wiki.matoken.org

• Download \- Tailscale

Debian Bullseye(testing)

snippet.bash

$ wget https://pkgs.tailscale.com/stable/debian/bullseye.gpg
$ gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --import ./bullseye.gpg
$ gpg --no-default-keyring --keyring /tmp/temp-keyring.gpg --export --output ./tailscale.gpg
$ rm /tmp/temp-keyring.gpg
$ sudo mkdir -p /usr/local/share/keyrings
$ sudo mv ./tailscale.list /usr/local/share/keyrings
$ sudo apt edit-sources tailscale.list
$ cat /etc/apt/sources.list.d/tailscale.list
deb [arch=amd64 signed-by=/usr/local/share/keyrings/tailscale.gpg] https://pkgs.tailscale.com/stable/debian bullseye main
$ sudo apt update
$ sudo apt install tailscale

Ubuntu 21.04 amd64 Dev

$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | sudo apt-key add -
$ curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/focal.list | sudo tee /etc/apt/sources.list.d/tailscale.list
Install Tailscale
$ sudo apt update
$ sudo apt install tailscale

$ sudo tailscale up

To authenticate, visit:

        https://login.tailscale.com/a/897eb62874af

Success.

$ sudo tailscale status
100.91.241.8    x201i                matoken@     linux   -
100.101.102.103 ("hello-ipn-dev")    services@    linux   -
100.106.162.72  vmi264672            matoken@     linux   -

$ sudo tailscale down
2021/04/14 17:54:50 was in state "Running"
2021/04/14 17:54:50 now in state "Stopped"

$ sudo tailscale up -help
USAGE
  up [flags]

"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.

The flags passed to this command are specific to this machine. If you don't
specify any flags, options are reset to their default.

FLAGS
  -accept-dns true                           accept DNS configuration from the admin panel
  -accept-routes false                       accept routes advertised by other Tailscale nodes
  -advertise-exit-node false                 offer to be an exit node for internet traffic for the tailnet
  -advertise-routes ...                      routes to advertise to other nodes (comma-separated, e.g. 10.0.0.0/8,192.168.0.0/24)
  -advertise-tags ...                        ACL tags to request (comma-separated, e.g. eng,montreal,ssh)
  -authkey ...                               node authorization key
  -exit-node ...                             Tailscale IP of the exit node for internet traffic
  -force-reauth false                        force reauthentication
  -host-routes true                          install host routes to other Tailscale nodes
  -hostname ...                              hostname to use instead of the one provided by the OS
  -login-server https://login.tailscale.com  base URL of control server
  -netfilter-mode on                         netfilter mode (one of on, nodivert, off)
  -shields-up false                          don't allow incoming connections
  -snat-subnet-routes true                   source NAT traffic to local routes advertised with --advertise-routes

基本的に様々なNATトラバーサル手法を使って設定不要でP2P接続されるが，両方のネットワークが厳しい場合低速なリレー接続になる． リレー接続を回避したい場合どちらかのノードで 41641/udp を開放する．

• What firewall ports should I open to use Tailscale? · Tailscale