https://pastein.ru/t/ndh
Загрузка данных
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.130.2 --exit-node-allow-lan-acess
[sudo] password for fsociety:
flag provided but not defined: -exit-node-allow-lan-acess
Connect to Tailscale, logging in if needed
USAGE
tailscale up [flags]
"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.
With no flags, "tailscale up" brings the network online without
changing any settings. (That is, it's the opposite of "tailscale
down").
If flags are specified, the flags must be the complete set of desired
settings. An error is returned if any setting would be changed as a
result of an unspecified flag's default value, unless the --reset flag
is also used. (The flags --auth-key, --force-reauth, and --qr are not
considered settings that need to be re-specified when modifying
settings.)
FLAGS
--accept-dns, --accept-dns=false
accept DNS configuration from the admin panel (default true)
--accept-risk value
accept risk and skip confirmation for risk types: lose-ssh,mac-app-connector,all
--accept-routes, --accept-routes=false
accept routes advertised by other Tailscale nodes (default false)
--advertise-connector, --advertise-connector=false
advertise this node as an app connector (default false)
--advertise-exit-node, --advertise-exit-node=false
offer to be an exit node for internet traffic for the tailnet (default false)
--advertise-routes value
routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes
--advertise-tags value
comma-separated ACL tags to request; each must start with "tag:" (e.g. "tag:eng,tag:montreal,tag:ssh")
--audience value
Audience used when requesting an ID token from an identity provider for auth keys via workload identity federation
--auth-key value
node authorization key; if it begins with "file:", then it's a path to a file containing the authkey
--client-id value
Client ID used to generate authkeys via workload identity federation
--client-secret value
Client Secret used to generate authkeys via OAuth; if it begins with "file:", then it's a path to a file containing the secret
--exit-node value
Tailscale exit node (IP, base name, or auto:any) for internet traffic, or empty string to not use an exit node
--exit-node-allow-lan-access, --exit-node-allow-lan-access=false
Allow direct access to the local network when routing traffic via an exit node (default false)
--force-reauth, --force-reauth=false
force reauthentication (WARNING: this may bring down the Tailscale connection and thus should not be done remotely over SSH or RDP) (default false)
--hostname value
hostname to use instead of the one provided by the OS
--id-token value
ID token from the identity provider to exchange with the control server for workload identity federation; if it begins with "file:", then it's a path to a file containing the token
--json, --json=false
output in JSON format (WARNING: format subject to change) (default false)
--login-server value
base URL of control server (default https://controlplane.tailscale.com)
--netfilter-mode value
netfilter mode (one of on, nodivert, off) (default on)
--operator value
Unix username to allow to operate on tailscaled without sudo
--qr, --qr=false
show QR code for login URLs (default false)
--qr-format value
QR code formatting (auto, ascii, large, small) (default auto)
--reset, --reset=false
reset unspecified settings to their default values (default false)
--shields-up, --shields-up=false
don't allow incoming connections (default false)
--snat-subnet-routes, --snat-subnet-routes=false
source NAT traffic to local routes advertised with --advertise-routes (default true)
--ssh, --ssh=false
run an SSH server, permitting access per tailnet admin's declared policy (default false)
--stateful-filtering, --stateful-filtering=false
apply stateful filtering to forwarded packets (subnet routers, exit nodes, and so on) (default false)
--timeout value
maximum amount of time to wait for tailscaled to enter a Running state; default (0s) blocks forever (default 0s)
┌──(fsociety㉿fsociety)-[~]
└─$ sudo ifconfig.me
sudo: ifconfig.me: command not found
┌──(fsociety㉿fsociety)-[~]
└─$ curl ifconfig.me
2001:da8:4015:3ba:9e15:8495:e632:c5fb
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.130.2
node 100.75.130.2 is not advertising an exit node
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.130.2 --exit-node-allow-lan-acess
flag provided but not defined: -exit-node-allow-lan-acess
Connect to Tailscale, logging in if needed
USAGE
tailscale up [flags]
"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.
