Remote access via Tailscale Wireguard


I’m trying to access a Perspective project remotely. I have installed and configured Tailscale on the server and the remote client. When the VPN connection is up, I can use RDP to remotely connect to the server from the client. I can also use the VPN-assigned IP in file explorer to access the file system on the server.

However, when I launch a browser and use the VPN-assigned IP and port 8043, all I get is a line of characters on a blank page.

I reached out to Tailscale support and this their response:

" That the browser managed to connect to [], did not timeout nor get a connection error, implies that the connection across the Tailscale network did work. My guess would be that the application listening on port 8043 has been configured to only allow connections from certain addresses, like probably the loopback address and the local LAN.

If it is interpreting the connection from a 100.x.y.z Tailscale client as something from the Internet, the weird characters may be the attempt to send an error like 403 (and perhaps the error page is broken)."

I don’t remember white-listing IPs on the Gateway. Other computers on the same network can access the SCADA without any issues.

Hmm. There’s no whitelist in Ignition itself.

Do you have Python on that server? Can you run a simple HTTP server and see if it’s accessible from the same remote client?

Python 2:

python -m SimpleHTTPServer

Python 3:

python -m http.server 

You should then be able to reach the server at remoteip:8000 from the client and it will have a directory content listing of whatever directory you ran it in.

Another possibility is a problem with your SSL/TLS setup or certificates, or maybe a nosy MITM appliance or proxy. The “lock” icon in your browser looks unhappy about something…

I can access the python server remotely from the client.

I used the self-signed certificate option in the Gateway to create the certificate.

Why is the URL in your browser using HTTP and not HTTPS?

1 Like

I never use HTTPS:// explicitly and let the browser take care of it. I added the prefix and voila, it’s working now :grinning:

Thank you very much for your help.

That works when you’re actually talking directly to the web server, but you’re talking to your VPN’s client endpoint here or something, which is dutifully talking to Ignition on the HTTPS port, but serving you that traffic over HTTP.

1 Like