Document Tailscale subnet routing with HA failover
- Added Tailscale VPN section to Network documentation - Documented UCG-Fiber router as failover subnet router - Added Tailscale IPs quick reference table - Added troubleshooting entry for subnet access issues - Two subnet routers (pve + ucg-fiber) provide redundancy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Hutson
41
CLAUDE.md
41
CLAUDE.md
@@ -70,6 +70,7 @@ nc -zw1 10.10.10.150 22000 && echo "Windows Syncthing: UP" || echo "Windows Sync
|
|||||||
| High CPU on TrueNAS | Syncthing rescan? KSM? | Check rescan intervals, disable KSM |
|
| High CPU on TrueNAS | Syncthing rescan? KSM? | Check rescan intervals, disable KSM |
|
||||||
| VM won't start | Storage available? RAM free? | `ssh pve 'qm start VMID'`, check logs |
|
| VM won't start | Storage available? RAM free? | `ssh pve 'qm start VMID'`, check logs |
|
||||||
| Tailscale offline | `tailscale status` | `tailscale up` or restart service |
|
| Tailscale offline | `tailscale status` | `tailscale up` or restart service |
|
||||||
|
| Tailscale no subnet access | Check subnet routers | Verify pve or ucg-fiber advertising routes |
|
||||||
| Sync stuck at X% | Folder errors? Conflicts? | Check `rest/folder/errors?folder=NAME` |
|
| Sync stuck at X% | Folder errors? Conflicts? | Check `rest/folder/errors?folder=NAME` |
|
||||||
| Server running hot | Check KSM, check CPU processes | Disable KSM, identify runaway process |
|
| Server running hot | Check KSM, check CPU processes | Disable KSM, identify runaway process |
|
||||||
| Storage enclosure loud | Check fan speed via SES | See [EMC-ENCLOSURE.md](EMC-ENCLOSURE.md) |
|
| Storage enclosure loud | Check fan speed via SES | See [EMC-ENCLOSURE.md](EMC-ENCLOSURE.md) |
|
||||||
@@ -357,6 +358,46 @@ qm set VMID --net1 virtio,bridge=vmbr3
|
|||||||
|
|
||||||
- MTU 9000 (jumbo frames) on all bridges
|
- MTU 9000 (jumbo frames) on all bridges
|
||||||
|
|
||||||
|
### Tailscale VPN
|
||||||
|
|
||||||
|
Tailscale provides secure remote access to the homelab from anywhere.
|
||||||
|
|
||||||
|
**Subnet Routers (HA Failover)**
|
||||||
|
|
||||||
|
Two devices advertise the `10.10.10.0/24` subnet for redundancy:
|
||||||
|
|
||||||
|
| Device | Tailscale IP | Role | Notes |
|
||||||
|
|--------|--------------|------|-------|
|
||||||
|
| pve | 100.113.177.80 | Primary | Proxmox host |
|
||||||
|
| ucg-fiber | 100.94.246.32 | Failover | UniFi router (always on) |
|
||||||
|
|
||||||
|
If Proxmox goes down, Tailscale automatically fails over to the router (~10-30 sec).
|
||||||
|
|
||||||
|
**Router Tailscale Setup (UCG-Fiber)**
|
||||||
|
- Installed via: `curl -fsSL https://tailscale.com/install.sh | sh`
|
||||||
|
- Config: `tailscale up --advertise-routes=10.10.10.0/24 --accept-routes`
|
||||||
|
- Survives reboots (systemd service)
|
||||||
|
- Routes must be approved in [Tailscale Admin Console](https://login.tailscale.com/admin/machines)
|
||||||
|
|
||||||
|
**Tailscale IPs Quick Reference**
|
||||||
|
|
||||||
|
| Device | Tailscale IP | Local IP |
|
||||||
|
|--------|--------------|----------|
|
||||||
|
| Mac Mini | 100.108.89.58 | 10.10.10.125 |
|
||||||
|
| PVE | 100.113.177.80 | 10.10.10.120 |
|
||||||
|
| UCG-Fiber | 100.94.246.32 | 10.10.10.1 |
|
||||||
|
| TrueNAS | 100.100.94.71 | 10.10.10.200 |
|
||||||
|
| Pi-hole | 100.112.59.128 | 10.10.10.10 |
|
||||||
|
|
||||||
|
**Check Tailscale Status**
|
||||||
|
```bash
|
||||||
|
# From Mac Mini
|
||||||
|
/Applications/Tailscale.app/Contents/MacOS/Tailscale status
|
||||||
|
|
||||||
|
# From router
|
||||||
|
expect -c 'spawn ssh root@10.10.10.1 "tailscale status"; expect "Password:"; send "GrilledCh33s3#\r"; expect eof'
|
||||||
|
```
|
||||||
|
|
||||||
## Common Commands
|
## Common Commands
|
||||||
```bash
|
```bash
|
||||||
# Check VM status
|
# Check VM status
|
||||||
|
|||||||
Reference in New Issue
Block a user