2FA on it?
@DjTonioRoffo Жыл бұрын
You can, and should, use ACLs with tailscale. You can go very fine grained with this. As for ID management, there is 2FA on azure, google... I don't see your point.
@Paskalion Жыл бұрын
I used to use Hamachi, Teamviewer, Zerotier One, and Twingate to connect between my home PC and office PC. None of that can beat Tailscale. Its just works. And very low ping. Which is important because I connect mainly using VNC (windows to windows). Tailscale really solve my connection issue.
@TheMaevian10 ай бұрын
Why would you hurt ourselves with VNC on a Windows to Windows setup? Just use RDP
@Paskalion10 ай бұрын
@@TheMaevian rdp fails at scaling.. and compressing 🤣
@jayp9158 Жыл бұрын
Every now and then Wireguard gives me some headaches. After this tutorial I fell in love with Tailscale. Thank you very much Christian, you are great!
@chrisj.26119 күн бұрын
Seriously, dude. I was watching so many videos lately about remote access/vpn to connect to my RPi Jellyin from outside of my network and NOTHING worked. YOURS though was easy as f**k ^___^ Cheers man. Looking forward to access my library now on holidays ;)
@christianlempa9 күн бұрын
Haha nice! :D glad it was helpful
@michaelbishton94393 жыл бұрын
How do you know who, or what community, is behind Tail scale that makes it "safe?"
@bennylloyd-willner96672 жыл бұрын
Yeah, that "magical fix-all" doesn't shout "Secure!" to me. I think I'll try the hard way, seems to get more control of what actually happens. Thank Christian for an interesting video tho!
@emsicz11 ай бұрын
This just sounds like security disaster with extra steps. There is no way anybody is connecting to any of my local machines without punching through NAT first. This video fails to explain how this “magic” is done, and the way it works is Tailscale runs relay nodes that help establish direct connections through P2P and in case where direct is not possible, your data flows through a remote node. The machines behind NAT that you are connecting to reverse the flow of traffic by basically asking the remote server what to send over, which is the “magic” we see. This is all encrypted, but it’s basically trust me bro guarantee since neither tailscale client or server parts are fully open source. So 1) you’re supposed to run third party app on all of your infra that has access everywhere and isn’t even open source and 2) it all communicates using key pairs you can’t manage and the parts of code that make them and use them are not 100% open source either.
@JamesHoffmannLover3 ай бұрын
It's really funny that you think tailscale is a "security disaster". Maybe try to understand it first before blindly attacking it 👍
@emsicz3 ай бұрын
I keep getting replies to this about how "i should read how it works." I know how it works, you don't. Tailscale is a security disaster with extra steps and this will remain true until all of it is made open source. Noone sane deploys this bag of cats on a network they need to trust.
@maxxmahh3 жыл бұрын
Looks cool, but you do give up a lot on your security and have to trust them not to mess up and not to collaborate with any government, or is it open source and you could also run your own private master server? (obviously this doesn't guarantee much, but still....)
@christianlempa3 жыл бұрын
You can't run your own tailscale server, it's all based on the service. However, it's not like you would send any traffic to their servers and the private keys never leave your devices.
@stefcontact80873 жыл бұрын
well that's the point. I can see why they have this as a service. For poeple who don't care about security, can't host themself a coordinator or are too lazy, but why aren't they giving a Community Edition of the coordinator ?? Just this fact make me suspicious. I use to enjoy your viddo but this time I found wayyyy to enthousiast about a solution that rely on a service held outside of your control. Yes that's sound a great set of techno put together, would I give up the security and privacy of my assets for that ... No way. I think you haven’t been clear enought about that risk in this video. Anyway keep the good stuff, I, usualy like your contents 😊
@christianlempa3 жыл бұрын
Well, maybe it's just me, but I like good managed services and I don't care much whether it is open-source or not, as long is they have a fair and transparent service model. Proprietary software isn't necessarily worse or less secure than open-source, at least in my opinion. I talk quite enthusiastic about it because I really am 😁. However, I understand why some people have a different and stronger stance on privacy and open-source than me, and thats totally fine, I can respect that. Hopefully I always find a way to make interesting videos about services like this, even though you won't use it for security or privacy reason. So thanks for the open and honest feedback, bro!
