Tailscale version : I downloaded today
Your operating system & version : Centos
We have a VPN in production, our server is running the server on cloud, and the client PCs are remote (California, Mexico, Europe…). We want to replace our current openvpn solution with Tailscale, but all the instructions I’ve found for Linux assume we have an internet connection. We only have a vpn connection to our office, and it’s site to site, we want to add one to our digital ocean droplet.
Please let me know if there is a package I can download and transfer to the linux box without internet and install.
Thanks,
Rob
I still have this issue, I need an installation package that doesn’t require the internet, can anyone help?
Do you mean that your firewall is set in such a way that it only allows OpenVPN tunnels to be established over the internet?
The thing with Tailscale is that, even after installation, you still need internet access to:
- Authenticate via an identity provider (Google, GitHub, etc.)
- Add nodes to your tailnet
- Manage ACLs, DNS and other settings of your tailnet
A solution for the first point is to use your own custom OIDC provider which could probably run in your internal network and thus not need the internet.
The other two points require connection to Tailscale’s control server on the internet.
But there is actually an open source control server you can host yourself, it’s called Headscale: GitHub - juanfont/headscale: An open source, self-hosted implementation of the Tailscale control server
Then the only thing left would be the actual offline installation of the client that you were looking for.
Tailscale offers static binaries which you would only need to unpack (though they are unsupported): Setting up Tailscale with static binaries (unsupported) · Tailscale
tl;dr
→ Static binaries for offline client installation
→ Host a Headscale server to act as the internal (i.e. not on the internet) control plane
Thanks! I hadn’t found the static builds!
I tried the static build for x386 on a pc in question, it isn’t on internet, but 443 is supposed to be allowed. But I’m getting log messages looking like it’s not, do you agree:
First of log:
logtail started
Program starting: v1.40.0-t105be684d-g4c70014a4, Go 1.20.3-tsddff070: []string{"./tailscaled", "--state=tailscaled.state"}
LogID: 0ffab01699b09dc0eca7afb449da342796f38bc8694f3e2ac36a9f08ab2898e5
logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil
wgengine.NewUserspaceEngine(tun "tailscale0") ...
setting link attributes: setsockopt: protocol not available
router: v6nat = true
logtail: dial "log.tailscale.io:443" failed: dial tcp: lookup log.tailscale.io on [::1]:53: read udp [::1]:58649->[::1]:53: read: connection refused (in 226ms), trying bootstrap...
trying bootstrapDNS("derp4c.tailscale.com", "134.122.77.138") for "log.tailscale.io" ...
bootstrapDNS("derp4c.tailscale.com", "134.122.77.138") for "log.tailscale.io" error: Get "https://derp4c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 134.122.77.138:443: connect: no route to host
trying bootstrapDNS("derp2e.tailscale.com", "2607:f740:0:3f::44c") for "log.tailscale.io" ...
bootstrapDNS("derp2e.tailscale.com", "2607:f740:0:3f::44c") for "log.tailscale.io" error: Get "https://derp2e.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2607:f740:0:3f::44c]:443: connect: network is unreachable
trying bootstrapDNS("derp2d.tailscale.com", "192.73.252.65") for "log.tailscale.io" ...
bootstrapDNS("derp2d.tailscale.com", "192.73.252.65") for "log.tailscale.io" error: Get "https://derp2d.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp 192.73.252.65:443: connect: no route to host
trying bootstrapDNS("derp8c.tailscale.com", "2a03:b0c0:1:d0::e1f:4001") for "log.tailscale.io" ...
bootstrapDNS("derp8c.tailscale.com", "2a03:b0c0:1:d0::e1f:4001") for "log.tailscale.io" error: Get "https://derp8c.tailscale.com/bootstrap-dns?q=log.tailscale.io": dial tcp [2a03:b0c0:1:d0::e1f:4001]:443: connect: network is unreachable
… it goes on like this for several dozen IP addresses.
Thanks!
Hmm, yeah for some reason it’s not getting connections going, though I couldn’t say why. I’d probably try those GET requests manually via a browser and see if that gets blocked as well.
For example, if you enter https://derp4c.tailscale.com/bootstrap-dns?q=log.tailscale.io in the browser, it should return a JSON with all kinds of IP addresses for various tailscale subdomains.
I’m not sure if the connections can’t be established due to port 443 being blocked or maybe due to the tailscale service itself being blocked, etc.
But if you also don’t get a response from the requests in a browser, then it’s probably due to the port and/or domain being blocked.