How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN ua-cam.com/video/ulRgecz0UsQ/v-deo.html How Tailscale Makes Managing Wireguard Easy ua-cam.com/video/bcRVkoeSN0E/v-deo.html Tailscale VS ZeroTier ua-cam.com/video/lAhD2JDVG08/v-deo.html Netgate tailscale Blog post www.netgate.com/blog/tailscale-on-pfsense-software tailsacle NAT write up tailscale.com/blog/how-nat-traversal-works/ Headscale GitHub github.com/juanfont/headscale/tree/main/docs tailsacle userspace kernel tailscale.com/kb/1177/kernel-vs-userspace-routers/ ⏱ Timestamps ⏱ 00:00 pfsense tailscale package 03:31 Headscale server 04:19 Tailscale Web Management 05:26 Tailscale Access Control Security 06:10 Managing Tailscale in pfsense 09:36 pfsense routes and exit node 10:48 Tailscale Connectivity and Firewall Security
Agreed! I was able to setup and get basic headscale working with my pfbox but stuggle to get acls so I can see my pf lan devices from remote tailscale clients! I have learned lots from Toms videos.
Another suggestion, when operating on two different pfSense instances, it's easier for the audience to tell which pfSense is currently being configured if they uses different color scheme.
Thanks Tom, this is perfect timing for me. I recently started moving off of my local WISP to T-Mobile and AT&T, and was working through some solutions to get around CGNAT. Although I've been successful so far, I'm not an "all my eggs in one basket" person, so I like options. I'm going through now and setting up a Tailscale configuration. I'd also like to see a Headscale video.
@@occamsrazor000 yea I read it. Maybe it doesn’t adhere to some standard? Do packages have to support pfsense HA to be properly supported/implemented by netgate?
My network is something similar but using two firewalla devices in router mode in different locations for site-to-site VPN access between both using Wireguard protocol. I mapped my NAS located on another site using its local IP through the VPN on a PC. It works pretty well.
Pretty cool to see there is now a tailscale pfsense package. I could see this being pretty useful if I were behind a CGNAT ISP, but the tailscale managed connection interface definitely worries me. I essentially view this as opening my local private LAN to an external company. Not worth the risk in my view. Thus headscale is a pretty appealing offering. I’m not behind a CGNAT so I don’t really have much of a usecase for either. I use wireguard to access my LAN remotely and use OpenVPN for a site to site VPN. The only VPN troubles I have is that when traveling I sometimes find hotels block my wireguard remote access VPN. I don’t think tailscale would behave any differently but I haven’t tried it myself. I believe it would use similar ports to any wireguard VPN. Maybe either can be setup to run on 443? Not sure
There is a discussion on Reddit about free wifi blocking access to wireguard. Fortinet firewall is known to do this. No issues with OpenVPN long as the default port of 1190 is not blocked. I have two OpenVPN server sessions with custom ports for this reason. I share the same security concerns about using TailScale for my network. Headscale is a good open source option but takes bit more work to get it going on the server side and managing it. I am happy to see pfsense now supports it via the package.
@@fuseteam You could rent a VPS to run Headscale. The advantage being it can broker a peer to peer connection between client. Using traditional VPN, you would need to route traffic actually through that VPS, which obviously hurts performance, latency and you might have to deal with data caps depending on where the VPS is rented from.
I would like a headscale video (and a pfsense package lol). I basically already have this setup with pure wireguard as a site to point to pfsense installed on a VPS, I then connect other VPS servers to that pfsense install and can access them as if they are a part of my lan but I would really like a UI for scalability. Will have to try tailscale for now.
Playing round with it, but can't see a use case for me above having Wireguard / OpenVPN on the pfsense. Lack of opening ports is good. Will delve deeper. I'm not behind CGNAT and such.
Tailscale exit node and route advertising make is so much more appealing than nebula & zerotier. Will definitely try out headscale to scale beyond the tailscale 20 free limit. Tailscale on pfsense just blows my mind!!!
