Tailscale
Tailscale builds on top of WireGuard and provides OAuth2 (SSO), OpenID, and SAML authentication for peers to build a mesh network. It is crossplatform, has ACL settings and internal DNS.
Installation
Install tailscale. Alternatively, one can use unstable builds by installing the tailscale-gitAUR or tailscale-unstable-binAUR package.
Usage
To use tailscale, enable/start tailscaled.service
and run the server as follows:
# tailscale up
You can authenticate a headless machine by specifying the auth key:
# tailscale up --authkey=tskey-KEY
Using a custom Control Server
Using a custom control server like headscale is possible.
To login run
# tailscale up --login-server https://example.com
On headless systems a non-interactive login using a token is possible.
# tailscale up --login-server https://example.com --authkey your_auth_key