Tailscale VPN - WireGuard was never so easy!
Published June 1, 2023, 11:20 p.m. by Monica Louis
tailscale VPN - WireGuard was never so easy as this Zero Config VPN service! It magically connects all your servers, laptops, and phones to your own virtual private network. I'll walk you through the setup and let's explore how the network protocol works. #tailscale #WireGuard #VPN
tailscale: https://tailscale.com
Documentation: https://tailscale.com/blog/how-tailscale-works/
Vagrant: https://www.youtube.com/watch?v=sr9pUpSAexE
Setup your own WireGuard Server: https://www.youtube.com/watch?v=GZRTnP4lyuo
Follow me:
TWITTER: https://twitter.com/christianlempa
INSTAGRAM: https://instagram.com/christianlempa
DISCORD: https://discord.gg/christian-lempa-s-tech-community-702179729767268433
GITHUB: https://github.com/christianlempa
PATREON: https://www.patreon.com/christianlempa
MY EQUIPMENT: https://kit.co/christianlempa
Timestamps:
00:00 - Introduction
00:35 - What is tailscale?
02:30 - How to use tailscale
06:25 - Install tailscale on Linux
08:35 - How efficient is tailscale?
09:34 - How it works under the hood
14:25 - What does it cost?
________________
All links with "*" are affiliate links.
You may also like to read about:
i'm a big fan of the wireguard vpn
protocol because it's fast it's secure
and it's really simple
and i've made several videos in the past
talking about how to set up your own
wireguard vpn server on linux
and docker but what if i can tell you
that you don't need to manage all the
configuration
yourself so you don't need to create ssh
keys you don't need to mess around with
ip addresses
firewalls port forwardings you can just
connect all your machines
and it just magically works this is what
you can do with tail scale
thanks to the people on my discord who
told me that i should take a look at
tate skate that's a pretty cool service
it creates a virtual private network for
all your devices where you just can
connect from anywhere
to any machine that's on the network so
for example you have a home lib server
where you just want to connect to or a
cloud server in a data center or maybe
you are in a hotel with your laptop in
your mobile phone
and you want all these machines
automatically directly connected to each
other
and you don't want to mess around with
any private or public ip addresses any
portfolios or authentication stuff
where in a hotel you probably even don't
have access to so this is exactly where
tail scale fits in so tail scale is what
we call a zero config vpn so it's based
on the wire guard vpn protocol which is
really secure
fast and really simple and it manages
everything for you so it manages the
creation of
private and public ssh keepers it
manages the authentication and even the
network configuration
so it's also able to connect through not
firewalls you usually would need to
manage and create portfolios too
so that sounds really really amazing and
to be honest guys i'm pretty excited
about this because
in it or vpn technologies we have things
like
ssl or ipsec that are existing for
decades and there was literally no real
innovation or changes happening there in
the last past years
for a network security guy like me who
is working in the ig industry over 10
years now i've seen many vpn
configurations and troubleshooted
a lot of different customer scenarios
where it can get
a really complex mess to troubleshoot
all the stuff
and it's really interesting to see that
there are modern innovative services
raising up just like wire guard and tail
scale that can manage and simplify
all these processes for us and yeah it's
it's kind of hard to believe that there
is a service existing that does
all this complicated technology stuff
and it just
magically works but yeah it is really
true it's really that simple and of
course i want to show it to you
to get started with tailscale just go to
the official homepage i've put your link
in the description down below
and there you will get some nice
information about the service and how to
use it
so as discussed it is a secure network
that just
works and this works with the zero
config vpn that installs on any device
it manages fiber routes for you and it
works from anywhere so that sounds
pretty cool
let's also try to find out what is
actually different in tail scale
compared to other vpn networks
and there's a very nice demonstration or
nice diagram that explains
some of the architecture so this is how
we would traditionally deploy
vpn connections within any network so
you are here and you want to connect to
any
network where there is a file server or
other devices located and you usually
establish a connection
from your client to a vpn gateway
and from there it probably connects to
another jump host through
another tunnel or a subnet and you can
see
even in small or medium-sized companies
it get really really hard to manage all
this infrastructure and to
manage all the configuration on all the
clients the authentication
the key exchange the firewall rules and
all this
stuff so now tail scale comes in and it
really tries to simplify that whole
process and the management of vpn
connections so with tailscale
this same topology looks exactly like
this here so you're still
somewhere here and you want to connect
to a file server to another machine
to another server whatever but instead
of just connecting from a client to a
vpn gateway
you are establishing separate wireguard
vpn tunnels
to each individual machine you want to
connect to
and this is what we would call a mesh
network so we will talk about the
architecture later let's first of all
try to get start with that and i will
demonstrate how that works to you
so to use tail scale you just scroll up
and click on get started
and now you need to sign up with one of
these three providers here use a google
account
microsoft or your github account you
need to use one of these three providers
you cannot really sign up with your
email because they probably just don't