Thanks for making this video. I tried to use Christian's video to set up a site-to-site, and I can't get it to work as he described. It looks like the software in the pfSense router has changed, and now things aren't exactly as he described. In his video, he mentions a Tailscale interface that can be ignored, but in my configuration there is no Tailscale interface, only an interface group. When I try to create the outbound NAT rule, I can't specify the interface because it doesn't exist. I can't find any videos on Tailscale site to site that are newer than two years old. Do you know if this feature is still being supported in pfSense? If so, would you consider doing an updated video on how to set this up?
2 роки тому+1
What happens if I link multiple networks that use the same subnets? Guess I will find out when I add another...
Been using Tailscale for a while now and been having to use raspberry pi pas at a couple sites at Tailscale subnet routing bridges. This is awesome. Very welcomed plug-in.
Tailscale is backed by CRV, Insight Partners, Accel, Heavybit, Uncork Capital, and individual investors. Its May 2022 Series B added $100 million in funding.
I have an IPsec established from the pfsense, to a remote subnet. From the LAN it works fine, but when I try to advertise the subnet , clients cannot find it. I tried advertising the LAN like you did, and it worked just fine. Thinking there needs to be some NAT rule or something
Thanks. Great section for the firewall rule. I was wondering why I have no access to my PFsense web UI from tailscale. The rule solved my issue as I needed a quick way to get to the managment UI from anywhere.
Greatly appreciate the videos you create. Curious though how much of a performance difference is there between Tailscale and Wireguard? Would love to see the comparison. If it’s drastically different I would consider switching over.
The open-source software acts in combination with the management service to establish peer-to-peer or relayed VPN communication with other clients using the Wireguard protocol. I would imagine that since tailscale is using the wireguard protocol that there wouldn't be much of a difference between them. Tailscale could be a bit easier to get up and going though, vs wireguard having to get the config to each client.
Great tutorial, wondering why you differed from Christian McDonald's outbound NAT. You set the destination and he set the source. I guess it makes no difference. Thanks Tom, again great tutorial.
Assuming I don't plan to access my firewall pfsense directly from the open internet and want only to access some boxes where I have TS clients installed, why do I even need TS on my router? Happy New Year all!
If I have tailscale installed on my pfsense router like you do in your video, how can I configure things so that mobile devices connected to tailscale can take advantage of the pihole dns that I use on my network? My pihole service runs on the same network as the pfsense router.
I have set tailscale up on OpenWRT but be very mindful that it will om nom nom your CPU if your's is not ARM 64 or x86 even if it has crypto accelerators.
@@LAWRENCESYSTEMS The use case is that I'd like to have access to my home LAN, but also route internet traffic via my NORD VPN Gateway. I have an Alias list in PfSense for clients that I want to route via NORD and that works nicely. When I used Wireguard it was just a case of creating a Firewall rule on the Wireguard Interface with Nord set as the gateway. This doesn't appear to work the same way with Tailscale however. Love your videos btw, keep up the good work :)
I have existing ipsec tunnels from different locations connected to 1 pfsense box as a site 2 site connection, how would I go about advertising those subnets with tail scale aswell? I have simply added them to advertised routes but that doesn't seem to be enough.
12.59 I noticed the option interface has the value Tailscale for the dropdown menu. Does this mean you need to assign Tailscale to a Pfsense interface? Thought that it was mandatory only for geolocation VPN solution
Is is possible to show a senario where you have 2 pfsense firewalls where tailscale connects to sites and each site has a few vlans on their lan side and only some vlans is allowed to talk to some vlans at the other site ?
Hi brother .. Is there a NAT punch hole in a Tailscale? I want to redirect ports from our Huawei router to my computer to be able to utilize it. The Port Forwarding in our router is not working cuz something is blocking it. Please acknowledge my comment.Thank you very much
Tailscale is based on Wireguard. What secret sauce Tailscale added publish routes so that non-tailscale (client install ) can be easily reached via overlay network ? Can some one explain this.
tailscale is such an incredible tunnel resource! I have starlink (which has carrier NAT), so making a tunnel home has been troublesome... not with tailscale! it works great! and i can access everything behind pfsense, thank you for this video!!!