@TrggrWarning2 жыл бұрын
@@christianlempa I’m new and dumb can’t we have both with a vps?
@ThamiNdlalane3 ай бұрын
How does it compare to Zerotier?
@jeytis723 жыл бұрын
Great job, as always. Thanks Christian.
@helioradial2 жыл бұрын
Thank you Christian, just trying out now to see it, had some problems with Wireguard so I'll try this for now ;)
@Trozpent Жыл бұрын
Frigging nightmare setting up tailscale on MacOS TBQFH. NoMachine is much easier.
@JimNicholsMotorManiaGarage2 жыл бұрын
Just sign in to "Google" or "Microsoft" and it's all automatic. Ummm that's gonna be a big NO for me...
@christianlempa2 жыл бұрын
That's fine 😉
@EE12CSVT8 ай бұрын
Yeah, I had a good laugh when I saw that. Hey BigTech, here's the keys to my LAN, have a good look around.
@jgren404819 күн бұрын
Is tailscale self hosted or does it need (internet) to dial home to the company to work?
@anu10972 жыл бұрын
One thing is causing me trouble. When I installed and started tailscale on my server. My server is able to connect to internet. When I installed on my laptop and mobile. When I am connected to tailscale, I loose internet. How to fix this ? I want to be able to use tailscale to create usable domain names for my servers to share with others. I know tailscale is for private communication. But this seemed possible as well. I read about exit nodes tried to configure that as well. But it didnt' work
@bartekkozak1 Жыл бұрын
Hi, does anybody know how to install SSL certs on nextcloud with Tailscale? I have enabled SSLon Admin panel and I have generated crt and key file by tailscale, What should be further steps? I have nextcloud hosted on LXC Container on Proxmox, installed by snap.
@BigMoney232238 ай бұрын
When I try mounting my Synology shares to my desktop “connect to server” on my Mac, it asks for a password. Every password I’ve tried associated with my NAS doesn’t work. Which password do I need?
@mambo7668 Жыл бұрын
giving all your vpn keys to a third party is the worst thing you can do in a self-hosting environment
@farhanadil11252 жыл бұрын
From the security perspective, I don't think that its a doable solution for corporate networks. What we should focus on is a data protection rather than bring ease in life. Though, it is good for people who aren't concerned about the security and use it for home-network to home-network connectivity. By enabling the mesh network between the servers and the clients as every node that is added on Tailscale account can access each other which again leaves me a big question mark on what if 1 client machine got compromised. Whoaa!!! A disaster will occur as accessing all other nodes which could be either be a server or another work station can be accessed by the Hacker. By having the VPN server, we manage the keys and exchange algorithms at our own end instead of leaving it on some third party network. Anyways I like the way you described it but it is always better to notify the vulnerabilities associated with the solution.
@deathmastersnikch4365 Жыл бұрын
You can limit the nodes other nodes can connect to in tailscale. You could also ask for additional passwords on important nodes. I agree that the most secure way to host a vpn is by managing your own server. But i think the main issue for tailscale is that the admin hub is too out in the open.
@fuba44 Жыл бұрын
Would love a video on the built-in DNS functionally. Also could I buy a vps on DO and have it ONLY be accessible via tailscale, and what about Docker containers, can i have Those only on tailscale?
@TrevorMatthews Жыл бұрын
Very cool. This was my introduction to Tailscale and I’m impressed. I’m going to give it a try. However one of the Mail reasons I’ve gotten into home lab stuff is reducing the dependency on others. Based on subscription details looks like your still dependent on tailscale the company. Is there any way to fully self host the solution?
@TrevorMatthews Жыл бұрын
Headscale. Found it further down. Thanks I’ll take a look at it also
@christianlempa Жыл бұрын
Haven't tried it myself, but I'm sure it's great!
@tyblue43599 ай бұрын
Is it possible to set up a site-to-site VPN between two routers that have Tailscale already pre-installed?
@yurkshirelad11 ай бұрын
My apple phone already uses a VPN for nextdns, so I assume I couldn't use tailscale at the same time?
