tailscale
WireGuard-based Software-Defined Mesh Network for Remote Access
- Alternative to traditional VPNs
- Official Documentation
A plug-in is currently being developed for OPNsense, and is in testing phases.
Installation + Config
Installing Tailscale is made simple with OPNsense, and only 2 items are required to successfully install the service:
- Console Access to router (SSH)
- Internet Connection
SSH into your OPNsense router console, enter "8" to select the shell option. Then run the command to download or update the ports tree:
opnsense-code ports
Run it twice to make sure the most current and up-to-date version is downloaded. Then change directories and run the command to install Tailscale:
cd /usr/ports/security/tailscale
make install
Run the following commands to enable the tailscaled service and check for the version to ensure its installed:
service tailscaled enable
service tailscaled start
Check version with:
tailscale version
Run the command to add the OPNsense router as a node on your tailnet:
tailscale up
The output will provide you an authentication link to enter in your browser
Open your OPNsense router Web GUI to assign the interface and lock it to prevent removal:
Your installation of tailscale is complete! Your next step should be to set up port mapping. See next page
Port Mapping
With your tailscale installation complete, set up port mapping to allow access to certain devices. If you want to allow access to an entire subnet, you can do this through the admin console for tailscale in the "Edit route settings" section:
I've enabled access to both my LAN and homeLAB subnet:
Additionally, an alternative to static port mapping would be to enable Universal Plug and Play. To do this, download the Universal Plug and Play plug in via OPNsense --->Firmware ---> Plug-Ins and enable the settings.
All set! See next page to view my connection results!
Successful Connection
To test my connection, I went to my University library and tried to connect to my tailnet. As you can see below, I was able to ping my router gateway while connected to my University WiFi:
To update Tailscale, run the following commands:
cd /usr/ports/security/tailscale
make deinstall
make clean
make install
Installation may take some time. After clean installation, restart the service:
service tailscaled restart
Check the version to confirm update:
tailscale version