This example only allows one direction from all the other sites to tom-home-pfsense. In order for a 2-way site to site vpn using tailscale, it seems that you need to enable subnet routes for the machine in tailscale, and advertise subnet routes on the pfsense eg. lts-tailscale and put the correct outbound NAT on each other pfsense you want to access from. The free version of tailscale only allows 1 free subnet router... they have a soft limit so you could probably add another one like I did to test for a while.
Man, none of that automated Tailscale routing happened for me. All my stuff looks like yours, but I don't have any firewall NAT or outbound rules. I can't even ping the box from the Tailscale network even though everything looks good. Something's gotta be messed up here.
Some how I kept missing the part where Tailscale (genx)was talking about adding a firewall rule for Tailscale and was not working not passing traffic or pingable although would try connection till timeout. I’ll have to do that when I get home.
Tailscale could be just what we need, can you limit access to just a couple of ports on a windows device in your network eg. camera DVR? I have other apps on this server that I don't not want to open up particularly with limited or no access logging available. As the DVR needs a username and password, I am ok with that level of risk. If this is doable, how could you do it securely?
Thanks for the video. Clear and concise. I notice on your Tailscale Machines page you have the local subnets listed in the addresses column along with the Tailscale address. While my setup is working just find between 2 subnets, my Machines page is only showing me the Tailscale addresses and not the local subnet addresses. Did I miss how this is enabled? Thanks
great video again.. One thing I'm worried about is the fact that there is no login on the android tailscale app... it authenticates without any login/credentials, totp... if someone gets their hands on your phone and unlock it they are free to do whatever they want... Unless ofc I'm missing something, which is very possible :)
A bit of a stupid question perhaps, but can you run an exit node that that exposes routes on anything other than the pfsense (for example, a machine running Linux in the LAN). Or an Azure VM in the same subnet as other VMs.
Thanks Tom for the video. Can you please do a basic tutorial on setting up pfsense with headscale including basic acl that allow accessing pfsense vlans or lan devices?
@@LAWRENCESYSTEMS TNX Tom. I totally struggle here and can't get it to work. Do you know any website/ressource explaining how to setup TS & HA-P. in pfsense? tnx Mate.
I've got two networks on two different pfSense boxes talking to each other, accessible, etc... Great, thanks! What I'd like to do though is have one pfSense be the Exit Node for the other, i.e. all the traffic in and out of one pfSense is going through the other. I see how to use Exit Node with a phone or laptop, but not how to tell the pfSense subnet router to use the other one... Any ideas? Thx
Great video! Nice way you put everything in order and made them clear. I would like to see though a video regarding different setups and how to manage pfsense with the tailscale package. For example, is it possible to access a device in tailscale network from behind the pfsense, without having the tailscale client installed?
@@LAWRENCESYSTEMS Indeed you talk about it, but with one difference (I think, if I understood corretly)..... that is you do have the tailscale client installed on the local client and then you add the Tailscale rule, which enables pinging directly to 100.x.x.x. What about a case where there is no tailscale SW installed on local client and use pfsense as a gateway to managmenet plane as well.
This might be an answer to my prayers.. LOL. Do you think it's possible to have, for example, Unifi software to control Hotspots in different offices with different IPs, but have the same WiFi mesh?
@DrDingus when you connect to the AA (Aerolineas Argentina) WiFi , no matter which city Airport in Argentina, you are part of the same WiFi and you do not have to enter credentials in each city. I'd lime to build something like that for this company different offices in different cities so roaming employees don't have ro be entering credencial at each office.
