Tailscale is a service that let you create VPN tunells between devices without any port forwarding, firewall rules or any other advanced configuration. If the goal is to connect to internal services behind your pfSense from other locations, this may be your perfect tool.
Registrer and create a authentication key
- Go to https://login.tailscale.com/ and create an account (it’s free), then log in.
- Select “Settings” in the top menu and click on “Keys”
- Right to “Auth Keys” click “Generate auth key…”
- Click “Generate Key”, there is no need to change any settings here.
- Copy and save the new generated key, this will be needed later.
- Click “Done”
Configure Talescale on pfSense
- Log in to the pfSense router and navigate to System -> Package Manager
- Click on “Available Packages” and Search/Find “Tailscale”. Hit “Install” next to it
- When installed, click “VPN” on the top menu and select “Tailscale”
- Select “Authentication”, paste your authentication key into the “Pre-authentication Key” field and click “Save”.
- Select “Settings” and check “Enable Tailscale”
- Optional: Check “Advertise Exit Node” if you want to allow outside clients to route internet traffic trough pfSense. This is not necessary to access internal resources.
- Check “Accept Subnet Routes”
- Under “Advertised Routes” add the network, or networks you want to access.
(To find the CIDR notation for a specific network, select the “Interfaces” menu and click on desired network. You will find it under “Static IPv4 Configuration” Example: 10.0.21.1/24. See first picture below.)
Note: According to my observations, the 4th octet will be corrected automatically if typed wrong.
- Click “Save”. pfSense should now connect to Tailscale
- Go back to https://login.tailscale.com/, log in and go to the “Machines” tab.
- Click on the three dots right to pfense and “Edit route settings…”
- Check all the subnet routes.
- Optional: Check “Use as exit node”
- Then click “Save”
The network should now be accessable trough Tailscale.
Connect from outside
Now you can connect to your internal network from anywhere in the world.
Go to https://tailscale.com/download and download a client to your phone or computer.
It is straight forward, install, login, and browse your internal pfSense network!
