Route all network traffic to your tailnet

24年 9月 27日 Friday (edited)
361 words
2 minutes

Background story

I can't access github.com, I'm not sure if it's the ISP that's blocking it, or the network administrator (please let me know how to determine who's responsible in the comments below), I will try to figure out when I know lots stuff about network configuration.

thus, I thought of making some kind of VPN that could bypass this limitation

But, how?

Follow the guide on this site to determine the exit-node and route the traffic of intended machine to the exit-node

for note on Windows machine:

you can use CLI to configure and specify the exit-node address instead of setting it through tray menu.

change the current-working directory to the installed tailscale (in my case, /c/Program\ Files/Tailscale/) and execute:

text
./tailscale.exe up --exit-node=<ip-addr> --exit-node-allow-lan-access

From reddit post:

text
Update: just saw you update

--exit-node-allow-lan-acces

This command is only for the remote user utilizing the exit node. Essentially what this command is doing is creating a split tunnel so your client can still access local resources it is sitting on.

If you dont run the option, your client will be using a full tunnel mode. (where everything is shoved through the exit node)

If you are sitting at a cafe you usually dont want to access anything on that local network, when you are at home and using an exit node you might want to access something local. (printer, NAS, etc) so you would use the --exit-node-allow-lan-acces option

This command has nothing to do with the server that is the exit node

If you try to run this command on the exit node, its gonna yell at you and say this option is not available for an exit node

to stop and quit fom exit-node:

text
./tailscale.exe up --reset --exit-node=

Also, related post on tailscale forum.

Bonus

By the way, you can "hide" the tailscale tray icon for err... you know... ^^

You just need to disable the tailscale GUI on startup, make sure both service for tailscale daemon and msys2 sshd daemon are running automatically on boot and create a shortcut to the tailscale executable on startup folder (open with Win+R and type shell:startup), don't forget to add argument on shortcut:

text
"C:\Program Files\Tailscale\tailscale.exe" up --unattended

What next?

You can sniff and analyze packet on your exit-node with tcpdump(1) on tun interface.

Title:Route all network traffic to your tailnet

Author:ReYuki

Link:https://www.reyuki.site/posts/tailscale-as-exit-node [copy]

Last updated:

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. You are free to share and adapt it, as long as you give appropriate credit, don’t use it for commercial purposes, and distribute your contributions under the same license. Provided under license CC BY-NC-SA 4.0