I thought that I would write up some notes on our solution.
Installing Tailscale on Enigma2
Tailscale is a no-fuss zero-config VPN implementation based on Wireguard, offering fast, seamless device connectivity — no firewall rules, no wasted time.
This is not a VPN in the traditional sense, but instead builds a private mesh network with it's own address space for all of your machines/devices wherever they are located. Traffic is peer-to-peer and encrypted and is secured by encryption keys.
There are ready made Tailscale client applications for almost all platforms (Linux, Mac, Windows, Android, IOS, BSD etc etc).
Tailscale is free to use for up to 100 devices and is all based on Free and Open-Source software, and is suitable for use from the humble home hobbyist right up to and including large-scale server infrastructure installations.
I decided to write these notes after working with Techkings member
@joysleep1, who was having difficulty remotely managing the devices on his home LAN, and particularly his Enigma2 installations. The problems that he was experiencing were due to his ISP operating Carrier Grade Network Address Translation (CGNAT) in their up-stream networks which had the effect of rendering the traditional solutions using a combination of Open-VPN DDNS and Open Ports With Port Forwarding completely impotent.
So, a huge shout out to
@joysleep1 for his trials, patience, forbearance, and being willing to trial and error whilst we grep'd for a solution.
Our testing was undertaken on Open-ATV v7.5 and various recent versions of Open-Vix.
Whilst many boxes that run Enigma2 have limited hardware resources available it is possible to install Tailscale on Enigma2. It however should be said that a more elegant and efficient way of doing things would be to manage things using a device with a bit more beef than the typical budget Enigma2 box. That said, you don't need that much beef, so for example something like a Raspberry-Pi or RockPro-64 are very adequate and competent for these purposes when hosting things at home.
Anyway, let's roll our sleeves up and get to grips with an example Enigma2 installation.
=======================
Go to
Tailscale · Best VPN Service for Secure Networks and setup a free account for yourself.
In the Tailscale web-console go to the DNS tab and setup some DNS servers and choose a tailnet name for yourself, and enable MagicDNS.
Obtain and install Tailscale binaries for say your PC/laptop/phone/tablet etc, start Tailscale on them and register them on the Tailscale web-console.
Download the binaries for your Enigma2 box. Which one you need will depend upon what chipset your box uses. They are available from here:
https://pkgs.tailscale.com/stable/#static
Unzip/Extract on our pc, and you get two files:
tailscale
tailscaled
Now place the two files into the /usr/bin/ directory of the Enigma2 box.
ssh into the Enigma2 box as root
(please pay careful attention to the output of all and any commands that you run. If anything looks like it's failed or has an error, stop for a moment and think about what it's saying to you, and act accordingly).
Review the permissions of those files
Basically they need to be executable (ie 755 rwxr-xr-x or 777 rwxrwxrwx)
If in doubt,run the following commands to change the permissions:
Code:
chmod 777 /usr/bin/tailscale
Code:
chmod 777 /usr/bin/tailscaled
Now install the kernel tun module with the following command:
Code:
opkg install kernel-module-tun
Now activate the tun module:
Now run the following command to get things up on their feet:
Code:
tailscaled -port 4434 -tun userspace-networking
Once it's running, we leave this terminal open, and open another terminal window, SSH into the Enigma2 box with this new window and run another command to add the device to your Tailnet:
Now we will see a url in the terminal, copy and paste that into a web-browser and add the device in the Tailscale web-console.
Note that it is possible to disable key expiry if you wish......
Now we need to make the service persistent so that it will survive reboots, by adding a crontab using the following command
Paste the following line into the editor and then save ( if nano is the editor then ctrl+x then y ) (if vi is the editor then Esc then :wq) to exit
Code:
@reboot sleep 90 ; modprobe tun; /usr/bin/tailscaled -port 4434 -tun userspace-networking
Now test to make sure that the crontab has been successfully written by running
(the output should read: "
@reboot sleep 90 ; modprobe tun; /usr/bin/tailscaled -port 4434 -tun userspace-networking")
Now reboot the box and wait a couple of minutes
=====================
You should now be able to access the Enigma2 box using it's Tailscale IP address (100.x.x.x) and/or it's Tailnet Name, from any other device that is a member of your Tailnet irrespective of your actual physical location on the planet exclusively using your own private encrypted peer-to-peer mesh network., all without needing any open ports or port forwarding. (how effin cool is that ehh !!!)
Exploring and describing all of Tailscale's extensive features and functionalities is beyond the scope of these notes, but is it very highly featured and competent and can be deployed in almost any circumstance or location. IMHO, it is well worth learning about many of the features available.
