A researcher explains how to create a distributed VPN with Tails Scale and fly.io. A smart idea to browse the Web safely from anywhere. Timescale is a service that opens up infinite possibilities where the limit is often only the user’s imagination. It is a VPN platform that allows you to create a secure and private network between different devices and networks, regardless of their geographical location. It is designed to make it easier for network resources to connect and communicate securely and privately.
Tailscale uses the WireGuard protocol to establish point-to-point encrypted connections between devices. WireGuard is known for its speed, efficiency, and security and was designed to be simple to set up and use. We have previously seen what types of VPNs exist and how to create them with WireGuard and Tail Scale. More recently, we focused on Tail Scale Funnel, a solution that allows you to share a server via VPN in total security.
An independent researcher showed on GitHub how to create a self-deployed VPN from home or office to share access with friends, colleagues, and relatives. The system is ingenious and pivots not only on Tailscale but also on Fly.io, a global hosting platform that offers an application distribution infrastructure for companies.
The main goal of Fly.io is to simplify the distribution of apps on a global network of servers to improve their performance, reliability, and scalability. The approach presented is fully functional, even if it requires a minimum of technical skills. In the end, however, you get a distributed infrastructure that allows you to instantly resize the VPN nodes all over the planet and choose the exit node, i.e., set from which host the network traffic must exit (you can select one of the 30 locations available worldwide). The mechanism is reliable, solid, and performing, allowing you to enjoy monthly 160 GB of free data traffic.
Set Up Your Own Distributed VPN Network With Tailscale And Fly.io
As explained in the guide published on GitHub, to create your own distributed VPN network, there are some requirements:
- Have a GitHub account;
- Create your organization within GitHub;
- Install the Tailscale client on each device that needs to participate in the VPN;
- Log in to Tailscale with the previously configured GitHub account with the same organization name;
- Go to the Timescale DNS configuration within your account and set the use of a public DNS server (you can use, for example, the Cloudflare DNS IPs 188.8.131.52, 184.108.40.206, 2606:4700:4700::1111, 2606:4700:4700::1001);
- Create a Timescale authentication key ;
- Create an account on fly.io, then install the client for your operating system. Make sure you log in with the same GitHub user account;
- Add your organization via the fly.io client: glycol organs create nome-org-net;
- Then enter the details of your credit card, associating it with the added organization. Don’t worry: fly.io won’t charge you anything unless you exceed the limits set for free accounts (including 160 GB of data traffic per month).
Configuring The Virtual Machine On The Cloud And Choosing The Exit Node
On the cloud system hosted on fly.io, you can clone the following GitHub repository and then start the project:
- Git clone https://github.com/patte/fly-tailscale-exit.git
- Cd fly-tail scale-exit
- Glycol launch
As a final step, you can type the following command to specify the Tailscale authentication key obtained earlier:
- Glycol secrets set TAILSCALE_AUTH_KEY=.
Unfortunately, fly.io no longer assigns a dedicated IPv4 address for each user-uploaded application on the platform. To overcome this problem, buy an IPv4 address at 2 dollars a month or fall back on an IPv6. The various alternatives are available in point 10 Deploy (and IP and scale) of the guide published on GitHub. Finally, with the command glycol deploys, you can start the project using glycol scale count 1 you set the use of a single machine per region.
You can optionally add specific regions. For example, glycol scale count 3 –region hkg, fra,ams
Finally, it must be said that the approach described could lead to a significant increase in traffic on Tail Scales DERP servers. DERP servers provide secure connectivity between devices using Tailscale, even with “obstacles’ ‘ such as firewalls, NATs, or untrusted connections.
In general, Tail Scale is used for internal networks – if everyone used it as a VPN daily, traffic on DERP servers could increase abnormally and unexpectedly. Importantly, Tailscale’s DERP servers do not act as a central point for data access or user control: the end-to-end encryption used by Tailscale ensures that only authorized devices can access data transmitted over the net.
Also Read: What Are The Criteria For Choosing A VPN