Oh boy. Tough question. I'm afraid I won't be able to answer :) Headscale is a fantastic project. However it requires you to expose your self hosted control server to the Internet, so you either need a static public IP and preferably a domain name, etc. or you need to expose it via Cloudflare tunnel (so you still need a domain name). Moreover Headscale does not have a GUI (none of the ones I've tried work reliably), so you have to add your clients from CLI. So all the beauty of Tailscale (adding clients in just few clicks) is yet not there. ZeroTier has a GUI, does support Layer2 bridging as well as it has builtin support for Mikrotik routers but unfortunately it's not based on WireGuard. It all depends on the use case. If you just want to connect from a laptop to your home lab and you have a public IP or if you want to do site to site connection (having at least 1 public IP) then plain wireguard would be my choice (especially as Mikrotik, Unifi, etc. have built-in support for WireGuard). If however you need a dynamic mesh VPN and you don't want to self host it then I would look at Tailscale or ZeroTier. Both great options. If you need a mesh VPN and you want to self host it then ZeroTier is easier to setup. Headscale - fantastic project but requires more steps to set it up (and does not have a GUI). Not sure if my reply is any help. I'll definitely make a video on headscale (maybe we'll integrate it with Google or Azure for authentication and see how it behaves).
Hi, great video very helpful but I have a question which you don't mention in the video, the ip route add command does not persist after reboot, what would be a solution for this? thanks
Thanks! Glad you liked it! To your question - it all depends on the kind of tool/service you use to manage your network configuration. If you are using: - Netplan - you just add below section to your /etc/netplan/.yml configuration file routes: - to: 10.1.0.0/24 via: 192.168.1.1 And then execute "netplan try" - "ifupdown" - you just add below to your /etc/network/interfaces up ip route add 10.1.0.0/24 via 192.168.1.1 systemctl restart networking - "Network Manager" nmcli connection show nmcli connection modify eth0 +ipv4.routes "10.1.0.0/24 192.168.1.1" nmcli connection down eth0 nmcli connection up eth0 - "SystemD-NetworkD" add below to your conf file /etc/systemd/network/eth0.network [Route] Destination=10.1.00.0/24 Gateway=192.168.1.1 systemctl restart systemd-networkd This if from the top of my head so it might not work right away :) Maybe I'll create a video comparing various networking configuration tools for Linux. Would that help?
Do you think that it works for connect GCP and AWS, like a "tunel"? I want to connect ArgoCD that is in a cluster in a AWS environment to a GCP cluster
I obtained reachability but for some reason I cannot reach web addresses within the other network. For example, accessing the remote router interface via 192.168.1.1 simply gets no response, even though I can ping such address. Any suggestions?
Hi, Are you saying that you can ping between two nodes on the private networks but if you try establishing tcp connection on port 80/443 etc. you get a timeout?
@@LinuxCloudHacks My setup is basically a mac accessing the remote local network. I can ping addresses in such network, and they do go through the right tun interface. However, yes I get a timeout when accessing (for example) the router interface. How can I check what route my pings are going through from my Mac?
@@dariofacchini851 Just do "route get 8.8.8.8" if you want to check how you go to 8.8.8.8 etc. It will show you the gateway and the interface. BTW 1. Do you have reachability over those 100.x.x.x.x IPs? 2. On the remote network router you did "tailscale up --advertise-routes= --snat-subnet-routes=false --accept-routes" ? And then you accepted the routes in tailscale console? 3. Is the remote router a default gateway for nodes in the private network? If not then you need to set snat-subnet-routes to true. 4. Do you have any firewall setup on the remote router? (Maybe it's blocking traffic) 5. What does traceroute tells you?
Wow, amazing presentation of your videos, I've subscribed.
Welcome aboard! Thanks!
THANK YOU SO MUCH FOR THIS!!! What an amazing tutorial man!
Glad it helped! Stay tuned for more tech tutorials!
Hello.. great turotial again. What do you think is a better way ? Headscale or zerotier ?
