- Notifications
You must be signed in to change notification settings - Fork928
chore(docs): add requirements re ports and stun server to docs#12026
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| source ports `udp/3478` and `udp/41641` to all destination ports. | ||
| > For more detailed information, see | ||
| > [What firewall ports should I open to use Tailscale? (tailscale.com)](https://tailscale.com/kb/1082/firewall-ports). | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
There should probably be some details about NATs and stuff but I really don't know what to write without getting super technical :/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Honestly I'd prefer to just link to Tailscale's docs on this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
IDK how well Tailscale's docs cut it, this one doesn't really explain much about NAT just about firewalls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I link tohttps://tailscale.com/blog/how-nat-traversal-works a bit above in the STUN section.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is a good blog post but it's not very good documentation since it's 9000 words long. We should probably dumb it down
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
OK, I added a fairly high-level overview.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I've Slack'd you some diagrams. If we're going to explain it, then those are my suggested examples.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Added and moved to a separate page as this one is getting plenty big already.
Co-authored-by: Dean Sheather <dean@deansheather.com>
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| source ports `udp/3478` and `udp/41641` to all destination ports. | ||
| > For more detailed information, see | ||
| > [What firewall ports should I open to use Tailscale? (tailscale.com)](https://tailscale.com/kb/1082/firewall-ports). | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I've Slack'd you some diagrams. If we're going to explain it, then those are my suggested examples.
Co-authored-by: Spike Curtis <spike@coder.com>
| clusternat --- corpnat | ||
| corpnat --> stun1 | ||
| corpnat --> stun2 | ||
| ``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
flowchart TD subgraph homenet["Home Network"] client["Client workstation\n192.168.1.101"] homenat["Home Router/NAT\n65.4.3.21"] end subgraph internet["Public Internet"] stun1["Public STUN"] vpn1["VPN entry node"] end subgraph corpnet["Corp Network 172.16.1.0/24"] corpnat["Corp Router/NAT\n172.16.1.1\n12.34.56.7"] vpn2["VPN exit node\n172.16.1.2"] stun2["Private STUN"] subgraph cluster["Cluster Network 10.11.12.0/16"] clusternat["Cluster Router/NAT\n10.11.12.1\n172.16.1.254"] agent["Workspace agent\n10.11.12.34"] end end vpn1 === vpn2 vpn2 --> stun2 client === homenat homenat === vpn1 homenat x-.-x stun1 agent --- clusternat clusternat --- corpnat corpnat --> stun1 corpnat --> stun2| homenat -- "[12.34.56.7:41563]" --- internet | ||
| internet -- "[12.34.56.7:41563]" --- corpnat | ||
| corpnat -- "[10.21.43.241:56812]" --> agent | ||
| ``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
flowchart LR subgraph homenet["Home Network"] direction LR client["Client workstation\n192.168.1.101:38297"] homenat["Home Router/NAT\n65.4.3.21:29187"] end subgraph corpnet["Corp Network"] direction LR agent["Workspace agent\n10.21.43.241:56812"] corpnat["Corp Router/NAT\n12.34.56.7:41563"] end subgraph internet["Public Internet"] end client -- "[12.34.56.7:41563]" --- homenat homenat -- "[12.34.56.7:41563]" --- internet internet -- "[12.34.56.7:41563]" --- corpnat corpnat -- "[10.21.43.241:56812]" --> agentThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It's unfortunate Mermaid lays these out differently. Presumably it's due to the arrow directions... does it look weird to keep the use of arrows consistent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Yeah, I'm honestly considering replacing with some manual drawings just so we can more easily fine-tune it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
For now, fixed by changing the arrow directions.
| agent --- corpnat | ||
| corpnat -- "[I see 12.34.56.7:41563]" --> stun1 | ||
| homenat -- "[I see 65.4.3.21:29187]" --> stun1 | ||
| ``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
flowchart LR subgraph homenet["Network A"] client["Client workstation\n192.168.1.101:38297"] homenat["NAT\n??.??.??.??:?????"] end subgraph internet["Public Internet"] stun1["STUN server"] end subgraph corpnet["Network B"] agent["Workspace agent\n10.21.43.241:56812"] corpnat["NAT\n??.??.??.??:?????"] end client --- homenat agent --- corpnat corpnat -- "[I see 12.34.56.7:41563]" --> stun1 homenat -- "[I see 65.4.3.21:29187]" --> stun1| C[Workspace Agent\n192.168.21.147:41563] | ||
| A <--> C | ||
| end | ||
| ``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
flowchart LR subgraph corpnet["Private Network\ne.g. Corp. LAN"] A[Client Workstation\n192.168.21.47:38297] C[Workspace Agent\n192.168.21.147:41563] A <--> C endThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This is great! Couple small language tweaks and suggestions inline
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| homenat -- "[12.34.56.7:41563]" --- internet | ||
| internet -- "[12.34.56.7:41563]" --- corpnat | ||
| corpnat -- "[10.21.43.241:56812]" --> agent | ||
| ``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
It's unfortunate Mermaid lays these out differently. Presumably it's due to the arrow directions... does it look weird to keep the use of arrows consistent?
Co-authored-by: Spike Curtis <spike@coder.com>
Uh oh!
There was an error while loading.Please reload this page.
Fixes#11876