How to Setup The Tailscale VPN and Routing on pfsense
Linode Offer https://www.linode.com/homelabshow
How Tailscale Makes Managing Wireguard Easy
Forum Post With Commands
https://forums.lawrencesystems.com/t/setting-up-headscale-video-commands/14803
Headscale GitHub
https://github.com/juanfont/headscale
Headscale Linux Setup
https://github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md
Connecting With Us
—————————————————
+ Hire Us For A Project: https://lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 https://twitter.com/TomLawrenceTech
+ Our Web Site https://www.lawrencesystems.com/
+ Our Forums https://forums.lawrencesystems.com/
+ Instagram https://www.instagram.com/lawrencesystems/
+ Facebook https://www.facebook.com/Lawrencesystems/
+ GitHub https://github.com/lawrencesystems/
+ Discord https://discord.gg/ZwTz3Mh
Lawrence Systems Shirts and Swag
—————————————————
►👕 https://lawrence.video/swag
AFFILIATES & REFERRAL LINKS
—————————————————
Amazon Affiliate Store
🛒 https://www.amazon.com/shop/lawrencesystemspcpickup
Ubiquiti Affiliate
🛒 https://store.ui.com/?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 https://www.lawrencesystems.com/partners-and-affiliates/
Gear we use on Kit
🛒 https://kit.co/lawrencesystems
Try ITProTV free of charge and get 30% off!
🛒 https://go.itpro.tv/lts
Use OfferCode LTSERVICES to get 10% off your order at
🛒 https://www.techsupplydirect.com?aff=2
Digital Ocean Offer Code
🛒 https://m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 https://hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 https://www.privateinternetaccess.com/pages/buy-vpn/LRNSYS
Patreon
💰 https://www.patreon.com/lawrencesystems
⏱️ Timestamps ⏱️
00:00 Headscale Tutorial
02:31 Headscale Documentation
03:01 Server Requirements
04:47 Customizing The Config File
07:30 headscale bash completion
08:13 Creating a Namespace
09:01 Creating keays
10:39 Allowing Routes
11:41 Node Web Registraion
13:16 Testing Connections
https://forums.lawrencesystems.com/t/setting-up-headscale-video-commands/14803
How to Setup The Tailscale VPN and Routing on pfsense
https://youtu.be/P-q-8R67OPY
Linode Offer https://www.linode.com/homelabshow
How Tailscale Makes Managing Wireguard Easy
https://youtu.be/bcRVkoeSN0E
Forum Post With Commands
https://forums.lawrencesystems.com/t/setting-up-headscale-video-commands/14803
Headscale GitHub
https://github.com/juanfont/headscale
Headscale Linux Setup
https://github.com/juanfont/headscale/blob/main/docs/running-headscale-linux.md
⏱ Timestamps ⏱
00:00 Headscale Tutorial
02:31 Headscale Documentation
03:01 Server Requirements
04:47 Customizing The Config File
07:30 headscale bash completion
08:13 Creating a Namespace
09:01 Creating keays
10:39 Allowing Routes
11:41 Node Web Registraion
13:16 Testing Connections
tbh, I don't understand how you have not yet lost your respect for Netgate/pfSense after the FreeBSD wg driver drama. Let's hope it's not due to finacial reason.
When the drama first broke out, I wasn't so mad when I found that Netgate hired a troubled programmer to write this driver for FreeBSD. I saw the buggy code, including the `printf`s, and hard-coded values that should never have been hard-coded unless you just want a MVP. At that time, I just blamed the troubled dev for being a lazy ass.
But when one of Netgate engineers (let's call him Mr.Nobody) published a blog post defending Netgate by referencing the company's (and to some extent, FreeBSD's) code review process, and mentioning that the reviewers already greenlighted the clearly subbpar code into the tree, I was hit with disgust.
I knew this from ArsTechnica article, and the disgust hit even harder when I saw the email thread between the ungrateful Mr.Nobody and our guy Jason Donenfeld. Jason was probably trying to help, and he did so by committing his own time and effort to unfuck Netgate code by reimplementing the driver because FreeBSD 13.0 release date was nearing.
