Tailscale on Opto22 groov Hardware
If you saw our earlier post outlining how to use Wireguard as a VPN tunnel on an Opto22 groov RIO, and were wondering how to use Tailscale instead, you are in luck because today we are going to do just that!
Tailscale allows you connect to any of the other machines on your account which also use Tailscale from any clients where you are logged in. You can expose internal networks using the Tailscale subnet routing functionality, and it doesn’t require configuring any firewall ports.
Keep in mind that Tailscale is a development tool built on top of Wireguard, so the functionality in place today will probably be expanded pretty significantly in the future. If you need full access to the Opto22 groov RIO and everything on the network—and aren’t afraid of opening some ports in your router/firewall—then Wireguard is your best bet. But, if you want something that works without opening ports, and just needs a few Linux commands—and you’re comfortable using a computer inside the VPN network that you have to connect to to get into the RIO management page—then Tailscale is for you.
Getting Started
For the purposes of this article, we will review the official Tailscale documentation for this process.
First, connect to the RIO’s command line following the steps outlined in the Wireguard article.
Next, download the most current Tailscale binaries on the Tailscale page. You will need to get the “arm” files.
Once you download the files, use the following command to extract the archive, and the next command to move into the archive folder.
When you are in the Tailscale folder, you will need to start the tailscale service with the following command:
You will now need to open a new command line interface while leaving this one open.
First you will need to cd into the Tailscale directory again:
In the new interface, enter the next command, replacing the IP address below with the IP address of the internal network you want to expose to Tailscale. In this case we are using 192.168.1.X For our network.
Now, you should see a link to enable the device in your Tailscale account. You will want to copy this link and open it in a web browser to authorize the device.
Once you have authorized it, you will need to enable the routing to the internal network.
Now you can connect another machine using the Tailscale client and access any devices on your internal network from there, in this case our Ignition gateway is accessible using 192.168.1.184.
As of the time of this writing, there isn’t a feasible way to get the Opto22 groov RIO’s own IP address exposed through Tailscale. So, the best approach to manage the RIO is to connect to the local Ignition machine using your choice of VNC, Remote Desktop, Team Viewer, or your preferred method, and connect through that machine.
Now, you can use any groov RIO or groov EPIC Controller as a VPN tunnel into a remote network using Tailscale! While Tailscale isn’t currently as fully-featured as Wireguard, in some ways it is a little simpler to set up. So, you have another option when you need to get into a network from the outside world.
Thanks for sticking around to the end, and if you have questions about Opto22 groov RIO, any other Opto22 products, or about anything you have seen here, please drop us a line!
Need Help? Corso Systems is an Opto 22 Partner!
Schedule a short, no obligations intro call with Cody Johnson in Sales to get started today.
Or Contact Us with your project details.
Learn more about Corso Systems partnerships