@S.M.A.Batista2 жыл бұрын
OMG!! I love this!!! Great video.
@christianlempa2 жыл бұрын
Thanks mate!
@eaglefn49183 жыл бұрын
Do you really think this is a good idea from security point of view. You have to install on every client a “trojan” that connects you to a “service” in the US. Of course, it is easy to setup, no question, but as an it professional, like you always claim - who controls this network? This service has two sides of the same coin. You just mentioned the easy usage, but have forgotten the security aspect. What’s wrong with the “IT world”? Don’t you think about security anymore? I’m just waiting for the news… “Tailgate VPN hacked because of …”
@christianlempa3 жыл бұрын
It's important to talk about security, however comparing a managed VPN service with a "trojan" is a bit out of place, come on.. :) However, it's a valid concern you have and of course nobody forces you to use a service like tailscale, you can always manage VPNs yourself. The fundamental misconception is that most people see a VPN as a "security" barrier to get access to a network. This is in my opinion a outdated security concept and should be replaced with Zero Trust Networking concepts. Means, you should never trust a client just because it's part of a VPN network. I see tailscale more as a managed connection but not as a security barrier. All devices inside the VPN should be treated the same like external devices. I'll make a video about this in the near future, because I think that needs further explanation and a dedicated video! Anyway, thanks for your input.
@helloworld9633 жыл бұрын
Wireguard is funded by the US Government under the Open Technology Fund. They also funded a few more so called "privacy" projects such as Signal messenger. Remember the Crypto AG and ANØM cases. US Government is already known for creating fake privacy tools. Even the most used cryptography algorithms are funded by NSA/CIA.
@michelangelop39233 жыл бұрын
@@helloworld963 yes, because they need it too, also, onion routing was created by US navy and needed extra traffic to hide their own traffic, and now we have tor, you can do what ever you want and the US navy can't do anything to stop you, considering you are careful to protect your identity with best practices
@Crazy--Clown3 жыл бұрын
Be careful, a hacker is already on to it Lol
@obijan423 жыл бұрын
Challenge: Every time a vuln is found in Tailscale, I do a shot. Every time a major VPN provider has a critical CVE, YOU do a shot. Deal? Just kidding, I don't want to be kicked off of KZbin for encouraging alcoholism and suicide.
@benjaminritter42092 жыл бұрын
What about SIP Phones, like Yealink? Got a local Telephone System on one Location, and Phones on 3 other Locations. Actuall we Use Sophos Firewalls that are connected together.
@Widur427 ай бұрын
Where is the catch? Seriously, if it sounds too good to be true, it usually is. What are the downsides, for example compared to setting a wireguard vpn yourself manually?
@jonas99g2 жыл бұрын
Thanks for this video. I struggled with zerotier to setup my server as standard route for DNS and as VPN. And in tailscale it just needs a toggle of the button exit node 😯 Seems easier and better documented. Going to try it and finish my setup.
@christianlempa2 жыл бұрын
Oh I'm glad to hear it ;) Thanks
@greatestmanever3373 Жыл бұрын
Can i ask you im from algeria im using wireguard to bypass restriction and free internet but there much bugs in morning is there solution for that ?
@AlessioGianfrate2 жыл бұрын
Hi Christian, Another great video. 2 quick questions. 1) Which are the differences between Tailscale and ZeroTier? 2) With Tailscle am I able to get on all machine the same public IP (as would be with a "normal" VPN)? Thanks
@christianlempa2 жыл бұрын
1.) Tailscale and ZeroTier have two different network protocols underneath. I like the WireGuard implementation a lot, so Tailscale is my favorite :) And they have a pretty smart implementation of the network stack. 2.) You can assign one peer as a "gateway", this will route all traffic from the clients through it.
@AlessioGianfrate2 жыл бұрын
@@christianlempa Thank you for your answer. Not considering the easier way to configure Tailscale over WG.... What do you think is better....Wireguard in a docker container or Tailscale?
