TBD
Headscale is the open source variant of Tailscale.
Install it on your Server: https://headscale.net/running-headscale-linux/
Proxy it via nginx to get httpS. Nginx Example Config:
map $http_upgrade $connection_upgrade { default keep-alive; 'websocket' upgrade; '' close; } server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name <YOUR DOMAIN>; ssl_certificate /etc/letsencrypt/live/<YOUR DOMAIN>/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/<YOUR DOMAIN>/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; location / { proxy_pass https://<HEADSCALE SERVER IP>:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $server_name; proxy_redirect http:// https://; proxy_buffering off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; } }
Install Tailscale Client on your Clients: https://tailscale.com/download/linux
Then run:
tailscale up --login-server https://<YOUR DOMAIN>
which will give you the server Add command in the browser.
Enable service:
systemctl enable tailscaled.service
Mission complete :)
apt install tinc net-tools
Generate keys:
tincd -n <netname> -K8192
Setup tinc.conf, tinc-up, tinc-down
Configure the /hosts/<hostname> file like:
Address = <myip> Port = 55555 Subnet = 10.5.0.xxx
Copy the generated hosts/<hostname> file to *all* other servers and get the other host files
Start tinc:
tincd -n <netname>
For debugging, do not detach:
tincd -n <netname> -D
Enable at boot via systemd
systemctl enable tinc@vpnname