tailscale

WireGuard-based Software-Defined Mesh Network for Remote Access

A plug-in is currently being developed for OPNsense, and is in testing phases. 

Installation + Config

Installing Tailscale is made simple with OPNsense, and only 2 items are required to successfully install the service:

  1. Console Access to router (SSH)
  2. Internet Connection

SSH into your OPNsense router console, enter "8" to select the shell option. Then run the command to download or update the ports tree:

console.png

opnsense-code ports

Run it twice to make sure the most current and up-to-date version is downloaded. Then change directories and run the command to install Tailscale:

image.png

cd /usr/ports/security/tailscale
make install

Run the following commands to enable the tailscaled service and check for the version to ensure its installed:

service tailscaled enable
service tailscaled start

Check version with:

tailscale version

image.png

Run the command to add the OPNsense router as a node on your tailnet:

tailscale up

The output will provide you an authentication link to enter in your browser

Open your OPNsense router Web GUI to assign the interface and lock it to prevent removal:

image.png

Your installation of tailscale is complete! Your next step should be to set up port mapping. See next page

Port Mapping

With your tailscale installation complete, set up port mapping to allow access to certain devices. If you want to allow access to an entire subnet, you can do this through the admin console for tailscale in the "Edit route settings" section:

image.png

I've enabled access to both my LAN and homeLAB subnet:

image.png

 

Additionally, an alternative to static port mapping would be to enable Universal Plug and Play. To do this, download the Universal Plug and Play plug in via OPNsense --->Firmware ---> Plug-Ins and enable the settings. 

All set! See next page to view my connection results!

Successful Connection

To test my connection, I went to my University library and tried to connect to my tailnet. As you can see below, I was able to ping my router gateway while connected to my University WiFi:

connection-ping.png

toolbar-connected.png

To update Tailscale, run the following commands:

cd /usr/ports/security/tailscale
make deinstall

image.png

make clean

image.png

make install

Installation may take some time. After clean installation, restart the service:

service tailscaled restart

Check the version to confirm update:

tailscale version

image.png