Add Cluster to Tailscale
Tailscale is a VPN service that allows you to easily create a secure, scalable mesh network using the open source WireGuard protocol. This article will guide you through connecting a Crunchy Bridge cluster to your Tailscale tailnet.
First login to your Tailscale dashboard. Navigate to the Settings tab, Keys section, and choose Generate auth key. This allows you to create a Tailscale auth key so that your Bridge cluster can be connected to your tailnet.
After you add the auth key to your Crunchy Bridge account (see next section) it can be used to register your cluster as a node in your tailnet.
For production environments, we recommend you using a tagged auth key, so that you can configure permissions ahead of time, and these will be used when adding access. Use an ephemeral auth key so that machines are automatically removed when they’re no longer in use - and keep your Tailscale machine list clean. Additionally, make the auth key reusable will help should Crunchy need to retry connection logic - if a connection fails, and you’re not using a reusable auth key, any retry logic will fail.
Login to Crunchy Bridge and navigate to your cluster. Click on the arrow next to the Networking tab and choose Tailscale.
From there, enter the
authkey that was previously generated and click "Connect Tailscale". Crunchy Bridge will use the
tailscale up command with your auth key to register your cluster.
Tailscale connections can be added through the Crunchy Bridge CLI also, using the
cb tailscale command:
cb tailscale connect --cluster 2w3gipnd3rdg5og3aqicwoin2a --authkey tskey-auth-kwfwzT3CNTRL-9Yh61GnT6xLsMyircfg41MKj56qZqoyB Cluster will be added to tailscale.
Once the Tailscale connection is initialized, it will appear in the Tailscale UI and you will be able to connect through the Tailscale connection, either via IP or its Tailscale name.
Yes. Crunchy Bridge uses the auth key to establish connectivity before it expires. Once the connection is established and the cluster has been registered to the tailnet, it gets its own node key that has a default expiration of 180 days. Unless the node key itself expires, you should not expect disruptions.
However, if the node key expires, connections to and from the endpoint will begin to fail. For production servers, it makes sense to disable the node key expiration altogether.
If you see any issues please contact support.
At this time there are currently issues re-using single-use auth keys. If you had previously established connectivity to Tailscale, have disconnected, and want to reconnect you can still do this but will need to use a multi-use
Please contact support if connection issues persist.