With no flags, "tailscale up" brings the network online without
changing any settings. (That is, it's the opposite of "tailscale
down").
If flags are specified, the flags must be the complete set of desired
settings. An error is returned if any setting would be changed as a
result of an unspecified flag's default value, unless the --reset flag
is also used. (The flags --auth-key, --force-reauth, and --qr are not
considered settings that need to be re-specified when modifying
settings.)
FLAGS
--accept-dns, --accept-dns=false
accept DNS configuration from the admin panel (default true)
--accept-risk value
accept risk and skip confirmation for risk types: lose-ssh,mac-app-connector,all
--accept-routes, --accept-routes=false
accept routes advertised by other Tailscale nodes (default false)
--advertise-connector, --advertise-connector=false
advertise this node as an app connector (default false)
--advertise-exit-node, --advertise-exit-node=false
offer to be an exit node for internet traffic for the tailnet (default false)
--advertise-routes value
routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes
--advertise-tags value
comma-separated ACL tags to request; each must start with "tag:" (e.g. "tag:eng,tag:montreal,tag:ssh")
--audience value
Audience used when requesting an ID token from an identity provider for auth keys via workload identity federation
--auth-key value
node authorization key; if it begins with "file:", then it's a path to a file containing the authkey
--client-id value
Client ID used to generate authkeys via workload identity federation
--client-secret value
Client Secret used to generate authkeys via OAuth; if it begins with "file:", then it's a path to a file containing the secret
--exit-node value
Tailscale exit node (IP, base name, or auto:any) for internet traffic, or empty string to not use an exit node
--exit-node-allow-lan-access, --exit-node-allow-lan-access=false
Allow direct access to the local network when routing traffic via an exit node (default false)
--force-reauth, --force-reauth=false
force reauthentication (WARNING: this may bring down the Tailscale connection and thus should not be done remotely over SSH or RDP) (default false)
--hostname value
hostname to use instead of the one provided by the OS
--id-token value
ID token from the identity provider to exchange with the control server for workload identity federation; if it begins with "file:", then it's a path to a file containing the token
--json, --json=false
output in JSON format (WARNING: format subject to change) (default false)
--login-server value
base URL of control server (default https://controlplane.tailscale.com)
--netfilter-mode value
netfilter mode (one of on, nodivert, off) (default on)
--operator value
Unix username to allow to operate on tailscaled without sudo
--qr, --qr=false
show QR code for login URLs (default false)
--qr-format value
QR code formatting (auto, ascii, large, small) (default auto)
--reset, --reset=false
reset unspecified settings to their default values (default false)
--shields-up, --shields-up=false
don't allow incoming connections (default false)
--snat-subnet-routes, --snat-subnet-routes=false
source NAT traffic to local routes advertised with --advertise-routes (default true)
--ssh, --ssh=false
run an SSH server, permitting access per tailnet admin's declared policy (default false)
--stateful-filtering, --stateful-filtering=false
apply stateful filtering to forwarded packets (subnet routers, exit nodes, and so on) (default false)
--timeout value
maximum amount of time to wait for tailscaled to enter a Running state; default (0s) blocks forever (default 0s)
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-acess
flag provided but not defined: -exit-node-allow-lan-acess
Connect to Tailscale, logging in if needed
USAGE
tailscale up [flags]
"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.
With no flags, "tailscale up" brings the network online without
changing any settings. (That is, it's the opposite of "tailscale
down").
If flags are specified, the flags must be the complete set of desired
settings. An error is returned if any setting would be changed as a
result of an unspecified flag's default value, unless the --reset flag
is also used. (The flags --auth-key, --force-reauth, and --qr are not
considered settings that need to be re-specified when modifying
settings.)