want to manage any credentials
instead you just use your already
existing account and you can also
protect that
with two-factor authentication from each
of these services for example so that's
pretty nice
and once you're logged in you see the
dashboard so this is my virtual private
network where all the machines
are connected to my network and you can
see i don't really have
a private ip address range or something
like this
tail scale automatically allocates a
different ip address
for each of your machines that are
connected to your network but you can
also just
ping from this machine here to this ip
address and just all the machines are
connected to each other
in one virtual private network that is
completely isolated for your
account and as described it works and on
any device you can see i have some linux
machines connected here this is my home
server that is in my home
network then i have my android galaxy
phone that is connected i also have my
cloud instance on the digital ocean that
is connected here
and also my windows machine and maybe i
just want to connect from my local
workstation to my cloud instance
securely so i will
just copy this ip address here and first
of all let's try to bring this machine
and you can see it's automatically then
connected you can see there is a
short delay at the first pink packet and
this is because
tail scale will first need to initiate a
new wireguard tunnel
and it's doing some key exchange stuff
so therefore the first connection
attempt may take some more time
but once the connection is established
it's really really fast
so you can also of course use that to
connect to any services that are
now installed on my cloud instance and i
just use this private ip address
where the connection is just secured so
for example i can just
ssh into this machine here and use the
encrypted tunnel to connect to any
machines or whatever
so that's really really cool but let me
also walk you through the creation
process or installing process
if you want to add another machine here
so to add more machines here you simply
just need to install the tail scale
client on all these machines it needs to
run anywhere
but it is really simple just click on
download and you can see you can install
that on mac os you can install that on
your iphone
or your windows machine on any linux
distributions you can see there
a lot of installer guides for any of
these distributions here and of course
also android let's create a new virtual
machine to just
test and try this out and i will just
use vagrant to quickly create a new
virtual machine by the way
if you don't know vagrant that's an
automation framework to
automate the creation and the
provisioning process of
virtual machines that are located on
your local workstations so
it's pretty cool i've made several
tutorials about it so i've put you the
links in the description
down below and our new virtual server is
up and running you can see it just took
one minute and 21 seconds
let's ssh into this machine and let's
install tail scale
so now if we want to install that on
ubuntu let's click on linux and select
the distribution that's
ubuntu 20.04 lts and first of all we
need to add the tail scale repositories
to our package
sources list and then we are able to
install the application
through the apt package manager so let's
paste the commands
and then we need to update our package
resources with an apt
update and after that is done we should
be able to install
tail scale so just copy this command
here install the application
and with the sudo tail scale up you can
start establishing the vpn connection
you can also see it creates a sim link
within the systemd service so
the vbn connection is also automatically
restarted once you reboot your server
and when you connect it first of all you
need to go to this link here
and authenticate with your tailscale
account so once you sign
in you can just close this window and if
we go back to the terminal we can see
that there is a success
so now how can we test if the vpn
connection is really established
you can also use the tail scale command
to do that so for example just
enter tail scale status and then you can
see you are
now connected to all these different
servers and if you try to ping one for
example let's just try to ping
my home server for example you should
see that the connection is already
established
and one thing that is pretty interesting
if you compare the latency between
the connection to my cloud instance and
to
any machine on my local network where
this virtual machine is already created
you can see that
the latency is very very low and that's
pretty impressive because the tail scale
is smart enough to determine
the most efficient and the fastest path
to the destination host that you want to
connect to
so it's not just one network where there
is a gateway that forwards the
connections
there is always a separate connection
between each
individual host that is what we call a
mesh network
but how does it work how is tail scale
able to
magically connect all these networks no
matter where they are located and if
there is a firewall in between without
forwarding on or configuring any ports
so that's the most
interesting part for me so let's take a
look at the architecture of tail scale
and how
the network protocol really works
because this is really amazing let's
take a look
to explain how tail scale work i will
just refer to the official documentation
because
this is so well written if you want to
really know how to write a good
technical documentation that has a lot
of complex
technical information but it's still
exciting and very easy to read
just go and use this as an example so
this guy really knows how to write an
awesome technical documentation
so to understand what are the benefits
of tail scale and how it really works we
first of all
need to go one step back and talk about
traditional vpn networks and topologies
so how we would
