Hi all. So, I´m far away from my server and will not have physical access to it for some time. I have Tailscale setup on it and from my Mac and iPhone I can access the shares normally using the local file management system using the tailscale assigned IP of my server. I can even SSH it, though I´m not very comfortable with CLI. But when I try to access the GUI in a browser using the same IP, I get a “can´t connect the server“ error…any ideas?
Does your Tailnet ACL allow you to access your TrueNAS host on port 80 (HTTP) and/or 443 (HTTPS)?
I tried IP:80 and :443… no go…as fot the ACL permissions I cannot check it now as I have no physical access to the server…maybe I could do it using SSH?
I asked Grok how to teste it using SSH and I got this…so I guess the answer is no…
root@itacoa[~]# ss -tuln | grep ‘:80’
tcp LISTEN 0 511 192.168.0.119:80 0.0.0.0:*
tcp LISTEN 0 511 [::]:80 [::]:*
root@itacoa[~]# ss -tuln | grep ‘:443’
tcp LISTEN 0 511 192.168.0.119:443 0.0.0.0:*
tcp LISTEN 0 511 [::]:443 [::]:*
root@itacoa[~]
Services that are listening on [::] and 0.0.0.0 (almost always) are listening on every interface. So you should be able to access the TrueNAS GUI via your tailnet IP once you allowlist the ports in your ACL file. Here’s an example from mine (using Tailscale’s older ACL format):
// Enable TrueNAS access from specific hosts.
{
"action": "accept",
"src": ["[group|user|host|IP]"],
"dst": [
"100.100.X.Y:22", // SSH
"100.100.X.Y:80", // HTTP, just for redirecting to HTTPS.
"100.100.X.Y:443", // HTTPS
"100.100.X.Y:137", // SMB
"100.100.X.Y:138", // SMB
"100.100.X.Y:139", // SMB
"100.100.X.Y:445", // SMB
],
},
Note that this allows the [group|user|host|IP] access to all the ports/services in that list.
Edit to add: Naturally, 100.100.X.Y is my TrueNAS host tailnet IP. I customized that in Tailscale so it was more memorable.
Ok, I understand…is there a way I can set this up via SSH, since I have no physical access to the server right now ?
Thanks!
You can set this up within the Tailscale control panel under the Access Control screen. You don’t need to have access to any hosts to do this.
I’d recommend making a copy of the existing configuration before making changes, so it’s easy to rollback if something unexpected happens.
Yeah, but the problem is the server is another continent, so I can’t access the GUI to access de Acess Control Screen, that is the basic problem. I’m sure I can set this permission using the CLI via SSH, I just has no idea how…
There might be some confusion on my end or on your end. I apologize if my responses have been confusing. Let’s step back for a moment.
You mention that you can access your TrueNAS shares over Tailscale. Are you able to login to the Tailscale control panel at https://login.tailscale.com? If so, the changes you need to make to access the TrueNAS GUI over your Tailnet are made there, rather than in the TrueNAS GUI.
Ah, I see, I thought you were referring to the TrueNAS control panel, and tune the ACL permissions there…yes, I have acess to the Tailscale panel, I’ll work on it, thanks!
1 Like