Can I use tailscale to access my raspberry pi from outside my local network?

fbrichs · July 9, 2022, 11:49pm

Hi,

I have a simple set up.

Main laptop is a Mac
I use syncthing to back up my files to a Raspberry pi.

I want to access the GUI interface of the Raspberry pi from outside my local lan. What is the best way to do so? I was thinking on installing Tailscale but I am not clear how to access the GUI.

Thanks

tomasz86 · July 10, 2022, 9:08am

Normally, you just set the GUI listen address like this

and then connect to it remotely in a Web browser using the device’s IP address, e.g.

https://192.168.0.2:8386

and so on. This is under the same LAN, of course, so you’ll probably need to figure out yourself how to set up such access in the VPN.

cosas · July 24, 2022, 8:57am

The best (more secure IMO, no need to trust another profitable third-party) way : install ssh server on the PI , set it up in /etc/ssh/sshd_config to prevent password authentication (PasswordAuthentication no) and create a key pair in the mac (ssh-keygen) whose you will copy the public part (content of default generated id_rsa.pub file) to the pi in ~/.ssh/authorized_keys (one single line per authorized key).

You must leave the ST GUI access set to 127.0.0.1:8384

You have already set the pi LAN IP address as static or created a DHCP lease for it in your home router/gateway, and while still in the gateway settings, create a port forward to the pi’s sshd server for WAN access, e.g. ([any]:22922>>>192.168.1.120:22). So no need for a dedicated port forward for the ST GUI, the above single one can even be used to access the full PI desktop, regards to VNC RDP to pi’s localhost. Then:

Add 2 lines in the mac’s /etc/hosts file, one for the pi LAN ip, one other for your home’s WAN ip, e.g.

#strange aliases below to ease ssh... command single letter autocompletion, adapt as you like 
192.168.1.120 pi guipi
80.170.26.34 wanpi remotepigui

Set/create the mac’s ~/.ssh/config file:

#common
User pi
#hosts specific
#simple terminal
Host pi
  #nothing to specify here
Host wanpi
Port 22922
#gui access
Host guipi
LocalForward=8384 localhost:80
LocalCommand=firefox localhost:8384
Host remotepigui
Port 22922
LocalForward=8384 localhost:80
LocalCommand=firefox localhost:8384
#replace "localhost:8384" above with "https://localhost:8384" if you enabled HTTPS for the GUI in ST settings.

From the WAN you get the ST gui this way from within a terminal:

ssh r[TAB]emotepigui

jeryd · July 28, 2022, 5:38pm

I do this. It’s really easy to setup. Just put the tailscale ip for your divice in the syncthing address for that device. I normally do it after the normal address. That way it will search normal and if that does not work it will look for the tailscale ip.

calmh · November 21, 2022, 5:01am

Topic is a spam magnet