Tailscale inside LXC | Secure remote access to your server | Proxmox Home Server | Home Lab

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone and thank you very much for watching this is me Mr P and this is the number of episodes in a proximals Home Server Series in this episode I will show you how we can create lxc container running tail skill service and what settings you need to apply to make the tail skill function as a subnet Advertiser and the exit note so let's start creating the lxc container first obviously I can start with my Ubuntu template that I created in a previous episode but in this this video I will go straight from scratch from zero plating a fresh new container if you already have a container set up you can use the timestamps inside the description to jump to the next part in this video so I'm going to create a new lxc container 101 ID number is fine for this the host name will be tail scale Dash YT like that I will put I will leave tick next to a privileged container you can run tail scale inside the privileged container I for this video I will show you on previous container because employees content is a bit more secure is you will need to do a couple of more extra steps to make that function but then privilege container works fine for this setup next I'm going to put the password something easier that I will remember to enter in and this everything in this tab is done under template I will select Ubuntu template I will use 22.04 and the discs I will leave default 8 gigabytes tailscale will not use that space at all it's probably even four gigabytes will be fine but eight I'll just leave by default One Core CPU is fine for this setup as the same as the memory 512 Giga 35 and 12 megabytes is plenty of obvious to function under networks I will change right now to DHCP but once we have Alexa container running I will go back here and change to slightly because I don't want this to change in the future so I'm just going to leave the HTTP at this moment just to get IP address assigned and then I will lock that IP address using the static function and the DNS I will leave everything by default which I blank and under confirm we have a quick check if everything is fine I'll put the tick next to start after created and press finish and right now proxmox is creating LX container for us creation is done it was quite quick so I'm just going to select the 101 ID number and wait for this container to start container started and inside container console I can see a login screen so now I'm just going to put root as a default username to log in and then password is the password I said I picked up during the lxc container setup setup process first thing I want to do straight away is amend the file which is SSH config to do that I need to type Nano space slash Etc SSH sshd underscore config and if I scroll down until I find the line which will say permit root login prohibit password I'm just going to delete prohibit Dash password and put yes at the end Ctrl o to save enter to right and Ctrl X to close and next thing I'm just going to put AP I AP space a just to get the P address of this container in my case it's going to be 187 so I'm going to go into the networks double click on a virtual Nick change that from the DHCP into Stadium just already focus on AP address I got was 187 so under Network double click and enter the AP address that I got assigned 187 24 then I copy that and the next line I will delete and leave one at the end your iPad is obviously going to be different depending on what kind of router you have a system set up but you need to put these credentials these two Fields have a the properly correct information for this to work so I'm going to click ok and Alexa container already takes this settings and applies straight away where in the virtual machines you need to restart virtual machine so did I now right now I want to double check if my setup is working just by pinging for example cloudify I can see that I get the Ping successful that means my static API has been accepted is working next thing I already know the AP address of this virtual machine so I'm just going to open Terminal and I'm going to assist stage into that virtual machine from the terminal 187 accept the fingerprint and I put the password I created so first thing as soon as I logged in and I'm ready to set up the tail scale I want to update and upgrade the system so I'm just going to type after update double Ampersand apt upgrade Dash y press enter and I'll wait for lxc container to get updated and upgraded so update and upgrade is finished I'm just going to press Ctrl L to clear this screen and now let's go back in the browser and I'll click on this tab that I already opened just before recording this video so this is the page where I can pick the script or the one line command to install tailscale I'm just gonna press this icon to get the script copied or you can double click and select all of it and press copy I can see that this requires curl to function so back inside the terminal I'm gonna put apt install curl Dash white Auto accept installation so curls gets installed and now I can right click and paste the script and press enter to initiate and right now table skill will go and get installed automatically once installation is finished it will ask us to run a command to activate the day scale we will not do that because we need to set up a couple of extra things because the container we're using isn't privileged as you can see at the bottom it says installation complete you need to run this command tell scale up to start this working we will not do that we need to do a couple of more things before running the tail scale up command first thing I know I want to run the stale skill with a subnet advertising function on for that to work I need to allow ipv4 forwarding to do that if I clear the screen you need to type Nano space slash Etc sysctl.com press enter and scroll down until you find the line which it says net dot ipv4 IP forwarding I will uncomment that line if I'll scroll down a bit there is IPv6 I don't use IP or IP version IPv6 but I just gonna uncomment that as well because still scale will moan that this is not and this is still commented so one both are to turn into white color I removed the hashtag in front this means they're going to function right now they're active I'm going to press Ctrl o to save enter to right and Ctrl X to close and now next thing what I'm going to do is I will shut down this LLC container so shut down space now Galaxy container is getting shut down so we can double check if we're back inside the proximox web GUI I can see the connection lost and the container icon change to gray icon it means container is off next thing what we need to do is apply two lines these two lines inside the container setup container configuration so I'm just going to copy both of these