Integrate Tailscale with SPR. It provides connectivity between Tailscale and SPR devices using SPR's Microsegmentation.
The plugin runs a container with Tailscale for routing between SPR and Tailscale peers. It provides connectivity in several ways.
- Users can now assign SPR Devices to the
tailnet
group to get access to all Tailscale peers - Assign a Tailscale peer to a SPR Group, to give selective access from that peer to the SPR Device. It advertises a route but the firewall only allows a specific IP.
- Configure the container as an exit node for Tailscale. This allows Tailscale peers to access the SPR API as well as the internet via the container.
- This runs in a container with a custom interface bridge, 'spr-tailscale'
- The interface bridge is configured in the container firewall rules to have 'api', 'dns', and 'wan' access. By default it does not see other SPR devices
- Make sure to visit the Tailscale UI to accept peer routes also, after configuring a Peer with a custom group.
-
Under plugins, add
https://github.com/spr-networks/spr-tailscale
. -
After the installation has finished, navigate to the bottom of the left hand menu and look for 'spr-tailscale'
-
Generate a tailscale auth key, and copy it into the UI presented
-
All done, now configure Tailscale Peers as needed
-
If you want to grant a SPR device to all Tailscale peers, add it to the
tailnet
group.
- go to the SUPER directory under the plugins/ folder and clone this repository
cd /home/spr/super/plugins/
git clone https://github.com/spr-networks/spr-tailscale
cd spr-tailscale
-
Generate an API token in the SPR API (under Auth), and a tailscale auth key
-
Run the install script
./install.sh
To share all tailscale access with SPR devices, add the SPR devices to the 'tailnet' group.
To update custom groups for tailscale peers, edit the config.json in configs/. See the TailscalePeer struct
type TailscalePeer struct {
NodeKey string
IP string
Policies []string
Groups []string
Tags []string //unused for now
}
type Config struct {
TailscaleAuthKey string
APIToken string
AdvertiseExitNode bool
Peers []TailscalePeer
}