 Tom here from warn systems and we're going to talk about churnass scale and using tail scale There's an official app from iac systems in their app market that you can load for this That's what we're gonna be doing for the demo here I've got plenty of videos linked down below about tail scale overlay networks and including setting up tail scale with things like PF Sense and integrating it into your network with the firewall Which is my preferred way to do it but sometimes there's challenges and you may not have access to the firewall You may not have a firewall that supports tail scale And you'd want to load it directly on the device or maybe the churnass is not somewhere where you have any access at all So the firewall because you've put it on another network, but want to have remote access to it That's what this video is going to cover today is how that works and let's get started I did this drawing in draw.io and for this demonstration We're going to be using tail scale you could use head scale if you prefer a self-hosted solution I've got a video linked down below on how to set up head scale But to keep this demo simple, we're just going to use tail scale and it is compatible either way, whichever one you use The scenario is going to be let's say you are on some untrusted network And you want to get from that untrusted network back through your home firewall And you can't load tail scale on your home firewall, but you can load it on your churnass scale We are going to advertise the route of 192 1683.0 24 Because our churnass scale server is located at 192 1683.4 And we want to advertise that other devices exist on that network such as our 3.8 server and our 3.14 server And we'd like to have access to those in addition to any applications that are operating on our churnass scale So we'll have access to the apps the shares and any other adjacent servers on that same network Now when we do this, it's going to go out through the internet But it stops and talks to the coordination server This is where I have a video where I outline much more in detail how overlay networks work and the coordination servers Actually, what takes care of all this but to make things clear the coordination server coordinates these connections But the data does not pass through it So your privacy and integrity is maintained because it's just establishing the connections between you and your churnass Now I'm logged into the tail scale interface. I already have a few devices connected, but there is no churnass on here So that's the next one. We're going to be adding we're going to go here to settings and go down here to keys and We want to generate an off key So we click on generate off key and I don't really need to make this reusable So we're just going to give it a description The reusable is if you wanted to connect multiple churnass as you could create an off key that could be reused several times But I prefer to create an off key unless you're mass adding devices just to one system So we're gonna call it churnass demo. We'll leave the expiration here because we can change this set later Ephemeral we're gonna leave that skipped because that would only allow it to be used one time So the rest of the settings are gonna be fine We'll just let it generate the key and we're gonna go ahead and copy this key right here By the way, even though you were able to see this key this key is going to be dead by the time I published a video So no worries there. I didn't blur it out. We're gonna go over to our churnass scale system I'm running churnass scale 22 dot one two dot three. We're gonna go to apps Available apps and we're gonna find tail scale We're gonna go ahead and install the app Leave the application name the same. We're gonna use whatever the latest version is for the off key We're just gonna paste that in And then free the name. I'm gonna smash the name and call it churnass scale demo Advertise routes, I'd like to be able to access other devices on this network So we're gonna go one nine two one six eight dot three dot zero slash 24 that'll give me access to all the devices on there if you were gonna add more networks You could actually add more like by clicking add and put another route in there So when we need exit node advertisement is a question It asks if you'd like to have this as the exit for your network So you could actually tunnel your traffic and exit out of this churnass I'll go ahead and click the box. We'll show you how that set up and then everything else We can just leave it default and hit save It's now creating the tail scale application and connecting it and now it's showing active So we're gonna go back over to our tail scale interface Click done go back over to machines and now we see our churnass demo now It's got an exclamation point between subnets and exit nodes. So what we want to do here is edit route settings We're going to approve using this route and we're going to approve using as an exit node That's all you have to do to get it working now The last thing is it's going to let me know that the key expiration is enabled And if we wanted to make this permanent we would simply Disable the key expiration right here And now it's disabled and this will stay up and running Now there's one limitation I want to mention and that's that tail scale does not show up as an interface on the churnass itself It only shows the interfaces that are actually attached to it I bring it up because I want to point out a specific limitation And that may affect the scenario that you're trying to do If you wanted to set this up and run tail scale on two different churnasses and have the churnasses talk to each other And do something like replication that won't work Because it's not in the churnass itself It's running within a container and an attached network, but not actually adding an adapter to the churnass You can't say hey This is the tail net ip of each of these devices and tell them to replicate to each other Because the churnass itself even though you can get from the application that's in the container to the churnass and its shares Churnass doesn't have a route back to another churnass So that's something you have to keep in mind if you want to solve that problem That's best to set up a vpn on your firewall between the two different sites So the two churnass devices can talk to each other. That's a better scenario for solving now Now that's all I have for churnass scale and tail scale Love hearing from you. Leave your thoughts and comments down below if you want to see more content from this channel Like and subscribe And if you want to talk more in-depth about this and other topics the place to talk with me on that would be forums.laurancesystems.com And if you want to hit me up on the socials You'll find whatever social media networks i'm attached to at the time you're watching this video over on laurancesystems.com And thank you