Mastering Compliance
Unveiling the power of Compliance Blade
SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend
May the 4th (+4)
Navigating Paradigm Shifts in Cyber
CPX 2024 Content
is Here!
Harmony SaaS
The most advanced prevention
for SaaS-based threats
CheckMates Go:
CPX 2024 Recap
This is not supported by Check Point in any way. If you try this and it blows up your firewall or management server, restore to a backup which you surely took before running commands some random person you don't know posted.
Tailscale is a sort of "zero-trust" mesh VPN system. At a technical level, it handles key distribution for peer-to-peer Wireguard VPN tunnels which can go through relays operated by Tailscale the company. As long as the endpoints have Internet access, they can establish a VPN with each other and talk through it (subject to rules which you set up in Tailscale). I like a lot of the core decisions they have made in how the product works.
I recently started using it for remote access to some development systems. One of the things I'm developing involves talking via the management API to a Check Point management server, so I decided I would try to get the static build of Tailscale running there for consistency. It works pretty well, and I thought others here might be interested in how I did it.
[Expert@DallasSA]# nohup tailscaled -tun "userspace-networking" -state=/etc/tailscaled.state 2>&1 >/tmp/tailscaled.log &
[1] 1019
nohup: ignoring input and redirecting stderr to stdout
[Expert@DallasSA]# tailscale up
To authenticate, visit:
https://login.tailscale.com/<path>
Copy the link out, visit it in a web browser, and authenticate with the credentials you use for Tailscale. The node will be added to your tailnet. Tailscale is now running, and you can use it to remotely access your management or firewall. Sessions connecting over Tailscale will show as coming from 127.0.0.1:
[Expert@DallasSA]# who
admin pts/2 Dec 13 22:30 (10.0.3.22)
admin pts/3 Dec 13 23:13 (127.0.0.1)
It's annoying to have to manually start tailscaled every boot, and manually run 'tailscale up' to connect, though. To deal with that, I wrote a little init script:
#!/bin/sh
#
# tailscale This shell script takes care of starting and stopping
# tailscaled.
#
# chkconfig: 3 99 74
# description: tailscale starts the tailscaled service for remote access
# and administration.
# Source function library.
. /etc/init.d/functions
[ -x /usr/sbin/tailscaled ] || exit 0
[ -x /usr/sbin/tailscale ] || exit 0
RETVAL=0
prog="tailscaled"
start() {
echo -n $"Starting $prog:"
nohup $prog -tun "userspace-networking" -state=/etc/tailscaled.state >/tmp/tailscale.log 2>&1 &
tailscale up && success || failure
echo
}
stop() {
echo -n $"Stopping $prog:"
tailscale down
killproc $prog -TERM
echo
}
enableAutostart() {
echo -n $"Setting $prog to start at boot:"
ln -s /etc/rc.d/init.d/tailscale /etc/rc.d/rc3.d/S99ztailscale \
&& success || failure
echo
}
disableAutostart() {
echo -n $"Removing $prog from bootup sequence:"
rm /etc/rc.d/rc3.d/S99ztailscale \
&& success || failure
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
;;
enable)
enableAutostart
start
;;
disable)
stop
disableAutostart
;;
*)
echo $"Usage: $0 {start|stop|restart|enable|disable}"
exit 1
esac
exit $RETVAL
Put it in /etc/rc.d/init.d/tailscale, run 'chmod 755 /etc/rc.d/init.d/tailscale' to let the script run, and you can control it like any other service using 'service tailscale':
[Expert@DallasSA]# service tailscale enable
Setting tailscaled to start at boot: [ OK ]
Starting tailscaled: [ OK ]
[Expert@DallasSA]# service tailscale stop
Stopping tailscaled: [ OK ]
[Expert@DallasSA]# service tailscale start
Starting tailscaled: [ OK ]
If you 'enable' the service, it will start when the system boots, so you get access about when sshd starts up.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY
