Tail Scale VPN

[Dorsey Pender]

Tailscale and Blue Iris | Trio Web Solutions

Setting up a VPN used to be difficult, but today you're only a few clicks away from having secure access to your Blue Iris instance(s).

www.triowebsolutions.com

Has anyone implemented Tail Scale VPN? Ken recommends. I am getting scanned a lot on the port I use for the web server.

 

[wittaj]

Many here do. A search of Tailscale pulls up dozens of posts about it.

 

[elvisimprsntr]

Self hosting a VPN on your LAN is the only way to go.

Tailscale makes it easy.

• Only need to run a single instance on or behind your firewall with advertise routes enabled to access any device or service using its static LAN IP.
• Free tier up to 3 users and 100 devices.
• Runs on almost any platform. (Windows macOS, *nix, AppleTV, NAS, docker container, etc.)
• Requires no open ports and will traverse any level of NAT, including CGNAT.
• Uses any number of existing identity providers for authentication when adding devices.
• You can use an exit node for full tunnel when connected to untrusted networks, which will send all traffic through your home ISP.

Personally, I run Tailscale on my open source enterprise class pfSense firewall, but I do have it installed on TrueNAS, AppleTV, Mac, iPhone/iPad)

 

[Coldair]

Self hosing a VPN on your LAN is the only way to go.

Tailscale makes it easy.

• Only need to run a single instance on or behind your firewall with advertise routes enabled to access any device or service using its static LAN IP.
• Free tier up to 3 users and 100 devices.
• Runs on almost any platform. (Windows macOS, *nix, AppleTV, NAS, docker container, etc.)
• Requires no open ports and will traverse any level of NAT, including CGNAT.
• Uses any number of existing identity providers for authentication when adding devices.
• You can use an exit node for full tunnel when connected to untrusted networks, which will send all traffic through your home ISP.

Personally, I run Tailscale on my open source enterprise class pfSense firewall, but I do have it installed on TrueNAS, AppleTV, Mac, iPhone/iPad)

any reason for me to keep my comcast dedicated ip at 36 bucks per month?

 

[elvisimprsntr]

any reason for me to keep my comcast dedicated ip at 36 bucks per month?

Not at that price. TS works without a static WAN IP.

You can always use any number of free DyDNS to tie your WAN IP address to a hostname. No-IP.com has a free tier.

 

[TonyR]

any reason for me to keep my comcast dedicated ip at 36 bucks per month?

What do you mean by a "dedicated ip" ? Assuming it's the WAN IP you're referring to is it :

• Static?
• Public?
• Both?

 

[Broachoski]

any reason for me to keep my comcast dedicated ip at 36 bucks per month?

NO! Tailscale is easy and works very well but while on the subject, another free service is Zerotier which some folks prefer. I have both installed on all PC's and phones. Tailscale has never given me any problem.
My ISP's are ATT and TMobile cellular services and do not provide a dedicated IP

 

[Flintstone61]

Tailscale and Blue Iris | Trio Web Solutions

Setting up a VPN used to be difficult, but today you're only a few clicks away from having secure access to your Blue Iris instance(s).

www.triowebsolutions.com

Has anyone implemented Tail Scale VPN? Ken recommends. I am getting scanned a lot on the port I use for the web server.

Works good for me. I have in my iPhone and my Dell PC.

 

[prsmith777]

Running Tailscale on my Unraid server with advertised routes. Works flawlessly.

 

[ethaniel]

I used Zerotier. It turned to garbage. Tailscale has much more features. You install a simple client on your phone and it allows you to access your devices remotely without worrying about public IPs or NAT.
It tried to establish a direct link between you and your devices if it can (let's say you have a upnp and a public IP on your router), otherwise it just routes everything through it's own gateway servers which you don't even have to think about.

 

[Flintstone61]

I used Zerotier. It turned to garbage. Tailscale has much more features. You install a simple client on your phone and it allows you to access your devices remotely without worrying about public IPs or NAT.
It tried to establish a direct link between you and your devices if it can (let's say you have a upnp and a public IP on your router), otherwise it just routes everything through it's own gateway servers which you don't even have to think about.

my experience as well on Zerotier after it acted stoopid i dumped it and tried Tailscale.

 

[bp2008]

I still install Zerotier and Tailscale both on new remote machines just for redundancy, but yeah Tailscale seems to be better at NAT traversal (establishing direct tunnels through NAT). Both can be problematic depending on your router though. pfsense in particular is known to have a "hard NAT" by default that makes it difficult/slow for Tailscale to establish direct tunnels. It can be worked around but you have to know to do it (Tailscale has a support document about pfsense setup) and it can be tricky to get it right. The good news is you can install Tailscale directly on a pfsense/opnsense router instead of on the machines behind the router, and I think that may avoid some of the issues.

If you are like me and you hate having to connect a VPN client to access Blue Iris, then Cloudflare DNS is also a great option because it is cheap, around $10 a year, and you can use free Cloudflare Tunnels to host your Blue Iris servers on a public domain whether you have your own public IP address or not.

 

[elvisimprsntr]

I still install Zerotier and Tailscale both on new remote machines just for redundancy,

I do something similar.

I have IPSec set up on my pfSense firewall, JIC I need to remotely update the Tailscale client on my firewall. The nice thing is iOS supports IPSec natively without a separate VPN client installed.

 

[BORIStheBLADE]

Yes it was pretty easy to set up. Only had a couple hiccups when setting up the BI mobile app to work with it.

 

[samplenhold]

I have both installed on my laptop, my BI PC, my iPhone, and on my NAS.

When I a away from home, my QNAP NAS usually will sync files between my laptop and NAS using Qsync. But sometimes it will not connect. Never could figure it out.

I use UI3 via TS and ZT for checking on my cams in BI on my laptop. I use ZT for the iPhone.

One thing that I don't understand is how to get RDP to always work. For the last several trips I have not been able to RDP into my BI server from my laptop. I set it up so long ago, I do not remember how I did it.

 

[IAmATeaf]

I have both installed on my laptop, my BI PC, my iPhone, and on my NAS.

When I a away from home, my QNAP NAS usually will sync files between my laptop and NAS using Qsync. But sometimes it will not connect. Never could figure it out.

I use UI3 via TS and ZT for checking on my cams in BI on my laptop. I use ZT for the iPhone.

One thing that I don't understand is how to get RDP to always work. For the last several trips I have not been able to RDP into my BI server from my laptop. I set it up so long ago, I do not remember how I did it.

This should be easy to do.

I run tailscale on my BI PC, so simply get the tailscale DNS name for you Blueiris PC, make sure you’ve established a TS VPN on the device from where you are trying to access and then simply RDP to the BI TS DNS address. I out of habit then to add :3389 as that is the default port for RDP or if you have reconfigured RDP to use a specific port then ortnumber