Would it be unwise to make my file server (SSH only) machine (also runs a Minecraft server, And From time to time runs RSTS/E under simh) a tailscale router node to allow my traveling notebood access to the network when I am away?
You must log in or # to comment.
Do you need to access the rest of your network? If you’re just using that machine as the file server and gaming server, just run Tailscale on it, that way only that machine is accessible.
That being said, as long as your server is locked down to only allow connections from outside via your Tailscale network, then you shoukd be pretty safe. Your point of failure becomes the security of that netbook, if it becomes compromised, the attacker has access to anything on your Tailnet too.
Make sure you implement 2FA for your tailnet, and practice good security for your netbook if you go that route.
Perhaps I will need to print from time to time, and I may want to access my desktop machine.
If I can use 2FA, especially a time-based one-time password That will be good. I have authy on my phone.
The traveling machine is going to be a Linux machine which will have a strong login password.
So the server as a talescale router set up to only accept a routing connection from my traveling laptop with 2fa. My server’s other services only accepting connections from my network. Do I have the basic concepts correct?
Sounds right to me. Here’s a link to some useful Tailscale documentation that helped me when setting up my own home lab: Tailscale Lockdown UFW
Thanks! That does look useful! Why does Tailscale use the 100.x.y.z range of IP addresses? Aren’t those also normal routable addresses?
From the above for those who find it TTDU, This block of addresses is set aside for internally routed nodes inside ISPs.
( *TTDU Too technical didn’t understand )
That’s just the block of addresses that they have been allocated by ICANN.
