Tailscale - Use on Router for UI3 Remote Viewing - Possible? -- The Answer is YES

[Alaska Country]

Using BI with dual NICs with no internet connectivity. i.e. no DNS server or default gateway selected for either card.



As presently setup, UI3 is available on the LAN for viewing video events on other internet connected devices in spite of BI and the POE cameras being 100% insulated from the internet.

As a test, installed Tailscale on a test computer with BI running in demo mode that has internet. UI3 is visible on a phone with Tailscale using the provided Tailscale IP address in the 100.100.xxx.xxx range using a browser (FireFox).

Issue
With no internet connection, Tailscale can not access UI3 on the BI computer (no internet) which is the expected behavior.

Suggested Solution
For devices which can not host Tailscale there may be a solution by using a router that has access to all LAN traffic that has the capability of hosting Tailscale. Thus the UI3 IP address at 192.168.1.120:81 should be available for Tailscale services.

Devices
Found two routers that can host Tailscale. One the MT-3000 (Beryl AX) and the other an Asus RT-AX86U. (Asus $225 vs Beryl $85) See PDF for MT-3000 data sheet.

Goal
To provide UI3 access to selected neighbors using Tailscale.

Is it possible to only allow access to the UI3 IP address of 192.168.1.120:81 using the suggested router solution?

Would appreciate suggestions plus any first hand experiences using a router with Tailscale.

 

[Alaska Country]

Success - Viewing UI3 on a cell phone using cell data (no WIFI) while still retaining 100% isolation from the internet on the Blue Iris computer as in the above posted diagram is working.

Replaced an old Asus router (14 years) with a new Asus AX86U. Then added the GL-iNet MT-3000 mini router to handle the TailScale requirements. The MT-3000 has TailScale built in along with ZeroTier. The AX86U can also be modified to host TailScale.

The AX86U is connected to a cable modem via it's WAN port. Other LAN side connections are to the AX86U LAN. The MT-3000 WAN port is connected to the LAN port on the AX86U which is the primary router for internet access.

The MT-3000 has two ports. One WAN and one LAN. The LAN is used to access the setup menu for the MT-3000 and also provides internet to the laptop. Thus when using 192.168.8.1 (MT-3000 IP address) and your password the MT-3000 can be setup as needed.

Blue Iris assigns an IP address for UI3 (local internal LAN access). In this case 192.168.1.120 for UI3 use.

To view UI3 by cell phone, activate TailScale on the phone and then enter the IP address (192.168.1.120:81) into a browser. Individual users can then only access preset groups and are required to use a user name and password to view. Plus these connections can be time limited to as to not use up too much of your home internet bandwidth.