I recently changed job to a new company and transferred my old iphone to a new company phone that is centrally managed by global IT.
I have home assistant (installed at a local server at home) I used tailscale to access the app. However that is not working now.
It is working to connect to tailscale but I cant access those lokal IP:s. Could it be that Zscaler is blocking Tailscale?
zscaler can block access to local IPs (or 3rd party VPN), if it is will depend on your companies IT policies.
Tailscale is classified under “Remote Access Tools”, and many companies block unauthorized RATs. Try browsing to tailscale.com and see if you get blocked.
It’s a work phone OP. Perhaps install tailscale on your personal phone.
What mdm are they using?
Ok so even it looks like it is working on the client, it is then blocked on their end in other words?
Tailscale IP range can be changed (to a degree), 100.84.x.y is the range my tailscale instance uses.
I could access tailscale.com
Yeah but I have used the work phone together as a private phone since forever and have never been a problem before. Its a major hassle to have multiple phone methinks. But I will try other vpn and see if that works but if not I will try some workaround.
Also have a look at settings / general / vpn and device management / vpn
In there you will have device vpns - set your device vpn to tailscale
dont know. how do I see that?
Correct. It may see the gui/webserver as harmless but the traffic as questionable
You do know that your company can view your internet surfing on that phone. Just use the phone for work that’s what it is and have your own.
yeah did that. Tried also wireguard. It connect (like tailscale) but in the log file I can see that it cannot handshake
I dont have a problem if they take a look what I browse to be honest. Be my guest. Ok so wireguard didnt work either.
Ok, in the mobile device management section, there should be a management profile, and within that you should be able to see restrictions. Be interested to see the restrictions that have been applied.
They have all unsanctioned vpns blocked. You need to get an exception/permission to unblock your vpn/ip from the security team that manages zscaler. But doesn’t sound like you have a good business justification for it if it is company policy to not allow it.
— head of it security and an admin for Zscaler here
Looked but doesnt really say anyrhing about vpn limitations
One of those setting is key to what is going on.
Got it my good Sir. I will ask IT on monday instead hopefully they know