Exit Nodes | Tailscale Explained

Tailscale

8 Nov 202406:28

Summary

TLDRIn this episode of Tailscale Explained, Alex dives into the concept of exit nodes and how they allow users to route their internet traffic through a specific geographic location using Tailscale. He shares his personal experience using an exit node while traveling, and explains how it helps bypass restrictions, like accessing banking apps from abroad. Alex also covers the setup of exit nodes on various devices, such as Linux, Windows, and even Apple TV, and discusses key configurations like auto-approving exit nodes and enabling LAN access. The video concludes with performance optimization tips for different operating systems.

Takeaways

😀 Exit nodes allow you to route all traffic from your client device through Tailscale, making it exit onto the public internet at a specific geographic point.
😀 Exit nodes can be useful when accessing services like banking apps that block access from certain locations, allowing you to appear as if you're in a different country.
😀 Tailscale's exit node functionality is similar to privacy VPNs like Molvad, but Tailscale offers more than just privacy features—it benefits companies and self-hosters too.
😀 By default, Tailscale is an overlay network, only routing traffic between devices within Tailscale, leaving public internet traffic unaffected unless exit nodes are enabled.
😀 Exit nodes are useful when you're on untrusted networks (e.g., public Wi-Fi) or want to test different network configurations.
😀 Many devices can be used as exit nodes, such as Linux, Windows, Mac, Apple TV, Raspberry Pi, or even a DIY firewall like OpenSense.
😀 Apple TVs and Raspberry Pis are recommended as always-on, low-power devices that can serve as exit nodes, making them ideal for people who want minimal fuss.
😀 Cloud VPS services like Hetzner or Linode can also be used as exit nodes, though they may lead to issues with websites treating traffic from data center IPs as suspicious.
😀 On Linux, enabling exit nodes is as simple as running a Tailscale command, while on Mac and Windows, it can be done through the client settings.
😀 Enabling exit node functionality for specific users or groups can be automated using ACL rules, streamlining the process for larger teams or networks.

Q & A

What is an exit node in Tailscale?
-An exit node in Tailscale allows you to route all the traffic from your client device (such as a phone or laptop) through a specific geographic point on the internet, giving you a way to appear as though you're accessing the internet from that location.
How can an exit node be useful for online banking?
-If you're traveling abroad and trying to access a service like online banking, an exit node can make your traffic appear as if it’s coming from your home country, bypassing any geographical restrictions or security blocks that might otherwise prevent access.
What is the primary difference between Tailscale and traditional privacy VPNs?
-While traditional privacy VPNs primarily focus on masking your location and protecting your data on public networks, Tailscale is designed for secure, private communication between devices within a network, offering more flexibility and use cases for businesses and self-hosters.
Why would someone need an exit node when using Tailscale?
-An exit node is useful when you want to route your internet traffic through Tailscale for security reasons, especially on untrusted networks like public Wi-Fi, or if you want to test how different networks view the world (e.g., checking DNS issues).
What types of devices can be used as Tailscale exit nodes?
-Tailscale exit nodes can be set up on various devices including Linux systems, Windows and Mac computers, Apple TVs, and even DIY firewalls like OpenSense, as well as low-power devices like Raspberry Pi.
Can you set up an exit node on a cloud VPS?
-Yes, you can set up Tailscale on a cloud VPS (e.g., Hetzner or Linode) to use it as an exit node. However, this might lead to issues such as websites recognizing traffic from a data center IP block, which could trigger puzzles or security checks.
How do you enable exit node functionality on a Linux system?
-On Linux, you can enable exit node functionality by using the command 'Tailscale set --advertise exit node' on the command line interface (CLI).
What is the role of the Tailscale admin console in managing exit nodes?
-The Tailscale admin console allows you to manually approve each node that requests exit node functionality. You can also configure an automatic approval system for exit node requests using ACL rules and auto-approvers.
What does the 'allow LAN access' feature do in Tailscale?
-The 'allow LAN access' setting in Tailscale lets clients using an exit node access the local network of the exit node. Without this feature enabled, clients routed through an exit node will not have access to the exit node's local network.
What are the performance limitations of exit nodes on certain platforms?
-On platforms like Android, macOS, and Windows, the exit node feature is still undergoing performance optimizations because it runs in user space. For the best experience, it's recommended to use Linux as the exit node.