Tailscale Setup¶
Tailscale is our VPN solution that connects you to the internal CWIQ network. Most internal tools (GitLab SSH, Vault, monitoring) are only accessible through Tailscale.
Installation¶
- Download from tailscale.com/download
- Install the application for your platform
- Launch Tailscale
Authentication¶
- Click Sign in (or Log in on the system tray icon)
- Select Sign in with Google
- Use your
@cwiq.ioGoogle account - Approve the device authorization
Verify Connection¶
You should see a list of nodes including hostnames like gitlab-shared-cwiq-io, vault-shared-cwiq-io, etc.
Test Connectivity¶
# Ping the GitLab server via Tailscale
ping gitlab-shared-cwiq-io
# Verify HTTPS access
curl -f https://gitlab.shared.cwiq.io
How It Works¶
- Tailscale creates a WireGuard-based mesh VPN
- Each device gets a
100.x.x.xIP address - Internal servers have Tailscale hostnames (e.g.,
gitlab-shared-cwiq-io) - DNS records like
gitlab.shared.cwiq.ioresolve to the correct endpoints
Troubleshooting¶
"Unable to connect" or timeout¶
- Check Tailscale is running: look for the Tailscale icon in your system tray / menu bar
- Verify you're logged in with your
@cwiq.ioaccount (not a personal account) - Try disconnecting and reconnecting
"Access denied" on Tailscale login¶
- Ensure your admin has added your account to the Tailscale network
- Contact your team lead if you see authorization errors
Slow connection¶
Tailscale uses direct peer-to-peer connections when possible. If traffic is being relayed:
Look for relay in the output. Direct connections show the peer's IP. If consistently relayed, check your firewall settings.