 Tom here from Morning Systems and you'll find a video linked down below that I just posted the other day about setting up tail scale with TrueNAS scale and being able to route different networks over it and talk to your TrueNAS device remotely. And I had said in that video and correctly at the time based on the knowledge I had available to me that it did not work for setting up two TrueNASs talking together. Well, after someone left a comment and me doing a little bit of fiddling around and figuring out what the settings are that's what this video is. It's just a update and an add-on essentially for that video to cover exactly how to get to TrueNAS systems talking to each other over tail scale. There's a couple options you have to click and a couple things that you have to note to make this work properly. So let's just jump into it. We're gonna start with a little draw.io diagram I have here. We have our TrueNAS scale system and we have the Telnet IP of location A. Then it's gonna go out across the internet, talk to TrueNAS scale at location B. Now the goal is to have a replication task that gets our data replicated over to here. All other things are the same as they were in the other video. We have the coordination server coordinating where these devices are. We're not going to be adjusting any firewall settings. So in this video, you may or may not have and you do not need access to the firewall in terms of being able to configure it. This is just a basic as long as tail scale will work through these firewalls, which generally it works through most any firewall. This scenario should work. Now, I'm not gonna cover setting up the keys. I've already got these two systems adopted. There's location A and location B and there's respective Telnet IP addresses. We will be using the Telnet IP addresses for all of these settings here on out. Now, this is our destination TrueNAS and we're gonna go over here to apps and we're gonna go to our tail scale. We see it active and already set up and we're gonna go here to edit. Now you can set this up new and do this. If you edit it, just check the box and change it. I've already checked the box to make the change, but user space was checked by default. We want to make sure we uncheck user space. Route advertisements doesn't matter. Those are for the other use case, as I said in the other video, but we uncheck user space. We scroll down here and we want to check host network and when we click save, it'll redeploy this and this will bind the network into the network interfaces over here inside of TrueNAS. And there it is. There's our bound address and it's all set. Now, you notice there's no description here. It is set to DHCP and it's called tail scale zero. So all these are finders. No settings that have to be changed here, but we do want to go to the system settings. We're gonna go to general and we go to settings over here for the GUI settings and we want to make sure it's bound to zero, zero, zero. Now that's the only one this can be bound to. The reason that's important is because when you go to add the credentials, the easiest way to do this is going to be have one TrueNAS talk to another TrueNAS and we're going to be using the tail net IP address. And if you have specific IP set on your TrueNAS and you've said only bind to a specific IP, which I've recommended many times for security reasons, if you have like several adapters and different IP addresses, but maybe those other networks are only for storage or other networks, you want to expose only certain things, but not the web UI, when you lock it down, then you may only bind it to the addresses that you want it to be accessed on. Well, that is tricky if you try to do the tail scale because the tail scale address doesn't come up until after the system starts. So you can't bind it to the tail scale IP address because when the system starts and it's starting up all the other services, that doesn't exist until the application start and then it shows up. So the only way I found to make this work was to bind it to all the IP addresses, which by the way is the default in TrueNAS. So if you have kind of a stock setup and you haven't modified that, it should be bound right there. The next thing we have to do is do the same thing to SSH and make sure it's listening on all ports. And for that, we're going to go to system settings and services. We're going to be here to SSH. We'll go to advanced settings and you see I don't have it set to bound any address. If you did, once again, you'd want to set it. So if you choose none, that actually means it says, okay, bind to all these addresses. I'm not sure what would happen if we tried to bind it to this because SSH generally is going to start before the applications. Maybe you could restart SSH and have it bound only to this if you had a use cage for it. But for the most part, we're just going to leave this bound with nothing here, which means all addresses. Now we're on our source system. And for here, we want to go over to credentials. And we're going to go over to the backup credentials. And we want to add an SSH connection. Now I've already added one. And that's this TrueNAS Mini R. That's our destination. But for the destination, please note, once again, we're using the host IP address of the tailnet on here, everything else is the same. You want to make sure that is the choice you're using for this, not the local IP address that that device has. For the last step, we're going to go over to data protection, we're going to scroll down, and we're going to add a replication task. I filled this all out pretty standard here. We've chose our TrueNAS Mini R right here. But at the bottom, this part is really important. SSH transfer security. No encryption or encryption. You want to make sure you leave it on this setting here. And let me show you under the advanced settings what that actually means. That's going to control our transport. We can use SSH or SSH plus netcat. And the reason I bring that up is because I want to talk about what SSH plus netcat does. This is a feature that was added to TrueNAS a long time ago. And when you have two NAS systems that are local, and you want to get the data ZFS replication data to move as fast as possible across your local network, you'll run into some limitations of SSH. To eliminate those limitations, they added the option of SSH plus netcat. This means SSH will talk to the two devices and they will agree upon a port to bind to using netcat and they'll stream the ZFS send data over netcat. So that process seems to break, though, with the tail net. My assumption is because netcat wasn't, well, expecting a new adapter to be added. And it has some problem establishing some connections over it, or just seeing it because netcat goes that wasn't there when I started. And because it's tied to that application being loaded is probably why that breaks. So as long as you're just using it over SSH, it doesn't seem to have any problems at all working. And I play with this a little bit and it just stops. It starts the netcat because what it's doing is starts the listening process, but it just freezes right there and the replication never gets any further. But as long as I had an SSH, I had no problem getting a replication working. I wanted to leave that there in case anyone was going, well, I want the most speed possible out of this. And well, it may not work very well. But if you're transporting it across tail scale, the overhead of that and across the internet, the slow connection that you may or may not have, depending on what speed is offered at each end of this, you have other limitations and it might not be SSH that challenges you as much for the speed, but something I want to throw out there. But if you are looking after the ultimate optimal speed, well, yeah, SSH post netcat is probably going to be better when you have a external VPN like in two different firewalls where you can establish a faster connection, especially if you're doing something like data center level replication. Yeah, if you have that kind of speed access, you probably just need to set up a VPN inside your firewall. But that's all I have for this tutorial today. Love to hear from you. Leave your thoughts and comments down below on this topic. If you want to engage with me more in depth, hover to forums.laurancesystems.com. That's a great place to have a discussion on this and other topics. If you want to see more content from this channel, like and subscribe. It really does help me out and that like button does seem to do something on YouTube to help the algorithm suggest this video to other people. And if you want to connect with me on the socials, you'll find all those whatever socials I'm on when you're watching this video at laurancesystems.com. Thank you.