FLAGS
--accept-dns, --accept-dns=false
accept DNS configuration from the admin panel (default true)
--accept-risk value
accept risk and skip confirmation for risk types: lose-ssh,mac-app-connector,all
--accept-routes, --accept-routes=false
accept routes advertised by other Tailscale nodes (default false)
--advertise-connector, --advertise-connector=false
advertise this node as an app connector (default false)
--advertise-exit-node, --advertise-exit-node=false
offer to be an exit node for internet traffic for the tailnet (default false)
--advertise-routes value
routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes
--advertise-tags value
comma-separated ACL tags to request; each must start with "tag:" (e.g. "tag:eng,tag:montreal,tag:ssh")
--audience value
Audience used when requesting an ID token from an identity provider for auth keys via workload identity federation
--auth-key value
node authorization key; if it begins with "file:", then it's a path to a file containing the authkey
--client-id value
Client ID used to generate authkeys via workload identity federation
--client-secret value
Client Secret used to generate authkeys via OAuth; if it begins with "file:", then it's a path to a file containing the secret
--exit-node value
Tailscale exit node (IP, base name, or auto:any) for internet traffic, or empty string to not use an exit node
--exit-node-allow-lan-access, --exit-node-allow-lan-access=false
Allow direct access to the local network when routing traffic via an exit node (default false)
--force-reauth, --force-reauth=false
force reauthentication (WARNING: this may bring down the Tailscale connection and thus should not be done remotely over SSH or RDP) (default false)
--hostname value
hostname to use instead of the one provided by the OS
--id-token value
ID token from the identity provider to exchange with the control server for workload identity federation; if it begins with "file:", then it's a path to a file containing the token
--json, --json=false
output in JSON format (WARNING: format subject to change) (default false)
--login-server value
base URL of control server (default https://controlplane.tailscale.com)
--netfilter-mode value
netfilter mode (one of on, nodivert, off) (default on)
--operator value
Unix username to allow to operate on tailscaled without sudo
--qr, --qr=false
show QR code for login URLs (default false)
--qr-format value
QR code formatting (auto, ascii, large, small) (default auto)
--reset, --reset=false
reset unspecified settings to their default values (default false)
--shields-up, --shields-up=false
don't allow incoming connections (default false)
--snat-subnet-routes, --snat-subnet-routes=false
source NAT traffic to local routes advertised with --advertise-routes (default true)
--ssh, --ssh=false
run an SSH server, permitting access per tailnet admin's declared policy (default false)
--stateful-filtering, --stateful-filtering=false
apply stateful filtering to forwarded packets (subnet routers, exit nodes, and so on) (default false)
--timeout value
maximum amount of time to wait for tailscaled to enter a Running state; default (0s) blocks forever (default 0s)
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11
node 100.75.54.11 is not advertising an exit node
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-acess
flag provided but not defined: -exit-node-allow-lan-acess
Connect to Tailscale, logging in if needed
USAGE
tailscale up [flags]
"tailscale up" connects this machine to your Tailscale network,
triggering authentication if necessary.
With no flags, "tailscale up" brings the network online without
changing any settings. (That is, it's the opposite of "tailscale
down").
If flags are specified, the flags must be the complete set of desired
settings. An error is returned if any setting would be changed as a
result of an unspecified flag's default value, unless the --reset flag
is also used. (The flags --auth-key, --force-reauth, and --qr are not
considered settings that need to be re-specified when modifying
settings.)
