From c0ca41daeb38a1185488381dde1f26dbb62a996f Mon Sep 17 00:00:00 2001 From: Brad Fitzpatrick Date: Sun, 3 Nov 2024 15:11:57 -0800 Subject: [PATCH] cmd/lopower: add start of a README Change-Id: Ie4d5a8e0a53dafdf3b479457b309ac963b78f9bc Signed-off-by: Brad Fitzpatrick --- cmd/lopower/README.md | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 cmd/lopower/README.md diff --git a/cmd/lopower/README.md b/cmd/lopower/README.md new file mode 100644 index 000000000..59d657c8f --- /dev/null +++ b/cmd/lopower/README.md @@ -0,0 +1,20 @@ +# Tailscale LOPOWER + +"Little Opionated Proxy Over Wireguard-encrypted Routes" + +**STATUS**: in-development alpha (as of 2024-11-03) + +## Background + +Some small devices such as ESP32 microcontrollers [support WireGuard](https://github.com/ciniml/WireGuard-ESP32-Arduino) but are too small to run Tailscale. + +Tailscale LOPOWER is a proxy that you run nearby that bridges a low-power WireGuard-speaking device on one side to Tailscale on the other side. That way network traffic from the low-powered device never hits the network unencrypted but is still able to communicate to/from other Tailscale devices on your Tailnet. + +## Features + +* Runs separate Wireguard server with separate keys (unknown to the Tailscale control plane) that proxy on to Tailscale +* Outputs WireGuard-standard configuration to enrolls devices, including in QR code form. +* embeds `tsnet`, with an identity on which the device(s) behind the proxy appear on your Tailnet +* optional IPv4 support. IPv6 is always enabled, as it never conflicts with anything. But IPv4 (or CGNAT) might already be in use on your client's network. +* includes a DNS server (at `fd7a:115c:a1e0:9909::1` by default and optionally also at `10.90.0.1`) to serve both MagicDNS names as well as forwarding non-Tailscale DNS names onwards + * if IPv4 is disabled, MagicDNS `A` records are filtered out, and only `AAAA` records are served.