@darkerbright2 жыл бұрын
I'd love to see the follow up video about Magic DNS. If you happen to have a qnap NAS I'd love to see a user friendly Video on how to get tailscale up and running. Cheers and keep up the great work.
@philippaps44 Жыл бұрын
what if you want to give access to someone else? does he have to login into tailscale with your credentials? for example google username and password
@Dr.Charron Жыл бұрын
I am a hobbyist. You did a great job with the video; however, I am on Truenas Scale, and there is no drop-down menu for it. I attached my machine, downloaded the app, and set it up with the AUTH code. I am lost from here. Can you help?
@ziggi22723 жыл бұрын
Hi, thank you for your videos. I am just curious to know how does it compare to Zerotier, in term of privacy and security?
@christianlempa3 жыл бұрын
I haven't done a comparison, yet. However I think that the architecture of tailscale is pretty good. Of course it is a hosted service where you need a google/m$ or github account so you need to give some trust to these companies. However, for the security side the wireguard protocol is pretty solid and the privatekeys are never shared with tailscale. So technically they are able to redirect your traffic but not able to decrypt it, which is a nice option. I know that zerotier offers a self-hosted solid so in a direct comparison zerotier would win obviously, but that doesn't mean you would need to worry about using tailscale. Hope that helps 😄
@aliihsandonmezer66673 жыл бұрын
If you need Layer 2 connectivity and protocols beyond the IP stack you can run inside Zerotier network cause every zerotier network acts like a Layer 2 Switch , hope it is clear ..
@gmdc58503 жыл бұрын
Question, what if someone gets access to your account (e.g. GitHub auth service)? Or hacks the Tailscale service?
@christianlempa3 жыл бұрын
Well then you are in trouble bro
@gmdc58503 жыл бұрын
In all cases I would recommend 2-factor authentication, but seems someone with access could share a device to their own network and gain access that way. Just something to be aware off..
@christianlempa3 жыл бұрын
Well that's the reason why I said in the video, you can add 2FA to your accounts.
@Rindofmand Жыл бұрын
Im using the tailscale windows 11 but windows 7 its not installing there any solution
@pospitchp34163 жыл бұрын
Thanks, I didn't know about this cool service. More videos like this please.
@christianlempa3 жыл бұрын
Awesome 😁, sure I'll do!
@tagtagx3 жыл бұрын
Love your content man.
@christianlempa3 жыл бұрын
Thank you 😊
@mish2k Жыл бұрын
I did not understand about 13:45, I have a wg server on my vps, the issue is I need that since i have portainer etc but my dorm wifi blocks the wg server port thus I should not-blocked ports and have a lot of different .conf files for every peer.. with tailscale as I understood, he understands that fw or nat is blocking it and ? would just find another port or switch over to tcp? Did i miss something? Thank you very much
@christianlempa Жыл бұрын
If you're running a self-hosted wg server you need to worry about ports, not with tailscale.
@firinggamers3217 Жыл бұрын
whats the difference between zerotier and tailscale both seem to be similar to me
@christianlempa Жыл бұрын
They offer some different features, depending on what you need, you can chose both, they’re good :)
@firinggamers3217 Жыл бұрын
@@christianlempa but would the response time for both would be same?
@5amba Жыл бұрын
that's actually more setup, if you need to install it on every server/device
@thamerrro4234 Жыл бұрын
you can forward entire subnets, if you want to.
@mikekonowaluk17652 жыл бұрын
The one thing that drives me nuts and Im not sure there is a workaround is if other devices are on the same LAN, your device will over travel over Tailscale instead of your Local LAN. I noticed this when using a node as a subnet router. I would guess thats the computer making the decision but there doesnt seem to be a workaround...well from what noticed.
@christianlempa2 жыл бұрын
That shouldn't be the case, if both devices are connected to the same LAN, tailscale will figure out the fastest path between them. I've tested it in my local network and it works pretty well.
@mikekonowaluk17652 жыл бұрын
@@christianlempa Yeah I dont get it. while connected with the windows app, I did some traceroutes and it takes the tailscale path everytime. I mentioned this to support and they said its somewhat expected behaviour but will look into see what they can do. Iv seen a number of posts with the issue. There is kind of a work around but doesn't always work which is make the advertised subnet one mask less so if my LAN is /24 mark it as /23. Dont think it works for Linux though.
