Tailscale: Installation and Configuration of This VPN to Connect Computers

What is Tailscale and what is it for?

Tailscale will provide us with the possibility of interconnecting different computers through the Internet in a virtual private network, and all this by installing a small program on each computer and logging in with the registration credentials in the service. We will not have to open any type of port, mount a VPN server on each computer, or carry out complicated configurations. The objective of Tailscale is to allow us to access all the computers remotely, regardless of whether they are behind a CG-NAT or a NAT, and all this quickly and very easily.

Some very important characteristics of Taulscale is that we can configure a very safe and fast network in seconds, without having to configure absolutely anything, because the installation of the necessary program is as simple as following the installation wizard, logging in with the account created in Taiscale , and the node will automatically be added to the VPN network for remote access from anywhere. This service will allow us to manage and configure firewall rules, configure DNS servers, and even create access control lists for different computers and much more.

Tailscale will allow us to create a secure network between different computers, servers and even in the Cloud, Tailscale software is compatible with Windows, Linux, MacOS, Android, iOS operating systems and is also compatible with ARM-based devices such as the popular Raspberry Pi . We can make use of SSO and also MFA for authentication and register the different computers, the devices can only connect to our VPN network when we have logged in with our credentials, in addition, we can perform two-step authentication, and even delete to former teams or employees, since this software is also oriented to a professional field.

Tailscale will provide the same private IP address within the VPN network to the same computers, that is, it is a fixed IP address and it will not change, regardless of whether we connect to the Internet via WiFi or cable, which is essential for everything to work properly. We will also have the possibility of creating access control based on roles, to restrict access to servers or the equipment that we want.

Safety

Tailscale makes use of the popular WireGuard VPN to provide confidentiality, authentication and data integrity, therefore, not only will we be safe, but the performance we will achieve will be really fast. A very important characteristic of Tailscale is that communications are point-to-point, the network traffic will not pass through its servers, therefore, we will have low latency and a very good real speed. Other features are that we have automatic key rotation, specifically, the keys are rotated by the hour and day to reduce the risk of theft of keys or obsolete credentials. Finally, network traffic is also checked for tamper-proof.

Plans and prices

Tailscale is a free tool for personal use, but we have several payment plans that increase the number of configurations and customizations. Depending on our needs, we will have to pay more or less to have the features we need.

• Only (free version): up to 100 devices, an administrator, point-to-point security, DNS support, we can share access with friends and family, with community support.
• Connectivity ($ 10 per user per month): up to 100 devices, credentials can be shared with the team, routes and nodes can be managed, the whole team can be invited, automatic key rotation, basic access control, multiple administrators and email support.
• Security ($ 20 per user per month): up to 500 devices, credentials can be shared with the team, includes all of the above, but we have identity-based access control lists, we also have role-based access controls and ACL groups . Key rotation, Okta integration, and email support can be customized.
• Enterprise (does not specify price): the price is customized according to the users of the company, IoT devices can also be integrated, terminals and connections can be monitored for audits. It incorporates SAML SSO and personalized support.

With the «Solo» version we can register up to 100 devices, therefore, it is ideal for home environments and even for small and medium-sized companies. It will only be necessary that we create a Gmail email address and that all users have access to this account, in this way, we can register all the devices of friends or family.

Now we are going to see how we can register with Tailscale, and start adding two Windows computers that will be connected to the Internet through the same FTTH connection.

Registration and all options

The first thing we have to do is enter the Tailscale website and register, by clicking on “Get Started” which is in the upper right corner.

To register it will be as easy as using a Google Gmail email or a Microsoft email, it does not give us more options, if we have a business email we will have to contact them so that they can sign us up for the service, but They will surely assign you the paid plans and not the free ones, so we recommend that you create a Gmail or Hotmail email to use this service.

As soon as we register, it will take us to the main Tailscale administration menu, here we will see several submenus with the different configurations that we can make.

In the ” Machines ” section we can see all the equipment, servers and devices that are currently registered. By default, it will create a node from the Tailscale itself to check connectivity. We must bear in mind that all the computers that we connect will be here, we can edit the host name, but the assigned IP address cannot be changed and is fixed for each of the devices. The “External” tab is where we can register teams of friends or family and we want them to connect to our main network.