usually connect any vpn networks within
iit infrastructure and the first model
is the hub and spoke networks this is
how we usually
deploy any vpn connections so we usually
have many different clients maybe
some people in the home office or
anywhere else and the vbn gateway is the
main device that connects all this stuff
so each client connects to the vpn
gateway and then this forwards the
connection to
each individual server on this
particular subnet
so this is great for small environments
or where you have just one network and
all the clients want to connect to this
particular network
so this is great but it has some
problems
once you add more networks to that it
can get quite complex and messy to set
up
especially when we have something like
this here so we have a client that wants
to connect to new york city location
and you can see it's relatively nearby
but because we're using a vpn gateway
that is probably
located somewhere else we need to draw
this connection to the vpn network
that's then connected back to this
network
so the solution to that probably would
be that we would
connect the client directly to the
server and not
use a vpn gateway so this would be
something like this here the client is
connected to all the different
offices or all the different networks
but that would also mean that we need to
maintain and manage
a separate tunnel for each connection
the client wants to connect to and the
other problem we have is
just because the client is connected to
all these different networks that
doesn't mean that these networks can
talk to each other
so if you really want to connect
everything within your network so that
every client can connect
to each server and each server can
connect to all the other servers and to
the client as well
we would need to come up with a
different topology that we would usually
call
a mesh network so now we are just
talking about nodes
so every client every server every
device is in node
and each node is connected to each other
node within the same
vpn and you can see that even with a
small topology for example
10 nodes that get quite complex because
we need to maintain
90 connections in this example here for
just connecting
10 notes you need to imagine as a
network administrator you need to create
private and public key pairs you need to
exchange these keys you need to maintain
all the ip addresses and everything else
so this becomes quite a lot of effort so
here comes the tail scale coordination
server that manages all this
stuff for us so each tail scale client
or each tail scale
node will connect to the telescope
coordination server and it gets the
encryption keys it gets
all the ip addresses and the information
where to connect to so this is really
cool you can read through all the
technical documentation if you really
want to understand how it works on a
very deep level of course but i just
want to walk you through
some of the basics here because usually
the biggest horror we have in connecting
vpn networks
is not traversal so not stands for
network address translation and this is
built into every router every firewall
that is
somewhere located on the network so for
example if you are in a home network
usually have a router and that is doing
a nut and yeah on home network where you
have
access to the nut device or to the
router or fireball you probably can just
add a forward rule or port forwarding
but you need to imagine if you are
traveling somewhere if you are in a
hotel or somewhere else where you don't
really have control over the network
there usually will be a nut device in
between that you cannot manage and you
cannot access
and probably there are also some other
restrictions for example
maybe the device is blocking udp traffic
on a specific port completely or
maybe you need to authenticate somehow
whatever so there can be
a lot of nasty things inside any
networks
and that usually causes a lot of
problems especially when we need to
maintain or manage these connections so
tail scale
works with a bunch of different quite
complex technologies that try to punch
holes into these firewalls and into
these nut systems
it also has something like the erp so
the erp comes into place
when there is a firewall that blocks
every udp traffic completely
so drp will just send out the udp
traffics over an https
stream and relays that through a
separate server that will just
blindly forward the packets without any
decryption stuff happening
so that's still pretty secure and it's a
really really great workaround to break
through networks
that block udp traffic completely so you
can see that tailscale introduces a lot
of
great but also complex vpn technologies
that are all working
behind the scenes and in the background
so you don't need to
really mess around with that but it's
really interesting to understand how it
works and because of
all these protocols and all these
technologies state skill is able to
provide a very
simple and for the user experience
magically
easy way to connect all the different
devices and the best part is
it's completely free at least up to 100
devices and limited to a single user
so of course if you want to use that in
any corporate environment if you have
specific requirements for iot devices or
single sign-on or anything else you of
course
need to pay for that for a small home
network just like i have the free plan
is completely feasible so the next thing
is i want to take a look at magic dns
and some of the other beta features tail
scale has
so if you're interested in this and you
want to see some specific stuff then
just leave me a comment because then i
can take a look and i know what you guys
are interested in so i hope you enjoyed
this video and you could learn something
new and this was exciting so
please don't forget to hit the like
button and of course subscribe to the
channel if you want to watch more
tutorials and content
for it professionals so thanks everybody
for watching i'm out bye bye
