this post was submitted on 17 Mar 2024
3 points (100.0% liked)

Tailscale

94 readers
1 users here now

A community for the Tailscale WireGuard-based VPN. https://tailscale.com/

founded 9 months ago
MODERATORS
 

I'm looking into ways to access my home network which is behind a CGNAT. Tailscale looks like the best solution so far. I would like to clarify a doubt on Tailscale

I have a domain name registered with one of the popular services out there. I saw that Tailscale uses MagicDNS. But I wanted to use my personal domain. My doubt is if I want to use my custom domain with Tailscale, the following will be the procedure,

  1. Setup Tailscale account and add machines.
  2. My device inside the home network will get a Tailscale IP assigned. From 100.xx.xx.xx pool
  3. Use this IP to configure an A record in my Domain registrar.

Now when I try to access this domain what will happen is,

  1. DNS server will resolve the Tailscale IP.
  2. The outside client will try to connect to my machine in the home network.
  3. Tailscale takes care of the CGNAT part and helps to establish a direct connection.
  4. Clients will use the public keys to establish trust and will communicate with each other.

If there is anything wrong in my understanding please correct me. I could not get a clear cut answer on this through searching.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 8 months ago (1 children)

Never used tailscale, but a quick peek at the docs suggest MagicDNS is DNS resolution between devices in your tailscale network. You can use something like a CNAME record with your personal DNS to forward to the MagicDNS.

If you are trying to expose a service to clients not on your Tailscale network, it looks like something like https://tailscale.com/kb/1223/funnel or https://tailscale.com/kb/1242/tailscale-serve might be what you want? Again, could use a CNAME record if they give you a DNS entry.

[โ€“] [email protected] 2 points 8 months ago

I considered CNAME, but that is like multiple lookups for loading a single connection. I think this should be the option if it won't resolve directly.

I need to look into the funnel and serve. Serve looks more close to what I'm trying to achieve. Thanks for the help.