@nitinkumar292 жыл бұрын
I'm still concerned about data security and data compromise resulting from relying on some company. Large company may have resources to build a infrastructure themselves and for small firm, it is still possible to configure the machines keys and exchanging them, because not all node need to connect to every other nodes anyhow.
@jaysinps2 жыл бұрын
look at headscale
@vikneshmr3 жыл бұрын
TailScale is good but do you have any idea about any similar open source projects coming up that can be running in the private server..
@sundwitzi9225 Жыл бұрын
I had a look on netmaker. But the licence confuses me. Seems not to be 100% foss...
@DanZimmerli2 жыл бұрын
Thank you for this video and the tip on an easy VPN solution!
@christianlempa2 жыл бұрын
You're welcome!
@rmclock2 жыл бұрын
thanks I learned something new
@christianlempa2 жыл бұрын
Glad to hear it!
@cyranoburleson42405 ай бұрын
How secure is this, because your data is still being sent through Tailscale's network right?
@christianlempa5 ай бұрын
No, the traffic is sent between the endpoints
@hemanthKumar-gj6dq3 жыл бұрын
please explain how to set up subnets and exit nodes in the tail scale
@christianlempa3 жыл бұрын
Maybe I make a second video about this stuff at some point, but no plans in the near future.
@aliihsandonmezer66673 жыл бұрын
exit nodes run only on Linux clients , you should activate IP forwarding and then run tailscale up --exit node and login to the portal and check the Linux node and go to the subnet routing and enable exit node on the portal , all other clients will be able to see it as exit node and when you click on windows or mac clients to use exit node , all traffic will go through your exit node.
@baseptr3 ай бұрын
This is really cool. I could RDP directly two Windows PCs behind a NAT. This kicks TeamViewer or anyDesk ass out :D I wish we had a selfhost option.
@whyareyoulookingatthislol2 ай бұрын
Headscale ig?
@Jorric2 жыл бұрын
Thanks for the explanation, but I'm still confused as to the purpose of tailscale. I understand it's a VPN so communication between two machines is secure, but what's the connection able to do? Can I use it on machine 1 to view a remote desktop of a second machine? or am I limited to just seeing the terminal of the second machine on the first. Would this be able to send files pictures from my phone to my pc without having to deal with a wired connection? Any insight would help a lot!
@christianlempa2 жыл бұрын
The use case is to connect two or more machines that are located in different physical locations over a secure tunnel, just like would be on the same local network
@ifodaniell6 ай бұрын
It sounds like Tailscale is very similar to NordVPN's Meshnet using WireGuard.
@edd6169 Жыл бұрын
Hi, is Plex server can be run on Tailscale?
@no101no Жыл бұрын
i Set up TailScale because my ipv6 and ipv4 change from Orange Fai in France. Difficult to have your own firewall in France at home. So Tailscale is not bad for this kind of solution coupled with Adguard-Home with some configurations to tls-dns, I use it to use as a vpn with an outgoing at home when I am remote or need access to a file on my local nas. It can also be useful for doing a lan to lan for online video games. After security question it is a problem to solve between the chair and the keyboard.
@ierosgr3 жыл бұрын
When the free plan mentions one user, what exactly does that mean? For instance I care to have our employees connectr outsite the corp environment to the dc serv who has a very special crm program running from a folder (no client installation or anything) i am trying to figure out what exactly do I need to make this work. By saying work I mean 20-25 people outside office to be able to connect to the crm program after initiating a connection via tailscale. Do I need a price plan with as many users connecting (from their different machines) or jsut one user to set all that up?
@christianlempa3 жыл бұрын
If you want to manage all machines with 1 user account, that's totally fine. But if you'd want to add additonal users who can all manage their own machines and infrastructure they you need to upgrade a license. But you could technically just use 1 user for management.
@ierosgr3 жыл бұрын
@@christianlempa Thank you for your quick reply, but I can t even start it ... I have a weird error whicj cant troubleshoot anywhere
@coletraintechgames2932 Жыл бұрын
Has the "L" always been missing from the "Digital Life" sign?
