How to: Tailscale

• What is Tailscale?
• 1.0 Installation
• 2.0 Creating a Tailscale Connection

What is Tailscale?

Introduction

Tailscale is a modern, easy-to-use VPN (Virtual Private Network) service that allows you to securely connect your devices, no matter where they are, as if they were on the same private network ⊂( ´ ▽ ` )⊃. Unlike traditional VPNs, Tailscale is built on WireGuard, making it fast, secure, and simple to set up without complex firewall or router configurations. Instead of routing all your internet traffic through a centralized VPN server (like traditional VPNs), Tailscale creates a private peer-to-peer (P2P) network between your devices.  
(☞°ヮ°)☞ ☜(°ヮ°☜)

A huge feature of Tailscale is: Advertised Routes. This allows a device to act as a gateway, enabling access to an entire subnet or network rather than just the device itself. This is useful for connecting to on-premises resources, remote office networks, or private cloud environments without setting up a full VPN. When a device advertises a route (e.g. 192.168.1.0/24), other Tailscale nodes can send traffic to that subnet securely over Tailscale’s encrypted mesh network, eliminating the need for complex firewall or VPN configurations. This makes remote access seamless while maintaining security and ease of use. Using this service with SSH allows for maximum security and convenience. Tailscale makes your remote machine feel like it’s on the same network, and SSH lets you control it once connected.  ☆*:.｡.o(≧▽≦)o.｡.:*☆ 

Capabilities of Tailscale

• Zero-config VPN: No need to configure firewalls or open ports
• End-to-end encryption: All connections are fully encrypted using WireGuard
• Multi-device networking: Access your home computer, work server, or any connected device from anywhere
• Split tunneling: Choose which traffic goes through the VPN while keeping other connections direct
• Runs on any network: Works behind NATs and firewalls without manual configuration

Last Updated: 2/20/2025
BY: Lilian

1.0 Installation

---

Materials / Pre-Setup

1. Download Tailscale and make an account on user’s system
2. Create new Ubuntu Server VM on the Proxmox server (Refer to Create a VM in How to: Proxmox)

---

VM Customization Options

Some "conventions" are only applicable to the Proxmox server at the Raspberry Pi Club - disregard "General Settings" if you're in a home lab environment unless specifically highlighted as an important feature

• General Settings (Check advanced)
  • Click Start at boot
  • Node: pve
  • Resource Pool: Personal 
  • VM ID: # (any number unless following a certain convention)
  • Name: [USER]-tailnet (e.g. pat-tailnet)
  • Tags: tailnet, [USER] 

• OS Settings

  • • ISO Image: ubuntu-24.04.1-live-server-amd64.iso

• System Settings

  • Check off qemu-guest-agent

• Disks Settings

• Disk Size (GiB): 16
  
  

• CPU Settings

  • Sockets: 1

  • Cores: 1

• Memory Settings

  • Memory (MiB): 1024-2048

• Network Settings

  • Bridge: vmbr0

• Confirm

  • • Start after created

    • Finish

• During the OS install:
  • Use DHCP
  • Install OpenSSH server and add user’s Github SSH key
    

Last Updated: 2/22/2025
Contributors: Lilian, Vivian

2.0 Creating a Tailscale Connection

---

Adding a Device

1. Go to your Tailscale Admin Console

2. Add new machine on user’s Tailscale

   • Add device > Linux Server
     
     
     
3. Generate install script
   
   
4. Copy and paste install script into user's Ubuntu Server VM (might have to manually type it out if ssh isn't configured // all one continuous line)
   

   EXAMPLE:
   curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up --auth-key=tskey-auth-kEc5KrwcPv11CNTRL-rsE7QpaFhNeKRnTdUALKJgbkJ2Vg
   

   
   

5. Start up Tailscale in it:
   

   sudo tailscale up

6. Open the given login link and sign into Tailscale

---

Configure Advertised Subnet Routes

1. To connect to Tailscale as a subnet router, type in the following commands:

   Note - Change the advertise routes according to your subnet in a home lab environment
   *Any confusion on command syntax/structure can be clarified in Legend
   

   echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
   echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
   sudo sysctl -p /etc/sysctl.conf

2. To advertise subnet routes, type into the shell:
   

   CIDR Notation uses a slash (/) and a number to indicate the length of the network prefix (e.g. 10.0.0.0/24)

   sudo tailscale up --advertise-routes=[IP ADDRESS CIDR]

3. Enable the configured route on Tailscale
   • Edit route settings > Check the box with the IP route > Save
     

IMAGE SHOWING WHERE TO EDIT ROUTE SETTINGS:

Last Updated: 2/22/2025
Contributors: Lilian, Vivian