cqrenet/ocean
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add README.md

Browse Source
This commit is contained in:
Tomas Kracmar
2026-01-16 08:43:00 +00:00
commit d3ef1c2b20
1 changed files with 185 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

185
README.md Normal file
View File

@@ -0,0 +1,185 @@
# Zitadel + Tailscale / Headscale Onboarding Guide
This guide walks a new user through joining the Ocean network using **Zitadel** for identity and **Tailscale** (backed by Headscale / Headplane) for secure network access.
You will receive **a username and a temporary password** from the administrator. Follow the steps carefully for your device.
---
## 1. What You Need Before You Start
* A device running **Windows, macOS, iOS, or Android**
* Internet connection
* Username and temporary password provided by the administrator
You do **not** need any networking knowledge. This process is safe and reversible.
---
## 2. Account Activation (Zitadel)
Before installing Tailscale, you must activate your account.
1. Open a browser and go to:
**[https://id.cqre.net](https://id.cqre.net)**
2. Log in using:
* **Username** (provided by admin)
* **Temporary password** (provided by admin)
3. You will be prompted to:
* Set a **new personal password**
* (Optionally) enroll a **second factor (2FA)** if required
Once completed, your identity is active.
You can close the browser after this step.
---
## 3. Install Tailscale
Tailscale creates a secure, encrypted connection to the Ocean network.
### Download Links
* Windows / macOS: [https://tailscale.com/download](https://tailscale.com/download)
* iOS (iPhone / iPad): App Store → *Tailscale*
* Android: Google Play → *Tailscale*
Install the app as you would any other software.
---
## 4. Log In to Tailscale (Important Platform Differences)
The Ocean network uses a **custom Tailscale server (Headscale)** at **[https://vpn.cqre.net](https://vpn.cqre.net)**.
⚠️ **Important:** On **macOS, iOS, and Android**, the default browser-based login flow must be interrupted. This is normal.
---
### macOS / iOS / Android
1. Open **Tailscale**
2. Tap or click **Log in**
3. A browser window opens asking you to sign in to Tailscale.com
4. **Close the browser window** (do not log in)
5. Return to the **Tailscale app**
6. Select **Use a custom server** / **Add custom coordination server**
7. Enter the server URL exactly:
**[https://vpn.cqre.net](https://vpn.cqre.net)**
8. The browser opens again, this time redirecting to **Zitadel**
9. Log in using:
* Your Zitadel **username**
* Your **personal password**
After successful login, Tailscale connects automatically.
---
### Windows
On Windows, logging in to a **custom Headscale server** requires using the command line.
1. Open **Tailscale** once, then **close the Tailscale window** completely
2. Open **Command Prompt** or **PowerShell**
3. Run the following command exactly:
```
tailscale login --login-server https://vpn.cqre.net
```
4. A browser window opens showing a **device code**
5. Confirm the device code and log in via **Zitadel** using:
* Your Zitadel **username**
* Your **personal password**
6. After successful authentication, return to the Tailscale app
Tailscale will now show the device as **connected**.
---
You may see a message like *“Connected”* or *“VPN enabled”*.
---
## 5. Platform-Specific Notes
### Windows
* You may be asked to approve a **network adapter** or **VPN driver**
* Accept all system prompts
* Tailscale runs in the system tray after installation
### macOS
* macOS will ask for permission to add a VPN configuration
* Approve the request
* Tailscale icon appears in the menu bar
### iOS (iPhone / iPad)
* iOS will ask to add VPN configurations
* Face ID / Touch ID may be required
* Tailscale reconnects automatically in the background
### Android
* Android will ask for VPN permission
* Always allow Tailscale when prompted
* Battery optimization may need to be disabled for reliability
---
## 6. Verifying Connection
Once connected:
* You can access internal services (websites ending in `.ocean` or similar)
* Some services may require you to log in again using Zitadel
If something works only inside the network, that is expected behavior.
---
## 7. Logging Out or Disconnecting
* To temporarily disconnect: open Tailscale and toggle **Off**
* To log out completely: open Tailscale → Account → **Log out**
You can reconnect anytime by logging in again.
---
## 8. Common Issues
**Browser does not open automatically**
* Copy the login URL shown in Tailscale and open it manually
**Login works but no access**
* Wait 12 minutes (access rules may still be propagating)
**Still not working**
* Contact the administrator and mention:
* Your username
* Your device and operating system
---
## 9. Security Notes
* Never share your password
* The administrator will never ask for your password
* If you lose your device, report it immediately
---
Welcome aboard 🌊
You are now part of the Ocean network.