![[UA] NAVI проти G2 Esports | Blast Premier Fall Final](http://i.ytimg.com/vi/QWlIm4FGESQ/mqdefault.jpg)
How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
ua-cam.com/video/ulRgecz0UsQ/v-deo.html
How Tailscale Makes Managing Wireguard Easy
ua-cam.com/video/bcRVkoeSN0E/v-deo.html
Tailscale VS ZeroTier
ua-cam.com/video/lAhD2JDVG08/v-deo.html
Netgate tailscale Blog post
www.netgate.com/blog/tailscale-on-pfsense-software
tailsacle NAT write up
tailscale.com/blog/how-nat-traversal-works/
Headscale GitHub
github.com/juanfont/headscale/tree/main/docs
tailsacle userspace kernel
tailscale.com/kb/1177/kernel-vs-userspace-routers/
⏱ Timestamps ⏱
00:00 pfsense tailscale package
03:31 Headscale server
04:19 Tailscale Web Management
05:26 Tailscale Access Control Security
06:10 Managing Tailscale in pfsense
09:36 pfsense routes and exit node
10:48 Tailscale Connectivity and Firewall Security
Headscale videos are non existent! Maybe you could do a quick "How TO - Setup" guide for the people :)
Agreed! I was able to setup and get basic headscale working with my pfbox but stuggle to get acls so I can see my pf lan devices from remote tailscale clients! I have learned lots from Toms videos.
I hope so.
Another suggestion, when operating on two different pfSense instances, it's easier for the audience to tell which pfSense is currently being configured if they uses different color scheme.
Thank you so much Tom for another great tutorial. If you could do a video on Headscale it would be most appreciated.
Thanks for sharing, love your work you give sharing knowledge about pfsense
Thanks Tom, this is perfect timing for me. I recently started moving off of my local WISP to T-Mobile and AT&T, and was working through some solutions to get around CGNAT. Although I've been successful so far, I'm not an "all my eggs in one basket" person, so I like options. I'm going through now and setting up a Tailscale configuration. I'd also like to see a Headscale video.
And, I'm already finished. Fully tested from phone on CGNAT into my network on CGNAT, and everything is perfect. This is simply awesome.
id love to see someone going trough the process of setting up ACL on a virgin tailscale network.. for the less network minded folks so to say :)
Time for ZeroTier. It needs to be added to pfsense.
I second that motion!! Nice 👍
Love zerotier really wish it was an option built into pf
There was a request thread on the Netgate forum for like 4 years… that never went anywhere. A shame, I like ZT…
@@occamsrazor000 yea I read it. Maybe it doesn’t adhere to some standard? Do packages have to support pfsense HA to be properly supported/implemented by netgate?
My network is something similar but using two firewalla devices in router mode in different locations for site-to-site VPN access between both using Wireguard protocol. I mapped my NAS located on another site using its local IP through the VPN on a PC. It works pretty well.
Pretty cool to see there is now a tailscale pfsense package. I could see this being pretty useful if I were behind a CGNAT ISP, but the tailscale managed connection interface definitely worries me. I essentially view this as opening my local private LAN to an external company. Not worth the risk in my view.
Thus headscale is a pretty appealing offering.
I’m not behind a CGNAT so I don’t really have much of a usecase for either. I use wireguard to access my LAN remotely and use OpenVPN for a site to site VPN.
The only VPN troubles I have is that when traveling I sometimes find hotels block my wireguard remote access VPN. I don’t think tailscale would behave any differently but I haven’t tried it myself. I believe it would use similar ports to any wireguard VPN. Maybe either can be setup to run on 443? Not sure
There is a discussion on Reddit about free wifi blocking access to wireguard. Fortinet firewall is known to do this. No issues with OpenVPN long as the default port of 1190 is not blocked. I have two OpenVPN server sessions with custom ports for this reason.
I share the same security concerns about using TailScale for my network. Headscale is a good open source option but takes bit more work to get it going on the server side and managing it. I am happy to see pfsense now supports it via the package.
