6/2/2023 0 Comments Opnsense tailscale![]() ![]() This however opens a Pandora’s Box of security issues. SSL Certificates (powered by Let’s Encrypt)įor some time, I’ve been planning to secure my local web services (Home Assistant, Proxmox etc) with self-signed SSL certificates issued by a local CA (using cfssl).What I will focus on in this article is how to use to really neat features in Tailscale to solve the problem in the opening paragraph: There isn’t much to write about how to add a machine to Tailscale as that part is dead easy. After enrolling a few nodes, I was sold so it was time to start migrating. Both the UI and UX is a lot smoother and it just feels much more production ready. It’s clearly a much more polished product than ZeroTier. After hearing glowing reviews of Tailscale at Ubuntu Developer Summit, I decided to give it a go myself. Recently, I kept hearing from more and more people how much they love Tailscale. I’ve been a fan of ZeroTier for some time and use it both personally and professionally to access nodes behind firewalls. The solution, it seems, comes from an unexpected source: the VPN/Wireuard service provider Tailscale. The root of the problem is a combination of DNS and routing to local IPs, which means you can’t use automated certificate issuers, like Let’s Encrypt. Plenty of people tried, including myself in our now sunsetted company WoTT. Securing and encrypting communication on local network devices is a hard problem.
0 Comments
Leave a Reply. |