lines right click and choose copy and now we'll select my proxbox main main proxbox which is this pedex PBE click on a shell and in here I need to type Nano space slash Etc PVE slash lxc slash an ID number of the container I want to edit and if I press tab it's going to auto complete press enter and if I scroll down below the unprivileged I will right click and choose play paste as plain text what this will do it will allow the unprivileged container to access this directory inside the host without doing that the telescope will not function because it will not have access to your local network once that is done Ctrl o to save enter to right Ctrl X to close and I can start a container right click on the container and choose start contain a starter so I can go back inside my terminal and I can SSH back into this Alexi container and now I am ready to initiate the tail scale to do that I need to type tail scale space up and this will start tail skill straight away but I want to enable subnet advertising and the exit node function as well to do that after the app you leave a space then Double Dash advertise Dash routes equals and your local apis which in my case is 192.68178.0 you need to put 0 at the end slash 24. this this flag this function will turn the subnet advertising on for this tail scale instant and then space dash dash advertise Dash exit Dash node and this will advertise this telescale instead of the exit node the subnet advertising is will make it will allow you to connect to your home devices from a telescale network and those devices can there is no way to install table scale like say for example you have a smart washing machine that will that gets IP assigned by your home network you can't install tail scale on the smart washing machine but you want to know if it's active this is connected to uh to your home network you can go or let's say for example I am on my phone with the tail scale active I can use my phone via telescope a network being that washing machine and I can be anywhere in the world as long as my phone and this still skill instant are both connected by a tail scale I will be able to Ping any my home network device even if they don't have or they do have tails to install and advertise Etc node is basically you can to reach this on to Route every single device into your type skill Network all the devices can route the in and out data via this external so it turns like in your private home VPN you can be somewhere in a public place and you connect to a public Wi-Fi you can turn like say on my phone or turn the exit now use exit node in my case it's going to be tailscale Dash YT then this telescope becomes my exit node and my phone Choice my phone traffic my data everything goes via this node so all the websites that will open they will think that I'm actually accessing this websites from my house so I'm ready to run this command press enter and it will give me a URL that I need to copy copy this link go inside the browser open a new tab and paste that link and press enter it's going to ask me do I want to log in I'm going to say yeah I want to log in by Google and I want to use this Google account once everything is connected it gives me a brief information about the device that is right now trying to be be added to my telescope Network I get the public key hostname operating system a telescope version I can check out everything is fine I'm going to click connect now and now I'm connected so I can close that if I open the terminal again it says success and I can double check if this device is definitely connected to a tail scale by running tail skill space status it will give me all the devices that are currently connected in the simultaneous skill Network for this is quite lucky to get this kind of easy to remember telescope address 100 111 114 111 on my main telescale network uh all the AP addresses are all over the place so this is I take this as a let's say a lottery winning ticket to get this kind of ease AP address anyway if I go back inside the browser I can log into a telescope.com using the same account that I use to activate this tail skill and if I click on admin console I get this device showing up here in the list at the moment is only one device here as I haven't connected anything to this system yet so let's say this is showing us a subnet I can actually increase this font a bit so showing me that the subnet and the exit node has exclamation marks next to it that means that this a tail skill device that device is running inside tailscale network has potential subnet advertising function installed and exit node function installed but they're both not yet been approved by admin which in my case is going to be me so I'm going to right click on a free Dots here at the end and choose the edit route settings click on that and it says connect machines you can't install tail scale on I'm gonna see here so this is where I explained to you about the smart washing machine right now I can ping any local IP address using this telescope because this telescope right now automatically went from my home network and I went and scanned all the devices that are currently connected to my home network I can ping okay I can ping them I can SSH to them rdb to them with no problems at all and exit note allow your network to Route traffic through this machine this is why I explained this becomes like your like your VPN I'm going to say yeah I'm allowed that as well it gives me a top warning message about key expiry we can sort that now if I click on the three dots I'm going to say disable key expiry if I will leave key expiry on this device if it turns on if it's going to be off I think 30 days or so it will use the access to this telescale network to my telescope Network and we have two automatically reassigned on so I would have to manually reassign it back to my telescope Network and that's it we have material skill running inside the proximos home server using one of the lxc containers an upcoming videos will show you how you can install remote remote system inside the Lexi container like for example remina or guacamole and you can use those to control any device inside your house from anywhere in the world as long as your source which in my case for example is going to be my phone and destination which this is going to be this telescope container are both connected to the same telescope Network thank you guys for watching and I'll see you in the next one goodbye

Info

Channel: MRP

Views: 20,831

Rating: undefined out of 5

Keywords: proxmox, proxmox home server, home lab, home server, self hosted, tailscale, tailscale lxc setup, setting up tailscale inside lxc container, tailscale subner-route, tailscale exit-node, access home server from anywhere in the world, secure server access

Id: QJzjJozAYJo

Channel Id: undefined

Length: 13min 46sec (826 seconds)

Published: Mon Feb 27 2023