Doesn't headscale offer the same challenge as openvpn? To use your own headscale server you need a public ip
@@fuseteam You could rent a VPS to run Headscale. The advantage being it can broker a peer to peer connection between client. Using traditional VPN, you would need to route traffic actually through that VPS, which obviously hurts performance, latency and you might have to deal with data caps depending on where the VPS is rented from.
I would like a headscale video (and a pfsense package lol). I basically already have this setup with pure wireguard as a site to point to pfsense installed on a VPS, I then connect other VPS servers to that pfsense install and can access them as if they are a part of my lan but I would really like a UI for scalability. Will have to try tailscale for now.
I can use this as ab alternative to zerotier, which works great but I need a VM to keep it up.
Playing round with it, but can't see a use case for me above having Wireguard / OpenVPN on the pfsense. Lack of opening ports is good. Will delve deeper. I'm not behind CGNAT and such.
Tailscale exit node and route advertising make is so much more appealing than nebula & zerotier. Will definitely try out headscale to scale beyond the tailscale 20 free limit. Tailscale on pfsense just blows my mind!!!
Thanks for making this video. I tried to use Christian's video to set up a site-to-site, and I can't get it to work as he described. It looks like the software in the pfSense router has changed, and now things aren't exactly as he described. In his video, he mentions a Tailscale interface that can be ignored, but in my configuration there is no Tailscale interface, only an interface group. When I try to create the outbound NAT rule, I can't specify the interface because it doesn't exist. I can't find any videos on Tailscale site to site that are newer than two years old. Do you know if this feature is still being supported in pfSense? If so, would you consider doing an updated video on how to set this up?
What happens if I link multiple networks that use the same subnets? Guess I will find out when I add another...
What did you find?
Been using Tailscale for a while now and been having to use raspberry pi pas at a couple sites at Tailscale subnet routing bridges. This is awesome. Very welcomed plug-in.
Don't bother trying to install this with 2.5.x It shows up but will just error trying to install a dependency.
Why wouldn't this be prevented in the Package Manager?? Bad packager, bad packager!
Tailscale is backed by CRV, Insight Partners, Accel, Heavybit, Uncork Capital, and individual investors. Its May 2022 Series B added $100 million in funding.
I have an IPsec established from the pfsense, to a remote subnet. From the LAN it works fine, but when I try to advertise the subnet , clients cannot find it. I tried advertising the LAN like you did, and it worked just fine. Thinking there needs to be some NAT rule or something
Thanks for the video; one question: how did you set up a subnet router in PfSense?
ua-cam.com/video/fsdm5uc_LsU/v-deo.html
followed your guide.. its realy simple and easy..
Thank you for the video. Will definitely take a look at the NAT article.
Thanks. Great section for the firewall rule. I was wondering why I have no access to my PFsense web UI from tailscale. The rule solved my issue as I needed a quick way to get to the managment UI from anywhere.
Greatly appreciate the videos you create. Curious though how much of a performance difference is there between Tailscale and Wireguard? Would love to see the comparison. If it’s drastically different I would consider switching over.
The open-source software acts in combination with the management service to establish peer-to-peer or relayed VPN communication with other clients using the Wireguard protocol.
I would imagine that since tailscale is using the wireguard protocol that there wouldn't be much of a difference between them. Tailscale could be a bit easier to get up and going though, vs wireguard having to get the config to each client.
@@neosmith80 @scottc2211 For me Wireguard is 2x faster than Tailscale,both running in Pfsense
Great tutorial, wondering why you differed from Christian McDonald's outbound NAT. You set the destination and he set the source. I guess it makes no difference. Thanks Tom, again great tutorial.
Assuming I don't plan to access my firewall pfsense directly from the open internet and want only to access some boxes where I have TS clients installed, why do I even need TS on my router?
Happy New Year all!
Having it on the router allows easy access to all devices across all networks, even the devices that do not have Tailscale.
If I have tailscale installed on my pfsense router like you do in your video, how can I configure things so that mobile devices connected to tailscale can take advantage of the pihole dns that I use on my network? My pihole service runs on the same network as the pfsense router.
