How to use Tailscale with Umbrel

How to connect to your Umbrel node using Tailscale

Recently Umbrel added Tailscale app to its app store.

What is Tailscale?

Tailscale is zero config VPN that creates a secure network between your Umbrel and your other devices. Even when separated by firewalls or subnets, Tailscale just works. Tailscale will assign your Umbrel a stable IP and an auto-assigned domain that stays consistent, no matter what network your Umbrel is connected to. It’s like a local network that works everywhere. Tailscale builds on top of WireGuard®’s Noise protocol encryption, a peer-reviewed and trusted standard.

What network is Tailscale?

Let’s recap some aspects for those users that don’t fully understand the networking terms. We have the following types of networks, that some of them are part of the wide open INTERNET network:

  • Internet public domain names / IPs: google.com / 142.250.74.78, these are IP/domain names that anybody connected to the internet can “see” and access them and are maintained by public DNS servers. You need to buy or rent an IP from a ISP in order to be able to manage it for your own machines/systems.

  • Private IPs: 192.168.1.x / 10.0.0.x / 172.16.0.x These are IPs visible ONLY inside your LAN (home area network) and are maintained by your home router, assigning one to each of your devices connected to that router. In Umbrel configuration also you can see them in lnd.conf file as one IP per service /app. So these IPs ARE NOT accessible from outside, only if you configure in your router to forward specific ports to specific IPs inside your LAN.

  • Public VPN IPs: special services that offers you a secured tunnel to a specific server, that offers you a dedicated public IP to be used for accessing the internet. Like a strawman, a fake identity to hide your real IP / location. These IPs are visible and accessible by anybody in internet.

  • Private VPN IPs: special private IPs, generated in a public server, with encryption and secured access, that offers to users a dedicated tunnel through an internal private IP range, directly to your home devices. Each point / device will have its own IP, in the same range. This is what Tailscale is using.

  • Tor Network: a special network that uses the normal Internet network, but is not visible and accessible by regular browsers / devices, they need a dedicated proxy that convert and decrypt the onion addresses in order to be accessible. All traffic on Tor network is encrypted P2P and is not necessary to use open ports, each onion address can be redirected internally to a specific port.

So… with Tailscale installed in Umbrel, we can skip the slow and buggy Tor network and connect our mobile devices to our Umbrel remotely.

Overview

  • This doesn’t mean you can just put the assigned Tailscale IP for you node machine into any browser and login. You need to install Tailscale first on your mobile or desktop.

  • Using Tailscale doesn’t mean your Umbrel is fully accessible on clearnet. Only you have a dedicated private access using a faster connection than Tor.

  • Tailscale maybe is collecting minimal data about your connected devices, but all the traffic is encrypted so practically they do not know what are you doing with those devices or what kind of data you have. Is just like your neighbor knows you have a fridge, a TV or a microwave in your house, but doesn’t know if you use it or for what you use it.

  • I would not recommend to use Tailscale to access your Umbrel through SSH, or at least ONLY if you do it from a secured clean device. SSH access should be used ONLY from your local LAN and from your secured home devices.

Example usage

Connect Zeus mobile app with the Bitcoin node app on your Umbrel

  1. Go to tailscale.com and create an account.
  2. Install Tailscale on Umbrel and login with that created account.
  3. Install Tailscale on your mobile device and login with that same created account. Immediately you will see in the app the IP of your node. It will be a private IP, not a public one. Copy it.
  4. Open Zeus and follow the instructions from Umbrel - Connect wallet - Zeus as it should be a Tor connection, scan the QR code with Zeus and before hit save config, remove the Tor switch and replace all the onion address with that Tailscale IP of your node (see point 3). Done, hit the save button and you will connect in few moments.

Tailscale will create an encrypted private VPN tunnel, but using the internet, between your mobile device (located outside of your LAN) and give you a direct connection to your node as if you were at home and connect to your node through local IP.

Now… you could try the same with other apps you need to connect to your Bitcoin node: Electrum, Bluewallet (only for Electrum server, the LNDhub is not supported with Tailscale), Sparrow, Specter. But remember, every time you want to connect these mobile apps to your node outside your LAN, you need to run Tailscale client first, to create that VPN connection, otherwise the apps cannot “see” or understand that Tailscale IP. Same as for Tor, when you were using Orbot.

I tested for example on mobile device with Tailscale VPN activated to access my LNBits and worked nice. Use your Tailscale IP:3007 in a browser and works perfectly. But yes, this is not for a a public use, only personal use.

Later I will test some other Umbrel apps with Tailscale and will update this guide. If somebody already did it, please send me the details and I will insert them here.

12 Likes

How should you access your dashboard remotely if not through the Tailscale IP address? Should I continue to use TOR if I am on a remote network?

Whats your opinion on using some dynamic dns providers (like duckns), to setup a .duckdns.org subdomain pointing to the ip address generated/given by Tailscale? I am using this solution currently.