Oh boy. Tough question. I'm afraid I won't be able to answer :) Headscale is a fantastic project. However it requires you to expose your self hosted control server to the Internet, so you either need a static public IP and preferably a domain name, etc. or you need to expose it via Cloudflare tunnel (so you still need a domain name). Moreover Headscale does not have a GUI (none of the ones I've tried work reliably), so you have to add your clients from CLI. So all the beauty of Tailscale (adding clients in just few clicks) is yet not there.
ZeroTier has a GUI, does support Layer2 bridging as well as it has builtin support for Mikrotik routers but unfortunately it's not based on WireGuard.
It all depends on the use case. If you just want to connect from a laptop to your home lab and you have a public IP or if you want to do site to site connection (having at least 1 public IP) then plain wireguard would be my choice (especially as Mikrotik, Unifi, etc. have built-in support for WireGuard). If however you need a dynamic mesh VPN and you don't want to self host it then I would look at Tailscale or ZeroTier. Both great options. If you need a mesh VPN and you want to self host it then ZeroTier is easier to setup. Headscale - fantastic project but requires more steps to set it up (and does not have a GUI).
Not sure if my reply is any help. I'll definitely make a video on headscale (maybe we'll integrate it with Google or Azure for authentication and see how it behaves).
@@LinuxCloudHacks so great answer. Thank you so much.
Hi, great video very helpful but I have a question which you don't mention in the video, the ip route add command does not persist after reboot, what would be a solution for this? thanks
Thanks! Glad you liked it!
To your question - it all depends on the kind of tool/service you use to manage your network configuration. If you are using:
- Netplan - you just add below section to your /etc/netplan/.yml configuration file
routes:
- to: 10.1.0.0/24
via: 192.168.1.1
And then execute "netplan try"
- "ifupdown" - you just add below to your /etc/network/interfaces
up ip route add 10.1.0.0/24 via 192.168.1.1
systemctl restart networking
- "Network Manager"
nmcli connection show
nmcli connection modify eth0 +ipv4.routes "10.1.0.0/24 192.168.1.1"
nmcli connection down eth0
nmcli connection up eth0
- "SystemD-NetworkD" add below to your conf file /etc/systemd/network/eth0.network
[Route]
Destination=10.1.00.0/24
Gateway=192.168.1.1
systemctl restart systemd-networkd
This if from the top of my head so it might not work right away :)
Maybe I'll create a video comparing various networking configuration tools for Linux. Would that help?
Do you think that it works for connect GCP and AWS, like a "tunel"? I want to connect ArgoCD that is in a cluster in a AWS environment to a GCP cluster
Hi! Can you elaborate more on what would you like to achieve? You want to have reachability between two k8s clusters via tunnel?
I obtained reachability but for some reason I cannot reach web addresses within the other network.
For example, accessing the remote router interface via 192.168.1.1 simply gets no response, even though I can ping such address. Any suggestions?
Hi,
Are you saying that you can ping between two nodes on the private networks but if you try establishing tcp connection on port 80/443 etc. you get a timeout?
@@LinuxCloudHacks My setup is basically a mac accessing the remote local network. I can ping addresses in such network, and they do go through the right tun interface. However, yes I get a timeout when accessing (for example) the router interface. How can I check what route my pings are going through from my Mac?
@@dariofacchini851 Just do "route get 8.8.8.8" if you want to check how you go to 8.8.8.8 etc. It will show you the gateway and the interface.
BTW
1. Do you have reachability over those 100.x.x.x.x IPs?
2. On the remote network router you did "tailscale up --advertise-routes= --snat-subnet-routes=false --accept-routes" ? And then you accepted the routes in tailscale console?
3. Is the remote router a default gateway for nodes in the private network? If not then you need to set snat-subnet-routes to true.
4. Do you have any firewall setup on the remote router? (Maybe it's blocking traffic)
5. What does traceroute tells you?
headscale please video
Hi! It's on my todo list! Cheers.
+
Thanks!