It might work if you specify your pi-hole DNS in your Tailscale DNS settings
I have set tailscale up on OpenWRT but be very mindful that it will om nom nom your CPU if your's is not ARM 64 or x86 even if it has crypto accelerators.
Awesome video, thanks for creating it. Is there an easy way to get Tailscale traffic bound for the WAN to use a non-default Gateway?
Not something I've had a need for or tested
@@LAWRENCESYSTEMS The use case is that I'd like to have access to my home LAN, but also route internet traffic via my NORD VPN Gateway. I have an Alias list in PfSense for clients that I want to route via NORD and that works nicely. When I used Wireguard it was just a case of creating a Firewall rule on the Wireguard Interface with Nord set as the gateway. This doesn't appear to work the same way with Tailscale however.
Love your videos btw, keep up the good work :)
I have existing ipsec tunnels from different locations connected to 1 pfsense box as a site 2 site connection, how would I go about advertising those subnets with tail scale aswell? I have simply added them to advertised routes but that doesn't seem to be enough.
Tailscale and Ubiquti USG firewall rules , can you hellp me ?
Tailscale does not work on a Ubiquti USG
12.59 I noticed the option interface has the value Tailscale for the dropdown menu. Does this mean you need to assign Tailscale to a Pfsense interface? Thought that it was mandatory only for geolocation VPN solution
Is is possible to show a senario where you have 2 pfsense firewalls where tailscale connects to sites and each site has a few vlans on their lan side and only some vlans is allowed to talk to some vlans at the other site ?
Hi brother .. Is there a NAT punch hole in a Tailscale? I want to redirect ports from our Huawei router to my computer to be able to utilize it. The Port Forwarding in our router is not working cuz something is blocking it. Please acknowledge my comment.Thank you very much
Yes, you can use Tailscale behind NAT.
@@LAWRENCESYSTEMS how to do it? Sorry, I really have no idea since I'm not that techie..
Tailscale is based on Wireguard. What secret sauce Tailscale added publish routes so that non-tailscale (client install ) can be easily reached via overlay network ? Can some one explain this.
tailscale is such an incredible tunnel resource! I have starlink (which has carrier NAT), so making a tunnel home has been troublesome... not with tailscale! it works great! and i can access everything behind pfsense, thank you for this video!!!
This example only allows one direction from all the other sites to tom-home-pfsense. In order for a 2-way site to site vpn using tailscale, it seems that you need to enable subnet routes for the machine in tailscale, and advertise subnet routes on the pfsense eg. lts-tailscale and put the correct outbound NAT on each other pfsense you want to access from. The free version of tailscale only allows 1 free subnet router... they have a soft limit so you could probably add another one like I did to test for a while.
Does it even works on opnsense?
Coming behind the actual tech improvement. May be it is already done. here my upvote for headscale tutorial. Thanks for this one
can you include/exclude apps to use tailscale and how do you have 1 main tunnel and conect other devices to the tunnel?
Man, none of that automated Tailscale routing happened for me. All my stuff looks like yours, but I don't have any firewall NAT or outbound rules. I can't even ping the box from the Tailscale network even though everything looks good. Something's gotta be messed up here.
Third time's the charm! Now it's showing up some stuff. Still can't ping the box, but now I finally have routes! Still no Outbound mappings though.
Some how I kept missing the part where Tailscale (genx)was talking about adding a firewall rule for Tailscale and was not working not passing traffic or pingable although would try connection till timeout.
I’ll have to do that when I get home.
Yeah added a pass all on tailscale tab and it all works great
Tailscale could be just what we need, can you limit access to just a couple of ports on a windows device in your network eg. camera DVR? I have other apps on this server that I don't not want to open up particularly with limited or no access logging available. As the DVR needs a username and password, I am ok with that level of risk. If this is doable, how could you do it securely?
Yes, you can create limiting rules in Tailscale.
