It is likely to have 2 or more different locations to spread your devices to have geographically redundancy. It is to send our backups to a different location, distribute the load of our services or to sync our live data to somewhere else.
When considering the big tech giants, cloud providers this is done through zones, regions etc. However, for home or small business level use cases, we cannot have switches, routers that can carry enormously high amount of data in between different locations (here we are not talking about one room to another in the same place). Therefore, we need to rely on the public internet services to communicate to the rest of the world.
Assuming a setup that you want to share your services with your best friend, so that he can utilize what you have, but meanwhile you can use your friend's remote NAS to store your backups for a predefined period of time. Although there are several ways to be able to accomplish such a scenario, here I will be focusing on Tailscale, and I will try to show how to set it up, and how to enable and use Site to Site VPN, so called Subnet Routers in Tailscale's jargon.
What is Tailscale?
Tailscale is a Mesh VPN software which enables you to establish secure and easy communication in between your devices. Under the hood, it utilizes the Wireguard protocol for end to end encrypted communication.
What feature does Tailscale have?
Tailscale has several great features apart from being able to communicate in between our devices, such as setting one tailscale node as an Exit Node, running a node as a Subnet router, full feature administration to configure DNS, accessing your services from outside of tailscale (Funnel), setting up ACLs and so on.
What is a Subnet Router?
Subnet Router is one of the best features of tailscale which allows us to integrate devices without having ability to install tailscale like IoT devices. It is also not limited to such devices, but it is also possible to have a single server at both locations, and let all devices behind them communicate in each other over Subnet Routers.
Each tailscale node is a candidate to be a subnet router if intended to do so. Unfortunately not all of the devices can be a subnet router. As of today, several devices can be configured to be a subnet router such as Linux, MacOS, Apple TV, Windows and Android. Always check the official tailscale documentation if anything changes.How to install Tailscale and configure Subnet Router?
Depending on your device to be used, please go to https://tailscale.com/download to pick your corresponding device package or you can use the below one line shell command to install Tailscale from a Linux shell.$ sudo curl -fsSL https://tailscale.com/install.sh | sh
$ sudo tailscale up
$ sudo tailscale ip -4 # This should return an IPv4 address within 100.64.0.0/10
From this time after, we can start to prepare the subnet router on this node.
Depending on the operating system, we need to go to Tailscale documentation to check what steps to do.
Usually, setting a node as a Subnet Router requires to enable network packet forwarding on the OS, advertising the routes and granting the Subnet Router use from the Tailscale Admin Console.
On a Linux system, the steps roughly look like the following
Enabling IP Forwarding
$ echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
$ echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
$ sudo sysctl -p /etc/sysctl.conf
Advertising the Routes
$
sudo tailscale set --advertise-routes=192.168.178.0/24
❗It is important to use correct subnet information to advertise
Grant Subnet Router
Find your device inside the Tailscale Admin Console under Machines section. Select Edit. Under the Subnet Routes, select the routes to approve.
Now we are ready to use the Subnet Router on the same network. But there should be something more. How is the secondary location aware of the Subnet Router so that unknown devices behind the Subnet Routes is communicated. To be able to do that we should accept the announced routes on the other locations. Running the command below should do the work for us.
$
sudo tailscale set --accept-routes
Don't forget to add static routes or configure the subnet router as a default gateway for the devices in the same network as the subnet router. Otherwise, you will not be able to route over the subnet router to access to the other locations.
When the same actions are taken at the other locations, we will have other subnet routers configured. This means 2 or more subnet router can communicate in between each other which leads the devices sharing the same network can also communicate to each other.
For the static routes needed, below example can be used to understand what I mean with it.
Location 1 - Subnet Router IP : 192.168.178.2
Location 2 - Subnet Router IP : 192.168.0.2
the below command can be used to add the routes.
in Location 1
$ sudo ip route add 100.64.0.0/10 via 192.168.178.2
$ sudo ip route add 172.16.100.0/24 via 192.168.178.2
and in Location 2
$ sudo ip route add 100.64.0.0/10 via 192.168.0.2
$ sudo ip route add 192.168.178.0/24 via 192.168.0.2
❗Do not add the routes within the Subnet Router, must be run only on the other devices.
I hope you find this article helpful and useful in your use case. That's all for now.
Comments
Post a Comment