Written by Jimmy
on 

Ditching Jumpboxes for Tailscale

Having a homelab can be valuable for continuous learning and somewhat accessible for most people given the cost of computing power. I like to have some isolation between my homelab and my home LAN just for the sake of organization and operational security. The isolation strategy is very basic given my use cases. I deployed a pfSense firewall VM with two virtual network cards, where the WAN is actually my home LAN, and the LAN is the isolated lab environment. Due to this architecture, accessing VMs in the isolated lab LAN can be a bit of a pain and requires a jumpbox. The jumpbox is a minimal linux VM that I tunnel through via SSH. This requires some NAT configuration which can be a bit of a pain in the neck at times.

I’ve heard a lot of talk about Tailscale and finally decided to give it a try. Tailscale is free for 1 user for 20 devices for personal and hobby projects. Tailscale is built on WireGuard and touts itself as: > Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.

After registering, I downloaded and installed Tailscale on one of my machines on my home LAN. Next, I wanted to connect to a VM in my lab, so I installed Tailscale on a linux VM in the my lab with a one-liner. After the one-liner script installed Tailscale and I authenticated, the two machines showed up in the Tailscale console.

Tailscale Web Interface

All Tailscale clients are assigned Tailscale IPs which start with 100.x.x.x. That means I can interact with the lab VM ubuntu-dev from teus which sits on my home LAN. Since Tailscale provides direct connectivity from teus to ubuntu-dev, I can SSH right into ubuntu-dev without the need of the jumpbox.

After installing Tailscale and using it for a few weeks, I removed my jumpbox VM and never looked back. Since all machines that have Tailscale installed are on the same logical network, it simplifies life a bit. You can read more about how Tailscale works in their blog post. The price point, features, and experience has made me a huge Tailscale fan.