Tailscale Remote Access

Rnd3sB3g13rng · October 20, 2022, 1:34pm

Hello,
I am trying to setup tailscale for remote access. I have setup VNC in dom0 and proxy the port to a qube as in (Remote Qubes User Testing (Running Qubes in the Browser) - #20 by deeplow). Using tor is very slow and I want to try tailscale since I do not have to configure port forwarding and break the security (at least from what I understood).
Tailscale was setup here (Tailscale Issues) but only to access other machines.
Did someone set up tailscale for ssh or vnc access on qubes?

Thanks in advance.

deeplow · October 21, 2022, 9:03am

I haven’t tried tailscale yet. But are you sshing into the remote-admin qube or dom0. I supposed it would remote-admin.

Rnd3sB3g13rng · October 22, 2022, 2:29am

Using tailscale ssh by executing

tailscale up --ssh
# then map the port 5900 of the remote machine to localhost:5900
ssh -L 5900:localhost:5900 <my_user>@<my_tailscale_ip>
# and then access vnc via localhost
vncviewer localhost:5900

works. But this wraps the already encrypted connection via an ssh tunnel which adds a lot of latency. I’m looking for a way to directly expose port 5900 in the tailscale network. Setting new things up it is sometimes hard to distinguish if something is related to qubes or not. This seems to be no qubes related issue but just a tailscale configuration.

Rnd3sB3g13rng · October 24, 2022, 7:16am

I think this issue is related to "Export localhost" option? · Issue #1121 · tailscale/tailscale · GitHub . @fepitre As you are the creator of qubes-remote-desktop, do you know an easy way to let the vnc server listen on :5900 rather than localhost:5900?

fepitre · October 25, 2022, 8:21am

This is not intended to work with entry other than localhost in dom0. So the easy way is to hack it directly.

Rnd3sB3g13rng · October 25, 2022, 1:46pm

What do you mean by ‘hack it directly’?