Skip to main content

Hi folks, 
I continued my tests on the lab, and did a I wanted to share the results and thoughts with you.

After the initial setup, and installing Tailscale on my Veeam V&R Server vm, I also installed on a client machine outside of my network (also internet connection, emulating a remote client).

Tailscale has a Magic DNS service that, when the agent is installed, you can call the clients by their DNS names (or names configured at the Web console),

So, I though, why don't I deploy a backup agent and connect it through the Tailscale VPN network?

instead of opening ports, and mapping IP addresses, I give it a shot,

I created a protection group and added the test client in the process, as you can see in the screenshots:

the, with the agent deployed, I created a backup job to test it out.

Now, let's trigger the backup, the fist one will be a FULL one, so I was anxious and “scared” at the same time:

Fire in the hole!
Backup has started and seems to be doing fine…

and here it comes the magic, performing at 68Mbps and very stable, 
Full backup from the agent to the Veeam B&R Server with Local repo running ok!

And done!
60GB thin vm
Read 11GB
Transferred 6.5GB
In less than 30 minutes!

Then my curiosity went 1 level up, so I decided to also perform a FLR from the client:

an ESXi 8 ISO file, around 600MB.

and….

Voilá!

I’ve got so impressed on how good it performed!!

I really wanted to show it to you, in case you have a special deployment or occasion, you have an idea of a possible workaround, or like me, running some tests for fun!

I will post the steps and process more detailed on my blog.

cheers.

Great post and cool idea!


@HunterLAFR wrote

“So, I though, why don't I deploy a backup agent and connect it through the Tailscale VPN network? “
 

For a few months now, i have been running VBR, VAgents and backup repositories over tailscale only, been running perfectly.

Now i have found a possible serious downside that users might want to consider.

If everything is only accessible behind tailscale, then what do you in a disaster?

The VAgent recovery image iso, does not support tailscale, so cannot reach the VBR, cannot access the backup repositories, cannot FLR, cannot perform instant recovery and so on.

Hi @asdffdsa6132 

Thanks for your comment.
to me, backing up a workstation over VPN is an awesome feature, I can easily recover a File, and I do have a remote “image” to be able to recover the full Workstation if needed.
you are right, you cannot reach the VBR, but, you can always go to the network where you can reach it and reply the recovery process.

plan B would be to access remotely from another PC and download the necessary files to perform a full restore or files download, and move them later.

Is a way to have a remote backup, like using wasabi in the cloud, or other S3 or remote VBR, but over your own private network, not having to publish anything, or deploying complicated networking configs.

I’ve found a “workaround” for the issue, 
if you deploy in the network where the workstation is a Tailscale publisher, connected to the main network where your VBR is located at, you can reach it via IP or DNS from the workstation, not having any issues not running the Tailscale agent in your recovery process, for example.

Its a test, Lab environment, and possible covers an issue for home and small/medium size companies with remote workers, and no so many cloud services.

I hope you liked it and continue investigating the topic.

cheers.

 


@HunterLAFR wrote

“So, I though, why don't I deploy a backup agent and connect it through the Tailscale VPN network? “
 

For a few months now, i have been running VBR, VAgents and backup repositories over tailscale only, been running perfectly.

Now i have found a possible serious downside that users might want to consider.

If everything is only accessible behind tailscale, then what do you in a disaster?

The VAgent recovery image iso, does not support tailscale, so cannot reach the VBR, cannot access the backup repositories, cannot FLR, cannot perform instant recovery and so on.

This is a very good point to bring up for those that use this solution.  Thanks for the share @asdffdsa6132 


@HunterLAFR wrote

“So, I though, why don't I deploy a backup agent and connect it through the Tailscale VPN network? “
 

For a few months now, i have been running VBR, VAgents and backup repositories over tailscale only, been running perfectly.

Now i have found a possible serious downside that users might want to consider.

If everything is only accessible behind tailscale, then what do you in a disaster?

The VAgent recovery image iso, does not support tailscale, so cannot reach the VBR, cannot access the backup repositories, cannot FLR, cannot perform instant recovery and so on.


Very cool Luis!


Very nice test man!


Very cool.  Still trying to get to this for testing in my homelab too.  Will get there one day but nice to see it working for you in your scenario.


Comment