What's new

TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I’m hoping to set and forget the vpn on for example iOS devices for convenience.

Given iOS only allows one active vpn connection at any time hence I’ll have to enable tailscale if looking to access devices on the mesh and disable it + enable NordVPN to remain anonymous on the internet - will be super if there is a way to achieve both at the same time.
You can add a Raspberrypi or any other device to vpn director and then run Tailscale on It then add It to Tailnet then finally set it as an exit node.

You would then have access to a vpn from any device by just simply using Tailscale.
 
You can add a Raspberrypi or any other device to vpn director and then run Tailscale on It then add It to Tailnet then finally set it as an exit node.

You would then have access to a vpn from any device by just simply using Tailscale.
Yep but I’m thinking if using the router is the most efficient way in this case given it’s on 24/7 and already has access to both VPNs.
 
Thanks for this, Viktor, great stuff as always.

Just wondering if it’s possible (and if it makes sense) to setup the router as an exit node and have traffic hitting NordVPN before reaching the internet in this case for anonymity?

e.g. Device (on tailnet)->Router (acting as tailnet exit node)->NordVPN->Internet
If you're asking whether it's technically possible, then yes it is. If your router is already sending all traffic out though NordVPN then tailscale traffic will be no different. Whether it makes sense to do so probably depends on each specific use case.
 
I’m hoping to set and forget the vpn on for example iOS devices for convenience.

Given iOS only allows one active vpn connection at any time hence I’ll have to enable tailscale if looking to access devices on the mesh and disable it + enable NordVPN to remain anonymous on the internet - will be super if there is a way to achieve both at the same time.
I've been trying to figure out a workaround on this... I see your point. Reading up here could make for a simple solution:
The idea here would just to make an internal client (workstation/server/laptop) on your end that is already participating on your local network where the NordVPN tunnel is being used for all outbound traffic, and designate it as a Tailscale exit node.

Totally theoretical, but sounds logical.
 
Yep adding interface support is a much simpler and cleaner solution.
And I'm not seeing where it's added yet... sounds like it's only been requested thusfar.
 
Great that it worked out for you.

At the risk of veering slightly OT into Tailscale settings (and there are many) rather than Tailmon usage, would you be able to elaborate on your use-case and the actual custom commands you amended or added; could be useful for others here.

Or was it literally just defining your own server(s), typing a comma-delimited IP list?

Thanks.
did --accept-routes and game over :D
 
Just another shoutout to @Viktor Jaep and everyone else on how great this is.

I took the plunge and did a factory reset and built everything from the ground up. This script made installation of Tailscale almost seamless in comparison to the manual method!
Glad everything's working out good for you, @RandomUser777! ;)
 
@Viktor Jaep - one suggestion. I believe a site-2-site option would be useful. I think all you would need to do is append “—accept-routes” after the “—advertise-routes” on the command lines.
 
@Viktor Jaep - one suggestion. I believe a site-2-site option would be useful. I think all you would need to do is append “—accept-routes” after the “—advertise-routes” on the command lines.
While I would normally agree with you on this one, @JGrana ... as a group when testing this, it was decided to leave this setting off as it's off by default. The only downside I've seen so far is that it produces a "health warning" stating that "some peers are advertising routes but accept-routes is false". According to the docs:

--accept-routes Accept subnet routes that other nodes advertise. Linux devices default to not accepting routes.

You can use "Custom" operating mode, and add that switch in if you want to run it... as a workaround. ;)
 
I have switched from Custom to Kernel and removed the custom flag `--accept-dns=false`. I briefly see this error:

Code:
Error: changing settings via 'tailscale up' requires mentioning all
non-default flags. To proceed, either re-run your command with --reset or
use the command below to explicitly mention the current value of
all non-default settings:

    tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-dns=false

I can fix this using `tailscale up --reset` on the command line, but how does TAILMON handle this?
you have to mention all previous flags when making a change. If you try to change or add just one you will get this message
 
Hi,

Long time Entware user, but rather new to Tailscale and have been reading up on Tailmon (great work!).
I was reading on some other threads that Tailscale on Asuswrt-merlin cant work with hardware acceleration, so it needs to be disabled, which would limit throughput to 350Mbps (or something long these lines).

Can someone share if this is true with Tailmon? How does Tailmon impact performance on the router...are there tradeoffs?
I'm trying to set this up so that streaming can all be router though my home router. Can the router handle multiple connections e.g. of Netflix streaming?

Thanks for any info.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top