Recently I was looking for a replacement to my old OpenVPN solution. The problem with a traditional VPN such as OpenVPN is that they require a static IP address or some kind of Dynamic DNS service which are not always reliable. ISPs normally charge extra for a static IP and you still need to configure port forwarding into your network which poses a security risk.
Furthermore, I am unable to use a traditional VPN solution as my ISP, Starlink uses CGNAT. In basic terms, CGNAT prevents you from being able to port forward since your real public IP address is shared between multiple customers.
So with all this in mind, what’s the solution?
Tailscale solves the Starlink / CGNAT issue
The best solution I found is to use a service such as Tailscale. Tailscale is a software defined networking solution. It allows you to connect your devices together, over a private network. It uses the principle of least privilege and is the easiest solution ever created to setup! Furthermore, it is free (up to a certain number of devices, but more on that later)
How to setup Tailscale to access your VMware or other lab from anywhere
If you simply want to connect your laptop or mobile phone to your home network, then there are only a few things to do.
- Install Talescale on your mobile phone / laptop
- Install Tailscale on a device (Raspberry PI, or virtual machine works fine) within your network
- Once you have both of these configured, you need to setup the device in your network as a “Subnet Router” this will let you connect to any device in your network without adding to the very generous “100 device restriction” on the free account
The installation is so simple that there is no need for me to to document it here. install the app, authenticate and that’s it.
If there are other devices on other networks, or systems in other locations you can simply install the Tailscale app on that device directly or use the Subnet Router approach.
Now, from my laptop I simply launch the Tailscale app and I’m instantly connected to all the devices in my lab without needing a static IP, port forwarding or any other special or complex setup.
Tailscale has so many other networking options available too, you can setup ACLs or invite another user to connect to your network plus so much more.
