Corso Systems

View Original

Tailscale for Remote Network Management

As we discussed on our post about using an Opto22 groov RIO with Tailscale, Tailscale is a powerful tool in the networking arsenal. It allows you to get into devices you have access to via Tailscale without having to worry about port forwarding. You can even use it to expose networks to use it as a VPN. Another added benefit is that the Tailscale client also allows you to connect to all of the other Tailscale devices you have on your account—from any other device on your Tailscale network.

Tailscale Use Cases

There are many use cases for Tailscale, starting from “I just need to get access to a device somewhere else” all the way to “I need to connect networks across the globe”.

For a simple “connect a couple of devices” use case, you only need to set Tailscale up on the device you want to connect, install the client on the machine you want to connect from, then connect to Tailscale and you are on your way. You might need to set this up if you are traveling and need to access your office computer. Or, if you are remotely supporting a system and need remote access.

Basic Tailscale Use Case

We can extend this concept to any number of devices using the Tailscale platform by building out more complex architectures. These can allow you to connect to any device on the network from wherever you are logged into the client.

Clients Can Connect to Any Device

Bridging the Gap with Tailscale

The above use case works great for devices you want to connect to directly. But, what if you want to expose an entire network to your Tailscale client instead? You can do this by starting Tailscale with Subnet Routes exposed. Now, you can connect any of your Tailscale clients to any of the devices on the exposed internal network. This setting is very easy process to enable. As of the time of this post, you simply need to install Tailscale on a Linux machine.

You can even enable/disable subnets on a per device basis with your Tailscale Administration page. This allows you to turn subnets off when you aren’t using them, for higher security and peace of mind.

Tailscale with Subnet Routes Enabled

This is where the possibilities really start to open up. Using subnet routes you can connect from a client in your office, through the Tailscale subnet route enabled device and see PLCs, database servers, and even get into HMI clients through Tailscale. You can even set it up on cloud-based systems and get access into your cloud hosted servers from anywhere you can connect using Tailscale.

What’s the Catch with Tailscale?

As of the time of this post, the only catch is that you can’t use the same subnet routing on multiple Tailscale devices at once. So, if you are an OEM company with a standard IP Address range for PLCs, computers, etc. you would need to enable/disable the subnets you would like to use on each device when you want to access that network. This simply means that you would send out a system, get it up and running, then disable the subnet routes on the Tailscale device. Then you can send out other systems, and if you need to go back into the first system you just disable the subnet routes on the other networks, enable the one you want to access, and you will be able to get in.

This is in contrast to setting up Wireguard, which will ultimately give you more flexibility at the cost of some additional configuration steps—which will usually require getting IT involved to open up and forward ports from the outside world.

How Does Corso Systems Use Tailscale?

We use Tailscale in a number of ways. During the Covid Pandemic, we were sending out Linux devices with Tailscale and Subnet Routes enabled for us to easily get into systems which we had to commission remotely.

We’ve also used Tailscale to:

  • Connect two networks on different subnets at manufacturing facilities

  • Give our distributed workforce access to our main “lab” servers and PLCs without having to invest in costly VPN hardware at any particular location

  • Enable easy VPN access to someone’s house while traveling abroad so they can access their computer remotely

  • Set up “localized” LAN access for older multiplayer games without modern internet multiplayer capabilities

  • Act as the backbone of a world-wide OEM network architecture supplying real-time data via MQTT to our centralized Ignition server over cell modems using IgnitionCoil.

The above examples are just a few ways to use Tailscale. Do you have an application you’d like to share? If so please use the button below to reach out and start the conversation!