TBD
Headscale is the open source variant of Tailscale.
Install it on your Server: https://headscale.net/running-headscale-linux/
Proxy it via nginx to get httpS. Nginx Example Config:
map $http_upgrade $connection_upgrade {
default keep-alive;
'websocket' upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name <YOUR DOMAIN>;
ssl_certificate /etc/letsencrypt/live/<YOUR DOMAIN>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<YOUR DOMAIN>/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
proxy_pass https://<HEADSCALE SERVER IP>:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $server_name;
proxy_redirect http:// https://;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
}
}
Install Tailscale Client on your Clients: https://tailscale.com/download/linux
Then run:
tailscale up --login-server https://<YOUR DOMAIN>
which will give you the server Add command in the browser. Mission complete :)
apt install tinc net-tools
Generate keys:
tincd -n <netname> -K8192
Setup tinc.conf, tinc-up, tinc-down
Configure the /hosts/<hostname> file like:
Address = <myip> Port = 55555 Subnet = 10.5.0.xxx
Copy the generated hosts/<hostname> file to *all* other servers and get the other host files
Start tinc:
tincd -n <netname>
For debugging, do not detach:
tincd -n <netname> -D
Enable at boot via systemd
systemctl enable tinc@vpnname