Connecting to TailScale when my job doesn’t want me to

So I have a TailScale account and I use it to access my Raspberry Pi’s when I’m not at home (one of which is hosting my Obsidian Notes). I noticed a couple of weeks ago that I could no longer connect to TailScale while I was at work.

On my work machine I have a few WSL instances, all of them are for work except one I keep for hobby projects in my downtime. It is in this instance (of Debian) that I have TailScale set up.

So, suddenly I cannot connect to TailScale. When I try tailscale up I get nothing. Just a blank line underneath my command until I finally CTRL+C it to death. After doing this cycle a few times I looked into journalctl: journalctl -u tailscaled. And lo and behold there was my issue:

Apr 18 08:36:33 7QL3X73 tailscaled[1424]: Received error: fetch control key: Get "": x509: certificate signed by unknown authority

Now, as soon as I saw the certificate issue I had a pretty good feeling I knew the issue. Opening up in my browser confirmed the issue.

Damn Firewalls…

The weird thing that got me was the fact that I could still access a number of other tailscale websites, just not the one that was used to login. This gave me an idea.

I plugged my phone into my PC via USB and enabled internet sharing via USB, then disabled the companies network in the control panel.

Once on my phone I was able to successfully run the tailscale up command. I then turned off my phone’s hotspot and re-enabled my work’s network!

After that everything was still connected!

I don’t know if eventually this loop hole will be closed. If that becomes the case then I think my next step would be to host my own instance of HeadScale, I am not sure if the firewall would be able to block it then.

That being said, I don’t think it will be necessary at all. It is pretty rare I get downtime at work and also feel like updating something on my home server at the same time. But ya never know