Thanks for the video. Clear and concise. I notice on your Tailscale Machines page you have the local subnets listed in the addresses column along with the Tailscale address. While my setup is working just find between 2 subnets, my Machines page is only showing me the Tailscale addresses and not the local subnet addresses. Did I miss how this is enabled? Thanks
You can have Tailscale push other routes if needed.
great video again.. One thing I'm worried about is the fact that there is no login on the android tailscale app... it authenticates without any login/credentials, totp... if someone gets their hands on your phone and unlock it they are free to do whatever they want... Unless ofc I'm missing something, which is very possible :)
It relies on the security of your phone so use a good phone lock password.
@@LAWRENCESYSTEMS Yup!!! Still would love to see something like otp or yubikey support added for logging in to the app!
@@JPEaglesandKatz Tailscale does not handle logins, that is why they use third parties.
A bit of a stupid question perhaps, but can you run an exit node that that exposes routes on anything other than the pfsense (for example, a machine running Linux in the LAN). Or an Azure VM in the same subnet as other VMs.
Tailscale allows you to choose what endpoints can be exit nodes
Would to see selfhosted zerotier network via zero-ui
I really wish this tutorial show each step including the firewall rules. I cannot get my subnet routes to work
I do cover the firewall rules.
Great video Tom, and thankyou for all the great work 👍🏼
A headscale video would be greate
Thanks Tom for the video. Can you please do a basic tutorial on setting up pfsense with headscale including basic acl that allow accessing pfsense vlans or lan devices?
Tailscale pushes networks not VLAN's
Hi Tom. Great explanation, thanks.
Is it possible to route TS to HA-Proxy to access my services behind HA-Proxy? Any hint for me? TNX
They should work together.
@@LAWRENCESYSTEMS TNX Tom.
I totally struggle here and can't get it to work.
Do you know any website/ressource explaining how to setup TS & HA-P. in pfsense?
tnx Mate.
Excellent tutorial as usual. Many thanks.
I've got two networks on two different pfSense boxes talking to each other, accessible, etc... Great, thanks! What I'd like to do though is have one pfSense be the Exit Node for the other, i.e. all the traffic in and out of one pfSense is going through the other. I see how to use Exit Node with a phone or laptop, but not how to tell the pfSense subnet router to use the other one... Any ideas? Thx
I am not aware of a way to currently do that buy they may add the option in the future.
@@LAWRENCESYSTEMS Appreciate the quick response. I left the comment on Christian MacDonalds video as well... :)
is it possible to use ospf over tailscale to advertise the routes instead of tailscale itself?
Don't think Tailscale has OSPF support
Great video! Nice way you put everything in order and made them clear. I would like to see though a video regarding different setups and how to manage pfsense with the tailscale package. For example, is it possible to access a device in tailscale network from behind the pfsense, without having the tailscale client installed?
Yes, that is a use case I talked about in the video.
@@LAWRENCESYSTEMS Indeed you talk about it, but with one difference (I think, if I understood corretly)..... that is you do have the tailscale client installed on the local client and then you add the Tailscale rule, which enables pinging directly to 100.x.x.x. What about a case where there is no tailscale SW installed on local client and use pfsense as a gateway to managmenet plane as well.
Many Thanks....
Tailscale won't let me generate a key, I think because my role is an Owner. Can anyone tell me how to change my role to Admin or Network Admin?
This might be an answer to my prayers.. LOL. Do you think it's possible to have, for example, Unifi software to control Hotspots in different offices with different IPs, but have the same WiFi mesh?
I don't understand the goal.
THe goal is to have one mesh across multiple offices in different towns. Offices have different DHCP's connected via iPsec at the present time.
but why@@falazarte
@DrDingus when you connect to the AA (Aerolineas Argentina) WiFi , no matter which city Airport in Argentina, you are part of the same WiFi and you do not have to enter credentials in each city. I'd lime to build something like that for this company different offices in different cities so roaming employees don't have ro be entering credencial at each office.
@@falazarte radius
the settings are not easy and the video is so convoluted... ehhhh
First
I never knew this existed. NOICE.