FLAGS
--accept-dns, --accept-dns=false
accept DNS configuration from the admin panel (default true)
--accept-risk value
accept risk and skip confirmation for risk types: lose-ssh,mac-app-connector,all
--accept-routes, --accept-routes=false
accept routes advertised by other Tailscale nodes (default false)
--advertise-connector, --advertise-connector=false
advertise this node as an app connector (default false)
--advertise-exit-node, --advertise-exit-node=false
offer to be an exit node for internet traffic for the tailnet (default false)
--advertise-routes value
routes to advertise to other nodes (comma-separated, e.g. "10.0.0.0/8,192.168.0.0/24") or empty string to not advertise routes
--advertise-tags value
comma-separated ACL tags to request; each must start with "tag:" (e.g. "tag:eng,tag:montreal,tag:ssh")
--audience value
Audience used when requesting an ID token from an identity provider for auth keys via workload identity federation
--auth-key value
node authorization key; if it begins with "file:", then it's a path to a file containing the authkey
--client-id value
Client ID used to generate authkeys via workload identity federation
--client-secret value
Client Secret used to generate authkeys via OAuth; if it begins with "file:", then it's a path to a file containing the secret
--exit-node value
Tailscale exit node (IP, base name, or auto:any) for internet traffic, or empty string to not use an exit node
--exit-node-allow-lan-access, --exit-node-allow-lan-access=false
Allow direct access to the local network when routing traffic via an exit node (default false)
--force-reauth, --force-reauth=false
force reauthentication (WARNING: this may bring down the Tailscale connection and thus should not be done remotely over SSH or RDP) (default false)
--hostname value
hostname to use instead of the one provided by the OS
--id-token value
ID token from the identity provider to exchange with the control server for workload identity federation; if it begins with "file:", then it's a path to a file containing the token
--json, --json=false
output in JSON format (WARNING: format subject to change) (default false)
--login-server value
base URL of control server (default https://controlplane.tailscale.com)
--netfilter-mode value
netfilter mode (one of on, nodivert, off) (default on)
--operator value
Unix username to allow to operate on tailscaled without sudo
--qr, --qr=false
show QR code for login URLs (default false)
--qr-format value
QR code formatting (auto, ascii, large, small) (default auto)
--reset, --reset=false
reset unspecified settings to their default values (default false)
--shields-up, --shields-up=false
don't allow incoming connections (default false)
--snat-subnet-routes, --snat-subnet-routes=false
source NAT traffic to local routes advertised with --advertise-routes (default true)
--ssh, --ssh=false
run an SSH server, permitting access per tailnet admin's declared policy (default false)
--stateful-filtering, --stateful-filtering=false
apply stateful filtering to forwarded packets (subnet routers, exit nodes, and so on) (default false)
--timeout value
maximum amount of time to wait for tailscaled to enter a Running state; default (0s) blocks forever (default 0s)
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access
┌──(fsociety㉿fsociety)-[~]
└─$ curl ifconfig.me
2001:da8:4015:3ba:a577:e999:8e98:8b57
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access
node 100.75.54.11 is not advertising an exit node
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale down
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.sudo apt install snapd -y.2 --exit-node-allow-lan-access --accept-dns=true
too many non-flag arguments: ["apt" "install" "snapd" "-y.2" "--exit-node-allow-lan-access" "--accept-dns=true"]
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.130.2 --exit-node-allow-lan-access --accept-dns=true
node 100.75.130.2 is not advertising an exit node
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access --accept-dns=true
┌──(fsociety㉿fsociety)-[~]
└─$ ping google.com
PING google.com (142.250.73.78) 56(84) bytes of data.
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=1 ttl=64 time=3313 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=2 ttl=64 time=3304 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=3 ttl=64 time=3311 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=4 ttl=64 time=3323 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=5 ttl=64 time=3446 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=6 ttl=64 time=3446 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=7 ttl=64 time=3350 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=8 ttl=64 time=3334 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=9 ttl=64 time=3284 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=10 ttl=64 time=3349 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=11 ttl=64 time=3393 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=12 ttl=64 time=3314 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=13 ttl=64 time=3325 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=14 ttl=64 time=3289 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=15 ttl=64 time=3307 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=16 ttl=64 time=3319 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=17 ttl=64 time=3297 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=18 ttl=64 time=3298 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=19 ttl=64 time=3325 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=20 ttl=64 time=3294 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=21 ttl=64 time=3287 ms
^X@sz64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=22 ttl=64 time=3320 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=23 ttl=64 time=3308 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=24 ttl=64 time=3293 ms
64 bytes from pnseaa-am-in-f14.1e100.net (142.250.73.78): icmp_seq=25 ttl=64 time=3285 ms
^Z
zsh: suspended ping google.com
┌──(fsociety㉿fsociety)-[~]
└─$ sudo tailscale up --exit-node=100.75.54.11 --exit-node-allow-lan-access --accept-dns=true
┌──(fsociety㉿fsociety)-[~]
└─$
