Tailscale needs an Internet-bound control plane to aide node discovery and VPN management. When that plane is offline, nodes try to cache each others’ endpoints, but this doesn’t persist upon reboot. So a peer discovery from cold start is impossible without an internet connection, even when that peer is on the same LAN.
To work around this problem, one could selfhost a LAN-only Headscale server and it’d probably work. Or just connect via LAN directly if Wireguard encryption and Tailscale features aren’t needed. But this means inconveniently switching and managing multiple VPNs/address spaces.
The problem has been raised on Tailscale’s issue tracker. Seeing relevant issues, it seems like the best bet is on local discovery mechanisms like mDNS/Bonjour. Though that’ll likely take a while to get supported.
With all that said, does anyone know of a current good way to still use the same mesh VPN to connect to LAN machines, sans-Internet? I’m open to hear about Tailscale alternatives and how they implement it too
TIA!
Since wireguard only awks connections with matching keys, on a private lan, I bet you could just scan the network for all hosts and try the wireguard connection. A hack, but might work.
That’s a nice thing with Wireguard yea. I’ll keep this in mind if ever I can grok Tailscale to do such things