Hiddenden/Knowledge-Base
2
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

first version of the knowledge base :)

Browse Source
This commit is contained in:
Latte
2026-03-14 11:41:54 +01:00
commit 27965301ad
47 changed files with 4356 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
70 - Tools/tailscale/tailscale.md Normal file
View File

@@ -0,0 +1,63 @@
---
title: Tailscale
description: Tool overview for Tailscale as a private networking and remote access layer
tags:
- tailscale
- vpn
- networking
category: tools
created: 2026-03-14
updated: 2026-03-14
---
# Tailscale
## Summary
Tailscale is a WireGuard-based mesh VPN that provides identity-aware connectivity between devices. It is frequently used to reach homelab services, private admin interfaces, and remote systems without exposing them directly to the public internet.
## Why it matters
Tailscale simplifies remote access and private service connectivity without requiring a traditional central VPN gateway for all traffic. It is especially useful for small environments where easy onboarding and policy-driven access matter more than complex appliance-based VPN design.
## Core concepts
- Tailnet as the private network boundary
- Identity-based access controls
- Peer-to-peer encrypted connectivity with DERP fallback
- MagicDNS for tailnet name resolution
- Subnet routers and exit nodes for advanced routing roles
## Practical usage
Tailscale commonly fits into infrastructure as:
```text
Admin or device -> tailnet -> private service or subnet router
```
Typical uses:
- Remote SSH access to servers
- Private access to dashboards and management services
- Routing selected LAN subnets into a private network overlay
## Best practices
- Use tags and access controls early instead of keeping the tailnet flat
- Treat exit nodes and subnet routers as high-trust infrastructure roles
- Use MagicDNS or split DNS instead of memorized addresses
- Limit which services are intended for tailnet-only access
## Pitfalls
- Advertising broad routes without matching access policy
- Treating overlay connectivity as a substitute for local firewalling
- Leaving unused devices enrolled in the tailnet
- Using one large unrestricted trust domain for every user and service
## References
- [Tailscale: What is Tailscale?](https://tailscale.com/kb/1151/what-is-tailscale)
- [Tailscale: Access controls](https://tailscale.com/kb/1018/acls)
- [Tailscale: MagicDNS](https://tailscale.com/kb/1081/magicdns)