@coletraintechgames2932 Жыл бұрын
It's back at the end of the video!
@fourex592 жыл бұрын
Thank you for your video. How would you best transfer files from one computer (node) to another if you were using a Mac to Mac or windows to windows? Also how could you do a “VNC” connection to control another computer through Tailscale? Would you please do a video on that?
@christianlempa2 жыл бұрын
You might check out "Taildrop" a beta feature in Tailscale to send/receive files over Tailscale, might be useful. For the VNC part, you can just connect to the devices using the tailscale internal IP address. Hope that helps ;)
@Paul-kp8pu2 жыл бұрын
Hello, with this video do you hide your ip adress using a vpn or you create a vpn at your ip adress?
@christianlempa2 жыл бұрын
Haven't though about hiding my IP... why?
@payambakhshi1498 Жыл бұрын
Do you have any video on how to use it as a Internet gateway (Exit node) to use it as a VPN for all traffic? thanks
@christianlempa Жыл бұрын
Not yet, maybe that’s coming next year but I won’t promise anything
@payambakhshi1498 Жыл бұрын
@@christianlempa I really need to find some info on Exit Node, can't find it anywhere, maybe you can shed some light on that :) tnx
@user-mfsc-2024 Жыл бұрын
could i setup my own Tailscale server instead of using their server
@christianlempa Жыл бұрын
There is an unofficial project called headscale
@jameshaugen98082 жыл бұрын
Hello can you help me set this up ? We can use team viewer and I pay with Bitcoin
@matid8453 Жыл бұрын
OMG thanks it really work good and install proces was easier than changeing light bulb
@christianlempa Жыл бұрын
Thank's! I'm glad it helped :)
@Glatze6033 жыл бұрын
Hi Christian, thanks for making a video about tailscale :-) Tailscale is one of the best and intuitive tools, I have seen since years! It never was so easy to use VPN and not only between two devices, but between many devices - with static ip-addresses for every device :-) Normaly, every device can connect to each other device that is connected with the same authentication-account, but you can limit access (for devices and protocols) with access rules very easyly on the tailscale-dashboard, too - that's fantastic! With a smartphone it is easy to be "always on", so secure connections to all my machines from everywhere. For my opinion tailscale is a real revolution! Thanks a lot for your video and please more such holy shit stuff :-)
@christianlempa3 жыл бұрын
Haha thank you so much for the nice feedback! 🥰
@hoerabristowe68693 жыл бұрын
Thanks man very interesting
@christianlempa3 жыл бұрын
You're welcome
@staygolden9264 Жыл бұрын
Your English is Good i didnt know you were German until you mentioned it. Thought you were from Minnesota lol
@matzzz1234562 жыл бұрын
Hi there, which terminal application are you using? Looks way cooler than my putty
@christianlempa2 жыл бұрын
I'm using Windows Terminal and use WSL2, I've documented most of my setup in this video: kzbin.info/www/bejne/pXeZmH-vnbZ3mtk
@yagoa Жыл бұрын
I am getting 10-400ms ping over my local network? any tips how to fix this on MacOS?
@christianlempa Жыл бұрын
Well that’s hard without any info xD maybe check out our discord
@yagoa Жыл бұрын
Thank you @@christianlempa! it resolved itself today, so it would now be impossible :) More content on neat tricks using Tailscale would awesome btw!
@christianlempa Жыл бұрын
@@yagoa Well done! :)
@---GOD---2 жыл бұрын
"It just magically works" No, it works by having two separate tunnels using their servers as a relay. Privacy and security nightmare. If you need to connect to your own networks then you need to use your own VPN. Why on earth would you give some third-party encrypted access to your network devices??? Literally paying for MITM snooping.
@christianlempa2 жыл бұрын
No that's totally wrong. I can just recommend to read their technical whitepaper (or just watch my video again). I clearly describes how the authentication, key exchange, and traffic is handled.
