this post was submitted on 24 Jun 2024
8 points (90.0% liked)

networking

2824 readers
7 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS
 

Basically, I’m running Tailscale on most of my devices and using subnet routing on a Raspberry Pi for non-Tailscale devices.

My problem is that while using an exit node streaming video from cameras in the iOS/macos Home apps is entirely too slow. I can see from App Privacy Report that it attempts to connect to my home network’s WAN address, so I’ve set up subnet routing to bring in any traffic to any of ISP’s networks through the Raspberry Pi at home (this also makes it possible to use said ISP’s streaming app on Apple TV as if I were at home).

I know that Home doesn’t connect to the cameras locally at all, because I can tear down all the Tailscale stuff and not see any traffic between the client and the camera on the LAN.

Has anyone have a clue how to go about configuring this? Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 4 months ago (1 children)

I’m crossing my fingers that during the handshake they aren’t passing which IP address they’re sending/receiving from. I can’t really see inside the data from Wireshark, but my fear is the camera is saying “I’m 192.168.x.x” and the Mac is saying “I’m 100.x.x.x” because from the camera’s point of view, it would be receiving from “192.168.x.y” (the subnet router).

Since the feature is called HomeKit Secure Video I get the feeling they might be securing it by doing something like that.

[–] [email protected] 1 points 4 months ago (1 children)

This is why I'm recommending IPv6. If you have global unique addresses for all your devices, including on your local network, it makes tail scales job much easier

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

I’m really big on IPv6 adoption but you’re probably right — I have no clue which subnet to advertise on Tailscale for IPv6. Also, the subnet router happens to be the only device I can’t seem to get IPv6 to work on (Alpine Linux). Each time I’ve tried I ruined my /etc/networking/interfaces and had to plug the hard drive into another machine to undo my changes.

[–] [email protected] 2 points 4 months ago* (last edited 4 months ago) (1 children)

For what it’s worth, I believe Tailscale on the Apple TV blocks IPv6. In fact, if you activate Tailscale on your HomeKit Hub, it has the side effect of all thread devices no longer responding until you disconnect from Tailscale and reboot the Apple TV. It’s a major pain in the ass for my small HomeKit / Thread setup.

Here’s the corresponding bug report on GitHub.

[–] [email protected] 1 points 4 months ago

I’ve actually had Tailscale disabled on it for some time now because my ISP’s (a cable operator) TV app knows via some tvOS API that a VPN is running and effectively shuts down.

My solution is to remove the Tailscale app completely, then when traveling put it behind a travel router (this works fantastically).

I’ll have to look into resolving my issue again soon; I just haven’t had time to follow up on this.