This is part 2 of my security cameras series. In the first part I wrote about setting up Frigate, a network video recorder. Next I need to be able to access the Frigate instance when I'm away from home.
Tailscale VPN
The first step was to sign up for Tailscale. I signed up using one of the supported identity providers, and I was ready to start adding devices.
First device: my home router running OPNsense
I installed this on the router and not the NVR VM because I want to use this for other purposes as well, not only for checking the video feeds. The following will open up the entire home LAN for external VPN clients calling home, and has the added benefit of using my local DNS resolver which has ad blocking while I'm on the go.
On the router, I already had the ports tree in /usr/ports, so I just needed to:
# cd /usr/ports
# git pull
# cd security/tailscale
# make install clean
# service tailscaled enable
# service tailscaled start
I added the tailscale0 interface as an active interface in the OPNsense web control panel.
This will be my exit node, and I also need the peers to have access to the home LAN:
# tailscale up --advertise-exit-node --advertise-routes=10.0.0.0/16
The exit node status, and the advertised route, had to be approved in the Tailscale web admin panel.
Second device: my phone
Setting up the phones was even easier: I installed the Tailscale app and logged in using my previously chosen identity provider. The app doesn't come with a whole lot of settings. It lets me choose exit node, and I chose my home router, which was the only one in the list. It now has network access to all devices on my home LAN.
Now I just need some cameras...