Tailscale setup
Why use tailscale
I was recently given an iPad Air 13-inch M2 by the research institute. As I didn’t have a laptop at the time (my MacBook Pro had retired from working around four years ago D:), I decided to use this iPad as my main laptop for everyday tasks, including coding, writing reports and hacking. However, VScode doesn’t have an iOS version, although I’m familiar with vim/vi for coding (I learned from tough system programming courses). But who doesn’t love to code in a convenient IDE? Besides, I also need a virtual machine running in Windows OS for playing reverse engineering in CTF. So, I decided to set up Homelab VPN with Tailscale, so I can use my home PC resources everywhere!
Homelab configuration
Here’s my rough sketch of the home lab network I put together using Tailscale VPN.
Tailscale setup
First, register an account at https://tailscale.com and download/install the app to get started. Once you’ve installed it successfully, you’ll see the prompt you need to log in to the same account and install Tailscale on a second device. Once you’ve set it up completely on the second device, you should be able to see that two devices are registered to your VPN network with an activated status. You can try pinging the IP shown on the Tailscale interfaces to verify that everything’s working as it should.
1
$ ping <ip_of_second_devices> -t 10
Code Server setup
First, install code-server via brew
1
$ brew install code-server
Then, run the code-server (in my case, i would like to register it as a service to auto start, it is optional)
1
$ brew services start code-server -v
After that, you can access code-server services via http://localhost:8080. It should look like the following:
According to the prompt, we can get or even reset the password in the corresponding config file.
Finally, we can try combine it with tailscale vpn. Use the second device to access code-server services via http://<ip_of_main_devices>:8080 and login with the corresponding password.
Certificate setup
Actually, we can end in the previous section and use code-server services normally. However, http is too dangerous XD, so I decided to setup SSL in order to using https to reach the services.
First, we open the DNS page of the admin console in tailscale. Then, we Enable HTTPS under the section of HTTPS Certificates. After that, use the following command to generate our certificate.
1
$ /Applications/Tailscale.app/Contents/MacOS/Tailscale cert <device-name>.<tailnetname>
where device-name and tailnetname can be found at DNS page of the admin console in tailscale.
Caddy Proxy setup
Now, we install caddy (or any web server like nginx, apache).
1
$ brew install caddy
and start caddy as a service
1
$ brew services start caddy -v
Then it will display the settings file for the service. Locate the Caddyfile file path under the ProgramArguments entry. For example, the file path is located at /usr/local/etc/Caddyfile. Then we create a new Caddyfile at the path
1
2
3
4
5
$ sudo vim /usr/local/etc/Caddyfile
# setup reverse proxy on this file
<device-name>.<tailnetname>
reverse_proxy <tailnet_device_ip>:8080
Finally, we restart code-server and caddy. Now, using the second device and visit https://<device-name>.<tailnetname> to access code-server services!
Access VM
I’m using VMWare Fusion Pro to set up my virtual machines, and VMWare also lets you set up VNC services. So, we just need to download/install a VNC client app like RealVNC or TigerVNC to connect to the virtual machine.