@---GOD---2 жыл бұрын
@@christianlempa sure as long as you believe what they say about their relay servers and trust them enough. Unless you can control the coordination server yourself, Tailscale can always authenticate any other devices onto your network. It's like using iCloud Private Relay or CloudFlare's private DNS proxy. You just have to trust that they're doing the right thing and "protecting your privacy". Yeah, good luck with that. I only trust myself. I'll stick to running my own WireGuard service 👍
@domenicoragosta26902 жыл бұрын
Thanks for the video Chris. What' s the difference with zerotier?
@christianlempa2 жыл бұрын
Thanks mate, zerotier uses a different VPN protocol as far as I know
@KunouJS Жыл бұрын
I'd like to know if this is better than using CloudFlare tunnels...hmm...
@christianlempa Жыл бұрын
It's a different solution, depends on what you're aiming to do
@dimitristsoutsouras27123 жыл бұрын
Does the user running the service needs to be admin? Because that was the case with wireguard
@christianlempa3 жыл бұрын
It needs to run with sudo, yes
@streambarhoum4464 Жыл бұрын
is there a self hosted alteranative to cloudflare ?
@catchnkill Жыл бұрын
Gcore?
@streambarhoum4464 Жыл бұрын
@@catchnkill Sorry i mean is there a self hosted DIY CDN running in a self Content delivery system?? An on-premises solution running in our own servers to avoid cloudflare tracking and for full privacy and control??
@andrewgriffiths97993 жыл бұрын
Please go into the DNS in another video, interested to discover more about how it works
@christianlempa3 жыл бұрын
Good suggestions, I'll take a look at it bro ;)
@moneydozen3 жыл бұрын
Awesome video! Please tell us more about the Magic DNS and how to set it up.
@christianlempa3 жыл бұрын
Thanks mate! I'll take a look at it :)
@joelvergis Жыл бұрын
Hi! Great video! What SSH Client do you use? Need one that can save logins, open mutiple tabs, and FREE :)
@brierepooc8987 Жыл бұрын
Mobaxterm
@nicky-ox4dc10 ай бұрын
Hey, awesome vid, mate! Can you help me with something? I'm using a TrueNAS Server that's located on my home network and I want to acess it remotely, I tried to use OPEN VPN but for some reason it isnt working as I wanted... So, do you think Tailscale can help me?
@scottkorber4 ай бұрын
For everyone who doesn't like the idea of this being managed by a 3rd party, they now have a self hosted option called headscale.
@marcosscriven2 жыл бұрын
What terminal emulator are you using there in Windows please?
@christianlempa2 жыл бұрын
Windows Terminal
@realcs13 жыл бұрын
Hi there ! If I install Tailscale on a Romanian Ubuntu Server, it’s mean that all my connnected devices will have Romanian IP ?
@christianlempa3 жыл бұрын
Not by default. You could use a node as a gateway though, enabling it in the admin panel.
@realcs13 жыл бұрын
@@christianlempa lovely’s 💪
@goonie793 жыл бұрын
Very easy install, having trouble on how to send magic packet via tailscale, where my powered-off pc still doesn't get the packet.
@christianlempa3 жыл бұрын
Thanks mate :) tailscale and wireguard operates is a layer3 VPN, magic packet is layer2, so it's not possible this way, unfortunately.
@aliihsandonmezer66673 жыл бұрын
@@christianlempa Zerotier is Layer 2 switch so you can send magic packet but you have to check ZT knowledgebase how to do it.
@Bharath_Murugan3 жыл бұрын
Can you please make a video on setting up Headscale
@christianlempa3 жыл бұрын
Not sure right now, I may take a look but don't know if it's really worth the effort to be honest :/
@nnekdmejeke1202 жыл бұрын
@@christianlempa self hosting with headscale is definitely something that would be interesting because it removes two problems, 1)removing a untrusted company from having the keys, etc. to your network as a possible point of vulnerability 2) cost factor for people that want more than 20 devices or 1 account for their setups. Besides aren't you the host all the things in your own lab for learning purposes guy? I would say why not try?
@jareeq2 жыл бұрын
Sorry man but any vpn service (and not per-per) is actually 'man in the middle' and is literally not secure - it is as secure as tailscale metadata storage. But yea - it is simple.
