Advertise Hostname IP for 2 different Interfaces (LAN and Tailscale)
Advertise Hostname IP for 2 different Interfaces (LAN and Tailscale)
Hello everyone, I have I guess a bit tricky situation on hand
I have 4 devices (2 computers, 2 cellphones) on my home network, they're all connected on the same LAN, and additionally, all are also running Tailscale (rather out of the box configuration except specific IPv4 addresses given by me)
When going out of home, I normally take up to 2 devices with me and connect to the ones at home through the Tailscale IP
Usually I do this by typing the IP address manually on either scenario, if I'm home I connect typing the LAN IP Addresses for the devices, otherwise I manually type the Tailscale IP addresses
I would like to now optimize this process using Host Names; I would like to type in say, SSH pc1 and that connect via LAN IP if available, and otherwise fallback to Tailscale IP if not
Result being I can just type the one singular host name, and connect successfully regardless if I'm home or not, also using the best possible connection (LAN preferred over Tailscale)
I am aware Tailscale has a feature that it does this out of the box using the Tailscale IP on the same LAN, but this doesn't seem to work on all devices (the phones) and additionally that generates some noticeable overhead given their age too
I have been reading about Avahi and thinking of using it on each device, advertising the same host name with both it's IPs, which I am yet to try but figured I could use more input on solutions if anyone has experience with it, I'd appreciate any
Thanks for reading, and I hope you have a nice day
I do exactly this by using DNS. You’ll want DNS on your home network to report back just the internal IP addresses for each host, but not the Tailscale IP addresses (that is, if you want the hostnames to work outside of Tailscale too).
Then for Tailscale’s DNS you’d set up records for the same hostnames but return either just the Tailscale IP addresses or both. I generally do both but it’s probably better to do the former to avoid leaks outside the WireGuard tunnels (though with a subnet router that probably won’t happen anyway).
This is much like traditional split DNS where your internal network’s DNS server is probably going to give internal IP addresses for a local web server’s hostname but a public DNS server would return a publicly routable IP address.
Avahi is going to be a huge pain because it relies on multicast. It won’t work over Tailscale (or traditional VPN tunnels other than an OpenVPN TAP interface) without lots of fighting.
You could solve this with a lightweight DNS server like dnsmasq on one of your home computers that stays powered on, it'll handle both LAN and Tailscale requests and can be configred to return the appropriate IPs based on where the request comes from - I've been using this setup for years and it works flawlessly.
I'm a bit conflicted with your answer, I suppose for a DNS server my best go-to should be my router, but I don't have access to it, next option would be DNS servers on each device and make localhost the primary server, then my router the secondary? Assuming that's the case I think that would break when I take a device off the local network as outside it would still assume things work like in the LAN. I could see it working if I had access to my router and primary server was DHCP provided (in LAN that would be my router with it's DNS configured to point to my devices with hostnames, outside it wouldn't have any and use the secondary) and secondary Tailscale's (which supports mDNS so with the same names it would hit my device's IPs from the tailnet) but I don't think I can get that router access...
Unless I misunderstood something of the solution, if so can I ask for clarification?
My comment was kind of high level because I wasn’t sure how much you knew technically already.
But yeah, you would unfortunately need access to the DNS server on your router and be able to add custom records. You’d additionally need a DNS server somewhere for Tailscale clients whether that’s on a Tailscale node or just on the public internet (and configure Tailscale to use it).
I suppose a last-ditch effort would be to buy a domain and create records pointing to both the Tailscale and internal LAN IP addresses. The downside is that you’re basically making the map to your network public but at least people wouldn’t actually be able to access those internal (LAN, Tailscale) IP addresses. The benefit would be only needing to manage one set of records in one place.
I’m really rusty on my OSI model but Avahi, NETBEUI and friends won’t work over WireGuard tunnels because those are layer 2 protocols whereas WireGuard operates at layer 3 (if I remember correctly).