Hello All!! I’m a newcomer here and would like to honor Wendell’s well crafted guide and very excellent walk through.
After walking through the guide, I realized I may have found a way to do this utilizing OPNSense w/ Tailscale, and with TrueNAS VMs simply running Tailscale.
Obviously, I first and foremost, claim no responsibility and these instructions are As-is, use at your own discretion. But, In the spirit of helping others in whatever way, I’ll share what has worked for me to utilize my TrueNAS box.
This results in VM’s being able to hit the TrueNAS Box, with no modifications needed to TrueNAS.
My gateway is an OPNsense box, with TailScale installed. There isn’t a plugin for this, but you can install via command line, once this is finished, you then need to set Tailscale up, and advertise the subnet. *Exit node, is optional.
This TailScale KB provides a few commands as part of installation that must be followed. However, I’ll repost the commands to run on your OPNSense firewall, please refer to TailScale KB for full guide, I’m sorry this forum will not let me post URL link. You can google TailScale OPNSense or google the below commands. Anyway, I’ll repost the commands here for convenience.
Perform the following steps as root on OPNSense firewall: (You will need to enable SSH and Putty into the box)
# opnsense-code ports
# cd /usr/ports/security/tailscale
# make install
# service tailscaled enable
# service tailscaled start
# tailscale up
You also have to allow NAT-PMP port mapping, in services, there are also steps to follow in same KB from Tailscale (KB 1097)
You get within the SSH console a link to “activate” this device on TailScale. Do so, then verify the device is added to your TailScale admin portal.
Once all commands are ran, from the above article, then lastly advertise your subnet, in this example just replace subnet with yours, and the command would be the following in OPNSense console.
sudo tailscale up --advertise-routes=10.0.0.0/24
Now check your TailScale console / admin portal to verify Subnet route is toggled “ON” if it’s not already from advertised router.
Then install TrueNAS VM’s as normal. And then just install TailScale as normal on TrueNAS VMs.
For my WindowsVM, immediately upon installing TailScale, I could hit my local NAS IP. For Ubuntu, I had to run sudo tailscale up --accept-routes.
I tested Plex access from my Windows 10 VM, no need to forward ports at all. I hope this helps others. I’m happy to share what I can. Thanks,