@christianlempa2 жыл бұрын
I am not convinced that's a fair comparison. A 'man in the middle' would mean that the VPN service intercepts and decrypts the actual traffic itself, which is not the case when using tailscale.
@jareeq2 жыл бұрын
@@christianlempa App is on your devices and it know your metadata, according to documentation app generate keys including node and machine private keys - is it something more to needed to create another tunnel ? :-). Yep i know - 'private key never, ever leaves its node', and 'our code is public accessible'. Basically with tailscale you need to trust your doorman that he will not give your key to someone else. Straight wireguard does not need doorman on both sides - it is more secure that way.
@metamask0x7 ай бұрын
Great tutorial! Can you explain how to VNC to a VPS that is connected to Wireguard ?
@christianlempa7 ай бұрын
Thank you! :) It's pretty simple, you set up the VNC just like you would do on a local network, let us know on discord if you have any questions
@jirehla-ab16715 ай бұрын
@@christianlempalets say yur in a company network & yur device is in a subnet vLAN that has no public internet acess & u want to connect to another device in another subnet vLAN within the company network, would tailescale work on this too?
@easttrades3 жыл бұрын
hi Christian can u make video how to connect tailscale wsl2 work.
@christianlempa3 жыл бұрын
I think there is not much you need to do, just install the tailscale on the Windows machine. Your WSL should have access to the same network as well.
@easttrades3 жыл бұрын
@@christianlempa when i sudo tailscale up, this message appear "failed to connect to local tailscaled; it doesn't appear to be running (sudo systemctl start tailscaled ?)"
@TrggrWarning2 жыл бұрын
MOAR!
@Sn0wiss Жыл бұрын
Sounds good, but you become dependent on the fact that Tailscale services stay up.
@evkonoff3 жыл бұрын
What program do you use for ssh?
@christianlempa3 жыл бұрын
Just the normal ssh client in the terminal
@TheKillerJin Жыл бұрын
Oh the video on mdns would be great
@joeyp9782 жыл бұрын
Where is magic dns video
@christianlempa2 жыл бұрын
Still no time for it :( sorry mate
@joeyp9782 жыл бұрын
@@christianlempa it happens! No probs!
@benjaminpadilla9415 Жыл бұрын
Just awesome
@TechTarifAhmad Жыл бұрын
thnsk sir amazing easyl to understand
@christianlempa Жыл бұрын
Thx!
@Crazy--Clown3 жыл бұрын
Thnx Fritz
@iceman13462 жыл бұрын
Thanks so much for your videos ! Could you post a Netmaker tutorial, possibly with NPM? Thanks Keep up the good work
@christianlempa2 жыл бұрын
thank you! netmaker would be something way down my priority list, sorry :(
@iceman13462 жыл бұрын
@@christianlempa no worries. thanks for the reply. ill keep an eye open for a tutorial on this. i look forward to your next informative video
@themadmaximo3 жыл бұрын
Is it possible to tunnel internet through one of the peers?
@samuelfoldi44163 жыл бұрын
Yes, it is possible on peers running linux/windows, to configure them as an "exit node".
@demifiend93 жыл бұрын
@@samuelfoldi4416 windows isn't supported as an exit node, only linux.
@aliihsandonmezer66673 жыл бұрын
@@samuelfoldi4416 Only Linux supported as exit node for now , Mac will be the next OS then Windows.
@mjahangir786 Жыл бұрын
Talking of simplicity how about pivpn ?
@FrancescoCarucci2 жыл бұрын
Cool video! What prompt do you use?
@EE12CSVT8 ай бұрын
What a crock of... waste of time. Install Wireguard with the config on each remote device that needs access, configure the router, and bingo. Job done. Create any necessary rules to block the remote device from anything it doesn't need on the LAN, and job done again. Easy peasy.
@Nagashitw2 жыл бұрын
Is there any self-hosted alternative to tailscale?
@christianlempa2 жыл бұрын
There is a third-party implementation of the tailscale backend API, called "headscale". I haven't used it, yet, but you might check it out.
@Nagashitw2 жыл бұрын
@@christianlempa thanks for the heads up. I will check it out