Tailscale’s website reads:
A secure network that just works
Zero config VPN. Installs on any device in minutes, manages firewall rules for you, and works from anywhere.
gokrazy-based devices are no exception! This guide shows you how to use Tailscale with gokrazy.
Tailscale’s networking will come in handy when accessing your gokrazy server remotely (no static DHCP leases, port-forwarding and DynDNS required!), or even to secure your communication when gokrazy is connected to an unencrypted WiFi network.
We need to specify the following flags for the
tailscaled daemon (see
“Per-package configuration” if you’re unfamiliar
with this mechanism):
mkdir -p flags/tailscale.com/cmd/tailscaled echo '--state=/perm/tailscaled/state' > flags/tailscale.com/cmd/tailscaled/flags.txt echo '--tun=userspace-networking' >> flags/tailscale.com/cmd/tailscaled/flags.txt
tailscaled requires the
--state flag, so we need to set it
/perm/tailscaled is the working directory of the
process and will contain the
tailscaled.sock socket, so it makes sense to
place the state file into the same directory.
--tun=userspace-networking flag selects the Userspace
It would be nice to use the
tun-based networking eventually, but currently
Tailscale requires components that gokrazy does not provide for
tun mode. For
accessing the services on your gokrazy installation, the Userspace networking
mode works fine, though :)
gokr-packer invocation (see Quickstart if you don’t
have one yet), include the Tailscale daemon and CLI Go packages:
gokr-packer \ -update=yes \ github.com/gokrazy/hello \ github.com/gokrazy/breakglass \ github.com/gokrazy/serial-busybox \ tailscale.com/cmd/tailscaled \ tailscale.com/cmd/tailscale
Log in to your gokrazy device interactively using
breakglass, change to the
/perm/tailscaled directory and run
tailscale up to print the authentication
% breakglass gokrazy breakglass# cd /perm/tailscaled breakglass# /user/tailscale up