Docs
Guide
Headscale

Headscale

Installation Ubuntu

  1. Download the latest headscale package
HEADSCALE_VERSION="0.23.0"
HEADSCALE_ARCH="amd64"
wget --output-document=headscale.deb \
 "https://github.com/juanfont/headscale/releases/download/v${HEADSCALE_VERSION}/headscale_${HEADSCALE_VERSION}_linux_${HEADSCALE_ARCH}.deb"
  1. Install headscale
sudo apt install ./headscale.deb
  1. Configure headscale by editing the configuration file
sudo vi /etc/headscale/config.yaml
  1. Enable and start the headscale service
sudo systemctl enable --now headscale

User Management 

headscale users create <USER>
headscale preauthkeys create --user <USER>

Route Management 

headscale routes list
headscale routes enable <id>

Node Management 

headscale nodes list
headscale nodes rename <new_name> -i <id>

Installation (container)

  1. Install Docker
  2. Create the Data folder:
mkdir -p ./headscale/config
cd ./headscale
  1. Create an empty SQlite datebase in the headscale directory:
touch ./config/db.sqlite
  1. Copy the default config:
wget -O ./config/config.yaml https://raw.githubusercontent.com/juanfont/headscale/main/config-example.yaml
  1. Modify the default config (https missing here):
## Change to your hostname or host IP
server_url: http://your-host-name:443
## Listen to 0.0.0.0 so it's accessible outside the container
metrics_listen_addr: 0.0.0.0:9090
## The default /var/lib/headscale path is not writable in the container
private_key_path: /etc/headscale/private.key
## The default /var/lib/headscale path is not writable in the container
noise:
  private_key_path: /etc/headscale/noise_private.key
## The default /var/lib/headscale path is not writable  in the container
db_type: sqlite3
db_path: /etc/headscale/db.sqlite
  1. Start the headscale server while working in the host headscale directory:
docker run \
  --name headscale \
  --detach \
  --volume $(pwd)/config:/etc/headscale/ \
  --publish 0.0.0.0:443:443 \
  --publish 0.0.0.0:9090:9090 \
  headscale/headscale:latest \
  headscale serve

Registering machines

  1. Create a user:
docker exec headscale \
  headscale users create myfirstuser
  1. View the logs while executing the following commands to get the nodekey:
docker logs --follow headscale

Register a machine (normal login)

On a client machine, execute the tailscale login command:

tailscale up --login-server YOUR_HEADSCALE_URL

To register a machine when running headscale in a container, take the headscale command and pass it to the container:

docker exec headscale \
  headscale --user myfirstuser nodes register --key <YOU_+MACHINE_KEY>

Register machine using a pre authenticated key

Generate a key using the command line:

docker exec headscale \
  headscale --user myfirstuser preauthkeys create --reusable --expiration 24h

This will return a pre-authenticated key that can be used to connect a node to headscale during the tailscale command:

tailscale up --login-server <YOUR_HEADSCALE_URL> --authkey <YOUR_AUTH_KEY>

Accepting routes

  1. List all routes:
docker exec headscale headscale routes list
  1. Accept wanted routes:
docker exec headscale headscale routes enable -r <number>

OPNSense

  • Install Universal Plug and Play
  • Enable
  • Aloow UPnP Port Mapping
  • Allow NAT-PMP Port Mapping
  • External Interface : WAN
  • Interfaces (gernerally LAN): Server
  • Assign and enable Tailscale Interface
opnsense-code ports
cd /usr/ports/security/tailscale
make install
service tailscaled enable
service tailscaled start
tailscale up --login-server=https://headscale.thorados.de --advertise-exit-node --advertise-routes=192.168.10.0/24,192.168.20.0/24,192.168.1.1/32

OpenWRT 

tailscale up --login-server=https://headscale.thorados.de --authkey= --accept-routes --exit-node=100.64.0.4 --exit-node-allow-lan-access=true --advertise-routes=192.168.11.0/24

Links

AzerothcoreHugo