Tailscale Custom Live Linux
What is Tailscale? Tailscale is a service that can build Mesh-VPN networks using the WireGuard protocol. It can create so-called SDNs (Software Defined Networks), connecting users, devices and services.
What is Live Linux? It is an operating system that does not have to be installed on the hard drive of a computer. It can be run either from a USB memory stick or a CD, or be loaded directly in to RAM.
I wanted to combine these two technologies, and you can see the result in the videos embedded below:
What I wanted was basically a Kali Linux Live environment that can be remotely controlled as soon as the device detects or is configured for network connectivity.
What Tailscale provides here is an overlay network, and it also the different types of functionality such as the 'subnet router' or 'exit node' functionality in your 'tailnet'.
I'm using tailscale ephemeral keys here. They are intended for short-lived nodes such as CI/CD containers or, in my case Live operating systems and are automatically cleaned up after being disconnected for a period of time or if the 'tailscale logout' command is used.
About the customization of the live OS, these are the basic services that are now enabled by default:
- Tailscaled
- SSH
- NoVNC
With some minor modifications to enable the kali 'undercover' mode by default, this image can be run entirely from RAM by appending the 'toram' directive to GRUB at boot time.
I made most of my changes to the /config and /kali-config/common configuration, such as:
- Custom repository for Tailscaled daemon
- Bootloaders (BIOS + UEFI mode)
- Live Hooks
- includes.chroot systemd services (startup/shutdown of tailscale client)
- IP Forwarding
- And more ...
Adding more services to the image should most likely use Ansible as soon as the image boots up.
Check the Tailscale documentation on how you should use an 'OAuth client' instead of regular 'auth keys' (https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials)
Using OAuth, you can have keys that never expire.
The recipe can be found at: https://bitbucket.org/scriptnet/kali-live-tailscale/src/master/