Infrastructure nerd, gamer, and Lemmy.ca maintainer
Are you providing a support contract long term? Are you backed by multiple people in case you’re away and their business is down? I say this more figuratively than specifically you, this could also apply to their internal IT guy who wants to do this.
I’d strongly suggest deferring to a local business IT services company, unless you’re an active partner in the business. They should find a company they are comfortable with and trust, then use the products they recommend and are comfortable with.
I’ve have one on my keychain for years, it’s great. Not visible during the day, but just bright enough at night to make them easy to spot.
No lawyer / accountant is going to sign off on that. It would get flagged as fraud during due diligence and lower the price due to the risks of lawsuits and fines
Yes, it’s not worth them fucking around with various pii / gdpr fines. As someone who has worked with pii, we always took deletion requests seriously.
Well I’m glad I downloaded all my genome data and deleted it a few months ago. It was easy to do, there’s no excuse not to.
That’s an odd picture to touch yourself to, but you do you.
The tailscale client should have created an interface, but I’ve never used it on a box also running wg. You don’t have a tailscale specific interface in ip addr show at all? That’s… odd.
Do you have a device at /dev/net/tun?
How do I do this?
Run ip route show table all
I would expect to see a line like:
192.168.178.0/24 dev tailscale0 table 52
Out of curiosity on a remote node do tcpdump -i tailscale0 -n icmp and then do a ping from the other side, does tcpdump see the icmp packets come in?
Relay “ams” means you’re using tailscales DERP node in amsterdam, this is expected if you don’t have direct connectivity through your firewall. Since you opened the ports that’s unusual and worth looking into, but I’d worry about that after you get basic connectivity.
So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?
Have you checked your routing tables to make sure the tailscale client added the route properly?
Also have you checked your firewall rules? If you’re using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.
Can your nodes ping each other on the tailscale ips? Check tailscale status and make sure the nodes see each other listed there.
Try tailscale ping 1.2.3.4 with the internal IP addresses and see what message it gives you.
tailscale debug netmap is useful to make sure your clients are seeing the routes that headscale pushes.
That should be all that’s required. Are you using ACLs? If so you need to provide access to the subnet router as well as a rule to the IP behind it
Did you enable the route in the admin web ui?
You could do something like nextcloud to solve a lot of issues, but I’d still hesitate to recommend on-prem hardware and managing hardware yourself. It really comes down to the business tolerance for outages though, maybe the computers being down for a day or two doesn’t matter.