The ” Services ” section is where we can monitor in real time all the Internet services that are running on the machines on the network, we can enable or disable this functionality, but it will help us to know what is being exchanged within the private network virtual that we have configured.

In the ” Solo ” or free version of the service there can only be one administrator, if we purchase the paid versions we can add more administrators in this section.

In the ” Access Control ” section we can create access control lists based on JSON to allow or deny traffic from certain computers, users and even ports. To configure this in detail we will have to read the associated documentation thoroughly to understand the syntax correctly and not make any mistake in an aspect as important as ACLs.

In the ” DNS ” section is where we can configure the “Magic DNS” which is in beta version, in this way, we can register the DNS names for the devices on our local network. In addition, we also have the possibility to configure “nameservers” manually. Everything related to the DNS servers that the teams will have to intercommunicate with each other is here.

The “Settings” section is where we can see the beta features that the service currently has, and we can even enable or disable the collection of data from the services.

In our case, we have registered with the free version, therefore, in “Billing” we have everything empty because there is no purchase information.

In the “Features” section we will see the beta features and also the management of the “Magic DNS” as we have taught you previously.

In the ” Auth-Keys ” section is where we can register new devices without logging into the Gmail or Hotmail account, we can authenticate a machine with a one-time code, once used it will expire and can no longer be used. We also have the ability to configure a multi-use key, to authenticate different machines with the same key and not have to continually change it. Finally, we have the “API Key” section that will give us access to the Tailscale API.

Download the client and register the equipment

To download Tailscale on computers, we will simply have to go to the “Download” section, either within the administration panel or outside the administration panel. We must choose our operating system, we must remember that it is compatible with Windows 7 or higher, Linux, MacOS, Android operating systems and also iOS. Also, it is compatible with ARM devices like Raspberry Pi.

Once downloaded, we run the installer and in a few minutes we will have it installed.

By double clicking on the icon on the taskbar, it will launch the computer’s default web browser to proceed with authentication via Gmail or Hotmail. As soon as we have authenticated, the equipment will be registered, as simple and easy as this. In the options of the Tailscale program for the end devices we will have the following:

• Authentication expiration
• Private IP address assigned by the network
• Traffic received and sent
• Connect
• Disconnect
• Enable incoming connections
• Start with the team
• Launch the admin console
• See all devices on the VPN network
• Login to another account
• Sign out of current account
• See the version of the program
• Leave

As soon as we register the equipment, it will appear in the list of “Machines” as you can see, it will have assigned us a private IP address, it detects that it is a Windows operating system and that it is currently connected.

When we carry out the same process on our laptop, we will see that the only difference is the host name and the IP address assigned to our equipment.

Regarding the options available on each of the computers, we will have the ability to share this machine with friends and family, edit the device name, view the routing options, disable the password expiration, and remove the computer from the VPN network.

If we go into the ” Services ” section we can see all the traffic that is sending and receiving from the different devices and that communicate through this VPN network. For example, the traffic that we make to the Internet directly will not go through this network, because the objective of Tailscale is to provide connectivity between the different devices.

Once we have seen how to add teams, we are going to check the speed and latency of the Tailscale connection.

Speed and latency

The latency and speed testing scenario is as follows:

• PC1 connected by cable to the router and with Pepephone 600Mbps symmetrical Internet connection.
• PC2 connected by WiFi to the WiFi access point, and in the same connection as PC1.

By doing the typical ping, we can see that at first the latency is high, but the average latency is really good as you can see below. We must bear in mind that all traffic is encrypted and authenticated with WireGuard. It can be verified that there is communication between the computers within the Tailscale virtual private network.

As for speed, we can see that we have an average speed of approximately 55Mbps, as you can see below:

We recommend you visit the official Tailscale documentation , where you will find all the technical details and the possibilities of this great alternative to the popular ZeroTier.

Thanks to Tailscale we can interconnect teams easily and quickly, for example, we could register all our teams and connect by remote control via Windows Remote Desktop or via VNC, without the need for programs such as Teamviewer, AnyDesk or Supremo Control. In this way, we will not depend on third-party software for remote control, only on the VPN network to interconnect the different computers.