How to Install Tailscale on OPNsense

Instructions

  1. Log in to OPNsense and activate SSH and root login and password login.

    echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config
    service sshd restart
    
    # Set root password
    passwd
    
    
  2. Increase the disk size of OPNsense to at least 12 GB to avoid DiskPressure and Evicted Pods issues.

    df -h
    
    # If the usage is high, add more space to the disk
    # For example, to add 10 GB of space:
    gpart add -s 10G -t freebsd-ufs da0
    growfs /dev/da0p2
    
    
  3. Update OPNsense to the latest version by going into the default menu via console or SSH and selecting 12. You might need to do this a few times to get to the final version.

    opnsense-update -T opnsense-devel
    
    

When asked for updating to a major version, do not select 'y' as this will only cause a minor update. Type in the version number instead (it will be shown in the shell).

  1. Additionally, enable Swap.

    mdconfig -a -t swap -s 4g
    swapon /dev/md0
    
    
  2. Follow the tutorial: WireGuard mesh network using OPNsense. You can use the following command to set it up in one step (adjust IP range to your exposed IP range):

    cd /usr/ports/security/tailscale
    make install clean
    service tailscaled enable
    service tailscaled start
    tailscale up --advertise-routes=172.16.103.1/24
    
    

Note: If you still encounter problems regarding missing swap, you can shut down the k3OS VM and temporarily increase the CPU and memory of OPNsense.