After all this, I finally realized that pfSense is just actually the PHP web UI. There's nothing technically innovative or challenging about the product, and the devs usually just work on very high-level of the software (they hired someone else for the wg driver after all). I began to understand how such bugs would pass code review – it's because the reviewers aren't competent at the low-level. Donenfeld saw the code and knew it was wrong right away after all. (So do I, who couldn't tell those `hard-coded return true`s in functions are bab?)
The event also killed my respect for FreeBSD, for letting this code into tree without a proper review. FreeBSD is nowhere near the quality of OpenBSD. It's funny how FreeBSD devs and users frequently loudly talk about how "BSD" code in general is reviewed more thouroughly reviewed, more correct, and of higher quality versus GNU and Linux. Man, this driver code wouIdn't pass even my company's review process. I began to read more FreeBSD security problems and decisions, and yeah, no more respect for it. And the reason they think their code is better and has less bugs is because less people are using it, let alone the edge cases.
As a note that this is not some stupid attack:
I'm a Linux user since 2018. My first BSD install was FreeBSD 12.0 on a ThinkPad x230 when 12.0 released, and that made me admire pfSense. In 2020 I started using OpenBSD on my Vultr machines, and I fall in love instantly due to how everything is included in the base system without being bloated at all, how everything is straightforward, and problem-free. I have since used it for personal website and got an OpenBSD puffy tattoo on my shoulder. By 2020 my laptop/desktop/homeserver were all Arch Linux, because FreeBSD is not so practical on these platforms. Thanks god I didn't get FreeBSD tattoo.
Seeing the drama unfolded, I felt disillusioned. I began subscribing to your channel I think since 2019-20, and always thought highly of pfSense. I'm a dev and usually have to be the guy who setup devops, and I always watched your channel for all the good stuff you posted.
Thank you for commenting on my reddit post ❤ love your video
cant wait for it to solve the issue you mention at the start of the video
While it's always preferred to self-host these things, I feel it is too much trouble and not ready at this stage. I will keep an eye on its development. No iOS support is a deal breaker.
It has some bugs with the exit node function
Many thanks for this. Can you please share your config file? I followed all instructions but keep getting this error: "While parsing config: yaml: line 12: did not find expected key"
I'm sorry, because I'm a Chinese, so my English is not very good, this sentence is translated by translation software, please forgive me if there are grammatical errors,
Please ask, how does headscale set the Exit Node, I want to use the network node traffic at home outside.
The android client is ready now 🙂
Acceptable alternative to Tailscale’s own management control plane but who would want to add an extra tool to manage unless the organisation has plenty of money to hire an employee and pay 💰
I like the concept behind headscale. The fact that it runs wireguard really ruffles my jimmies. The only issue is that it is not scalable yet. Excited to see headscale mature. I've been running zerotier for a while and wish they would add wireguard support.
Great tutotial. Could you please make a video on Magic DNS. Thanks
Can Headscale support routing for Subnets on a Tailscale Client Node? For instance if I have LXD or Docker Containers on a Tailscale Client Node they will be on their own 10.x.x.x networks.
If there are multiple of these Client Nodes (possible different clouds or Data Centers) that 10.x.x.x Containers on one Node talk Layer 2 to Containers on a different Node?
headscale_1 | 2022-07-30T16:10:45Z FTL go/src/headscale/cmd/headscale/cli/server.go:21 > Error initializing error="failed to read or create private key: failed to save private key to disk: open : no such file or directory
Does it really need to be a static ip? It seems like it's accessed via hostname, which can be kept updated.
I set this up last night and struggled a lot but once I did it works so well. Not yet figured out how to add my own DERP servers but I will keep trying it out. It is impressive how well the LetsEncrypt certificates work out of the box without any tinkering.
Please also do for zero-ui zerotier
First
Would like to see you review the head scale ui that's under development
We just got to now wait for ios and android apps to app their support for custom servers. I hear it's in the works.
Let's go!