Tailscale ate my network (and I love it)

No matter where you go, there you are

If you're like me, you travel occasionally. Access to your office from home, or from an airport lounge, or from a hotel room is paramount to being productive for most of us now. While I had a fairly simple Tailscale setup that got me into my test machines in the office, what I really wanted was to integrate my AWS production VPC into that system. It's surprisingly simple.

Tailscale AWS instructions

What do you want to do that for?

In the "before tailscale" times, if I needed to test against the production AWS resources or connect dBeaver for database maintenance, I would edit the security group to add my IP address, do my testing, edit the security group to remove myself. This is as error prone as it sounds. I quite often forgot to remove my IP address from the allowed addresses, a major potential security risk when you are travelling.

Tailscale has an extremely nifty way to get around it: if you run up a small ec2 instance, you can use it as a "subnet router", meaning that when you are connected to Tailscale, you are also able to access AWS resources from inside the VPC.

Not only that, you can add your default VPC DNS server to the list of name servers in Tailscale. By telling the tailscale network that you want name resolution for "amazonaws.com" to resolve through the DNS inside your VPC, when connected to Tailscale, using the external resource name automatically resolves to the internal VPC address.

So what

So, I didn't have to change a single configuration anywhere for (say) a local Docker container that used to access the AuroraDB over the public internet, because now it uses the private Tailscale network while still using the external addresses. It's fantastic, much more secure, and I don't have to fiddle with security groups whenever I am debugging something. On linux machines, make sure you run tailscale with the "--accept-routes" option as it doesn't do that by default.

Tailscale is now my entire network

It didn't happen overnight, but it did happen. I have no open ports on my office router (other than http), the security groups on AWS are now much more restricted and all of the important DNS happens via Tailscale, I install the client by default on everything now without giving it a second thought. I don't think I really "got it" at first, thinking Tailscale was simply a zero-conf VPN. Really it's something much bigger and more comprehensive than that: It's a security solution that encompasses everything from remote work to cloud access.

Popular posts from this blog

That magical word: Workstation

Image
Or how I came to own a HP 8760w 17" laptop I am reading a lot of retro-computing articles lately, I grew up in the 8 bit era and I have strong nostalgia for it. It does help to be realistic though, for all the love that things like the Amiga get, they were a dead end in terms of computing. What really ate the world was the boring old IBM-PC: flickery, interlaced multi-sync monitors, beige boxes and productivity software. There was another, relatively brief path the industry could have gone down though. The Workstation was king In retrospect, it might be a bit tough to put a circle around what constituted a workstation . Is a PERQ a workstation? Probably. Xerox Alto and Star? Definitely. Symbolics Lisp machines? Not sure. Probably? The real success stories came out of Apollo , Sun, HP,IBM,NeXT,DEC and Silicon Graphics. For a time it was a hot market, especially in what was known then as technical computing: research, manufacturing, CAD, graphics, simulations. If
Read more

Time machine: Solaris 2.6 on QEMU

Image
You can never go home A big chunk of my professional career in the 1990s was spent with a Sparcstation on my desk. Before that the 68000 Sun2 and Sun3 floated past my sticky fingers but the Sparc machines quickly superseded those. I don't remember too much about which ones: pretty sure there was at least one IPX, one Sparcstation 5, a Sparcstation 10 and then the last one was most likely an Ultra 1 or maybe even an Ultra 5. It was a long time ago. Every now and again I think about how productive those machines were and do a little Ebay digging on how much one would be worth to have around. Except I don't have the room for more machines and the idea of trying to revive 25 year old hardware from that era is well beyond my electronic capabilities. Never fear, QEMU is here. Following these excellent instructions from Adafruit , you too can install Solaris 2.6 and have your very own emulated machine. Note that there is one instruction in there I am not sure you need. A
Read more