If you saw our earlier post outlining how to use Wireguard as a VPN tunnel on an Opto22 groov RIO, and were wondering how to use Tailscale instead, you are in luck because today we are going to do just that!

Tailscale allows you connect to any of the other machines on your account which also use Tailscale from any clients where you are logged in. You can expose internal networks using the Tailscale subnet routing functionality, and it doesn’t require configuring any firewall ports.

Keep in mind that Tailscale is a development tool built on top of Wireguard, so the functionality in place today will probably be expanded pretty significantly in the future. If you need full access to the Opto22 groov RIO and everything on the network—and aren’t afraid of opening some ports in your router/firewall—then Wireguard is your best bet. But, if you want something that works without opening ports, and just needs a few Linux commands—and you’re comfortable using a computer inside the VPN network that you have to connect to to get into the RIO management page—then Tailscale is for you.

Getting Started

For the purposes of this article, we will review the official Tailscale documentation for this process.

First, connect to the RIO’s command line following the steps outlined in the Wireguard article.

Next, download the most current Tailscale binaries on the Tailscale page. You will need to get the “arm” files.

wget https://pkgs.tailscale.com/stable/tailscale_1.10.1_arm.tgz

Once you download the files, use the following command to extract the archive, and the next command to move into the archive folder.

tar xvf tailscale_1.10.1_arm.tgz

cd tailscale_1.10.1_arm

When you are in the Tailscale folder, you will need to start the tailscale service with the following command:

sudo ./tailscaled

You will now need to open a new command line interface while leaving this one open.

First you will need to cd into the Tailscale directory again:

cd tailscale_1.10.1_arm

In the new interface, enter the next command, replacing the IP address below with the IP address of the internal network you want to expose to Tailscale. In this case we are using 192.168.1.X For our network.

sudo ./tailscale up --advertise-routes=192.168.1.0/24

Now, you should see a link to enable the device in your Tailscale account. You will want to copy this link and open it in a web browser to authorize the device.

Once you have authorized it, you will need to enable the routing to the internal network.

Routing settings for an authorized internal network

Route settings menu for enabling to the internal network

Now you can connect another machine using the Tailscale client and access any devices on your internal network from there, in this case our Ignition gateway is accessible using 192.168.1.184.

Screenshot showing that our Ignition gateway is visible using the settings configured above for our local network

As of the time of this writing, there isn’t a feasible way to get the Opto22 groov RIO’s own IP address exposed through Tailscale. So, the best approach to manage the RIO is to connect to the local Ignition machine using your choice of VNC, Remote Desktop, Team Viewer, or your preferred method, and connect through that machine.

Now, you can use any groov RIO or groov EPIC Controller as a VPN tunnel into a remote network using Tailscale! While Tailscale isn’t currently as fully-featured as Wireguard, in some ways it is a little simpler to set up. So, you have another option when you need to get into a network from the outside world.

Thanks for sticking around to the end, and if you have questions about Opto22 groov RIO, any other Opto22 products, or about anything you have seen here, please drop us a line!