🐮Installing Tailscale on FnOS for NAT Traversal

2024-10-15|2024-10-15
Yawatasensei
Yawatasensei
type
status
date
slug
summary
tags
category
icon
password
😀
The recent popularity of FnOS has been launched, and I also wanted to ride the wave and give it a try. Now that my multimedia library has been migrated, I need to start configuring the internal network penetration to access the data on my NAS when I'm outside, such as synchronizing passwords in OpenMediaVault, synchronizing photo albums, accessing Jekyllfin, or quickly adding torrents to qbittorrent, etc. FnOS itself provides FN Connect for internal network penetration, but it requires registering a FnOS account and providing a phone number, which I don't think is necessary. Moreover, I have been using Tailscale, which can directly connect successfully in most cases with IPv6, so I will directly configure it on FnOS this time.
 

📝 Configuration FnOS

Enable SSH Login

By default, SSH login is disabled after FnOS is installed, and it needs to be manually enabled on the management webpage. The enablement location is: Settings - System Settings - SSH. At the same time, it is recommended to change the port to a high port above 1024 to avoid being scanned and cracked if the IPv6 firewall or IPv6 firewall rules on the router are not well configured.
notion image
After the modification, log in through Putty, Termius, or your preferred terminal, remembering to change the port to the one just set. The login account and password are the same as the account and password used on the web page (default account is admin), and the pure terminal login command is:

Install TailScale

The Linux version installation script file provided by TailScale official can be executed directly:
During the installation process, the installation source address of TailScale will be added, and if executed under a non-root user, it will prompt for the sudo password.
notion image
You can check that TailScale is running with ps -ef | grep tailscale:
You can also check the current running status of TailScale with systemctl status tailscaled.service. At the same time, the Status is that we need to execute sudo tailscale up to log in to the account and bind.

Bind Tailscale Account

Enter the following to log in to the Tailscale account, and you need to add sudo to execute it; otherwise, it will prompt Access denied: checkprefs access denied permission is insufficient.
After a while, the terminal will return the login address. Click on it to open the browser and log in. Since the access to Tailscale is not stable in China, you may need to use a proxy for the first login.
notion image
Click on Connect to bind. After that, you can also see in the TailScale console that this NAS of FnOS has been successfully bound. Now, when TailScale is turned on outside, you can normally access the home NAS.
notion image

Set Tailscale to start automatically at boot

Check whether it is in the automatic boot state through systemctl status tailscaled.service:
If Loaded: loaded (/lib/systemd/system/tailscaled.service; enabled; preset: enabled) are all in the enabled state, it means it is already in the automatic boot state.

🤗 Summary

At present, there is no direct installation of Tailscale in the software package of the FnOS system, so it can only be installed, configured, and managed through SSH for the time being.
As for why not to use IPv6 directly for access, there are mainly two reasons:
  • Directly exposing ports to the public network poses security risks. When using it outside, the IP address is not fixed, so it is also impossible to restrict the range of login IP addresses, including the IPv6 address range, etc.
  • Directly exposing ports to the public network may be warned by network operators.
So, I prefer to use TailScale and similar software for internal network penetration. IPv6 improves the success rate of direct connection punching. In the case of direct connection, the upstream bandwidth can be fully utilized, which is already enough.
In addition, I didn't expect that FnOS is actually based on the Debian system for development. I am only in the trial stage now. Basically, everything that FeiNiu does, my Debian server at home has already done it, so the significance of replacement is not very big.

📎 Reference

 
💡
If you have any questions about the installation or use of FnOS or NAS, feel free to leave a comment at the bottom of the article, and let's exchange ideas together~
Technical Sharing
Advanced Dnsmasq Techniques: Customizing DNS Servers for Different Devices on OpenWRTFirewall Configuration After Purchasing a Cloud Server
Loading...