chore(docs): add requirements re ports and stun server to docs #12026
Conversation
| source ports `udp/3478` and `udp/41641` to all destination ports. | ||
| > For more detailed information, see | ||
| > [What firewall ports should I open to use Tailscale? (tailscale.com)](https://tailscale.com/kb/1082/firewall-ports). | ||
|
|
There was a problem hiding this comment.
There should probably be some details about NATs and stuff but I really don't know what to write without getting super technical :/
There was a problem hiding this comment.
Honestly I'd prefer to just link to Tailscale's docs on this.
There was a problem hiding this comment.
IDK how well Tailscale's docs cut it, this one doesn't really explain much about NAT just about firewalls.
There was a problem hiding this comment.
I link to https://tailscale.com/blog/how-nat-traversal-works a bit above in the STUN section.
There was a problem hiding this comment.
This is a good blog post but it's not very good documentation since it's 9000 words long. We should probably dumb it down
There was a problem hiding this comment.
OK, I added a fairly high-level overview.
There was a problem hiding this comment.
I've Slack'd you some diagrams. If we're going to explain it, then those are my suggested examples.
There was a problem hiding this comment.
Added and moved to a separate page as this one is getting plenty big already.
Co-authored-by: Dean Sheather <dean@deansheather.com>
| source ports `udp/3478` and `udp/41641` to all destination ports. | ||
| > For more detailed information, see | ||
| > [What firewall ports should I open to use Tailscale? (tailscale.com)](https://tailscale.com/kb/1082/firewall-ports). | ||
|
|
There was a problem hiding this comment.
I've Slack'd you some diagrams. If we're going to explain it, then those are my suggested examples.
Co-authored-by: Spike Curtis <spike@coder.com>
| clusternat --- corpnat | ||
| corpnat --> stun1 | ||
| corpnat --> stun2 | ||
| ``` |
There was a problem hiding this comment.
flowchart TD
subgraph homenet["Home Network"]
client["Client workstation\n192.168.1.101"]
homenat["Home Router/NAT\n65.4.3.21"]
end
subgraph internet["Public Internet"]
stun1["Public STUN"]
vpn1["VPN entry node"]
end
subgraph corpnet["Corp Network 172.16.1.0/24"]
corpnat["Corp Router/NAT\n172.16.1.1\n12.34.56.7"]
vpn2["VPN exit node\n172.16.1.2"]
stun2["Private STUN"]
subgraph cluster["Cluster Network 10.11.12.0/16"]
clusternat["Cluster Router/NAT\n10.11.12.1\n172.16.1.254"]
agent["Workspace agent\n10.11.12.34"]
end
end
vpn1 === vpn2
vpn2 --> stun2
client === homenat
homenat === vpn1
homenat x-.-x stun1
agent --- clusternat
clusternat --- corpnat
corpnat --> stun1
corpnat --> stun2
| homenat -- "[12.34.56.7:41563]" --- internet | ||
| internet -- "[12.34.56.7:41563]" --- corpnat | ||
| corpnat -- "[10.21.43.241:56812]" --> agent | ||
| ``` |
There was a problem hiding this comment.
flowchart LR
subgraph homenet["Home Network"]
direction LR
client["Client workstation\n192.168.1.101:38297"]
homenat["Home Router/NAT\n65.4.3.21:29187"]
end
subgraph corpnet["Corp Network"]
direction LR
agent["Workspace agent\n10.21.43.241:56812"]
corpnat["Corp Router/NAT\n12.34.56.7:41563"]
end
subgraph internet["Public Internet"]
end
client -- "[12.34.56.7:41563]" --- homenat
homenat -- "[12.34.56.7:41563]" --- internet
internet -- "[12.34.56.7:41563]" --- corpnat
corpnat -- "[10.21.43.241:56812]" --> agent
There was a problem hiding this comment.
It's unfortunate Mermaid lays these out differently. Presumably it's due to the arrow directions... does it look weird to keep the use of arrows consistent?
There was a problem hiding this comment.
Yeah, I'm honestly considering replacing with some manual drawings just so we can more easily fine-tune it.
There was a problem hiding this comment.
For now, fixed by changing the arrow directions.
| agent --- corpnat | ||
| corpnat -- "[I see 12.34.56.7:41563]" --> stun1 | ||
| homenat -- "[I see 65.4.3.21:29187]" --> stun1 | ||
| ``` |
There was a problem hiding this comment.
flowchart LR
subgraph homenet["Network A"]
client["Client workstation\n192.168.1.101:38297"]
homenat["NAT\n??.??.??.??:?????"]
end
subgraph internet["Public Internet"]
stun1["STUN server"]
end
subgraph corpnet["Network B"]
agent["Workspace agent\n10.21.43.241:56812"]
corpnat["NAT\n??.??.??.??:?????"]
end
client --- homenat
agent --- corpnat
corpnat -- "[I see 12.34.56.7:41563]" --> stun1
homenat -- "[I see 65.4.3.21:29187]" --> stun1
| C[Workspace Agent\n192.168.21.147:41563] | ||
| A <--> C | ||
| end | ||
| ``` |
There was a problem hiding this comment.
flowchart LR
subgraph corpnet["Private Network\ne.g. Corp. LAN"]
A[Client Workstation\n192.168.21.47:38297]
C[Workspace Agent\n192.168.21.147:41563]
A <--> C
end
| homenat -- "[12.34.56.7:41563]" --- internet | ||
| internet -- "[12.34.56.7:41563]" --- corpnat | ||
| corpnat -- "[10.21.43.241:56812]" --> agent | ||
| ``` |
There was a problem hiding this comment.
It's unfortunate Mermaid lays these out differently. Presumably it's due to the arrow directions... does it look weird to keep the use of arrows consistent?
Co-authored-by: Spike Curtis <spike@coder.com>
Fixes #11876