Accessing local resources with Tailscale while onsite.

thecomputerguy

Well-Known Member
Reaction score
1,492
I setup a client with a Tailscale account to try and eliminate the need for a VPN. I added their Synology NAS and a couple Laptops and remotely everything seems to work beautifully.

As soon as the laptop boots and Tailscale loads into the tray it connects and BAM the remote NAS is available without having to use an app to connect/disconnect the session.

The issue is when the user is NOT remote, and working in the Office locally. Everything connects but it appears the device will use the Tailscale connection, instead of accessing them locally, making access to local resources slow since it's being routed through Tailscale.

I notice that when Tailscale is configured, entries are made into the Hosts file to make this work but does anyone know of a way for the device to access those resources locally while onsite while keeping Tailscale connected?

I'm trying to limit/eliminate user intervention required when accessing the NAS and make the process near invisible.

Luckily, they only use the NAS for Word, Excel, PDF, Pictures so there aren't typically any large data dumps, and to be honest they may not even realize it's slower because their typical files are so small.

I would however like the device to access local resources locally while working onsite and then access those same resources through the Tailscale connection while working remotely without user intervention.

This is all being done using a free version of Tailscale with a GitHub account I created using an org email specifically for this org.
 
If MagicDNS is enabled, the hosts file is updated with entries for devices on the Tailnet (the 100.64.0.0/10 subnet). When the device is in the office, it can still use the LAN address. Bit clunky though.
Or, if the Synology is running DNS, you could add it as a second name server (in Tailscale DNS) and restrict lookups to the office domain (enable the split dns option). The client can then resolve the Synology's hostname in both scenarios (remote and local).
Also depends on how the staff access the NAS. If they have shortcuts or links in documents already related to it's hostname and there's a subnet router in place, you could edit the hosts file and pop in the Synology hostname and IP. Doesn't scale well and a bit (hmm.. very) Heath Robinson but would 'fix' broken links.
 
If MagicDNS is enabled, the hosts file is updated with entries for devices on the Tailnet (the 100.64.0.0/10 subnet). When the device is in the office, it can still use the LAN address. Bit clunky though.
Or, if the Synology is running DNS, you could add it as a second name server (in Tailscale DNS) and restrict lookups to the office domain (enable the split dns option). The client can then resolve the Synology's hostname in both scenarios (remote and local).
Also depends on how the staff access the NAS. If they have shortcuts or links in documents already related to it's hostname and there's a subnet router in place, you could edit the hosts file and pop in the Synology hostname and IP. Doesn't scale well and a bit (hmm.. very) Heath Robinson but would 'fix' broken links.

Great information ... I'll look into this ... Tailscale is new to me but to be honest it seems like absolute magic from a VPN standpoint.
 
There's the "exit-node" setting in preferences, but as you noted..it's STILL pumping through the..VPN basically..thus some loss of speed due to overhead.

We use ZeroTier for a few clients that still need "remote VPN access"...ZT is very similar to TS...pretty much competitors...but it does recognize your LAN, you can define it...it will define LAN objects as peers and allow full speed local access.
 
Back
Top