How to: Tailscale

What is Tailscale?
Introduction 

 Tailscale is a modern, easy-to-use VPN (Virtual Private Network) service that allows you to securely connect your devices, no matter where they are, as if they were on the same private network ⊂( ´ ▽ ` )⊃. Unlike traditional VPNs, Tailscale is built on WireGuard, making it fast, secure, and simple to set up without complex firewall or router configurations. Instead of routing all your internet traffic through a centralized VPN server (like traditional VPNs), Tailscale creates a private peer-to-peer (P2P) network between your devices.   (☞°ヮ°)☞ ☜(°ヮ°☜) 

 A huge feature of Tailscale is: Advertised Routes . This allows a device to act as a gateway, enabling access to an entire subnet or network rather than just the device itself. This is useful for connecting to on-premises resources, remote office networks, or private cloud environments without setting up a full VPN. When a device advertises a route (e.g. 192.168.1.0/24) , other Tailscale nodes can send traffic to that subnet securely over Tailscale’s encrypted mesh network, eliminating the need for complex firewall or VPN configurations. This makes remote access seamless while maintaining security and ease of use. Using this service with SSH allows for maximum security and convenience. Tailscale makes your remote machine feel like it’s on the same network, and SSH lets you control it once connected.  ☆*:.｡.o(≧▽≦)o.｡.:*☆  

 Capabilities of Tailscale 

 

 Zero-config VPN: No need to configure firewalls or open ports 

 End-to-end encryption: All connections are fully encrypted using WireGuard 

 Multi-device networking: Access your home computer, work server, or any connected device from anywhere 

 Split tunneling: Choose which traffic goes through the VPN while keeping other connections direct 

 Runs on any network: Works behind NATs and firewalls without manual configuration 

 

 

 Last Updated: 2/20/2025 BY: Lilian

1.0 Installation
Materials / Pre-Setup 

 

 Download Tailscale and make an account on user’s system 

 Create new Ubuntu Server VM on the Proxmox server  (Refer to Create a VM in How to: Proxmox) 

 

 

 VM Customization Options 

 Some "conventions" are only applicable to the Proxmox server at the Raspberry Pi Club - disregard "General Settings" if you're in a home lab environment unless specifically  highlighted as an important feature 

 

 General Settings (Check advanced) 

 

 Click Start at boot 

 Node: pve 

 Resource Pool: Personal  

 VM ID: # (any number unless following a certain convention) 

 Name: [USER]-tailnet (e.g. pat-tailnet) 

 Tags: tailnet, [USER]  

 

 

 

 

 

 OS Settings 

 

 

 

 

 ISO Image: ubuntu-24.04.1-live-server-amd64.iso 

 

 

 

 

 

 

 

 

 

 System Settings 

 

 

 Check off qemu-guest-agent 

 

 

 

 

 

 

 

 Disks Settings 

 

 

 

 Disk Size (GiB): 16 

 

 

 

 

 

 CPU Settings 

 

 

 Sockets: 1 

 

 

 Cores: 1 

 

 

 

 

 

 

 

 Memory Settings 

 

 

 Memory (MiB): 1024-2048 

 

 

 

 

 

 

 

 Network Settings 

 

 

 Bridge: vmbr0 

 

 

 

 

 

 

 Confirm 

 

 

 

 

 Start after created 

 

 

 Finish 

 

 

 

 

 

 During the OS install: 

 

 Use DHCP 

 Install OpenSSH server and add user’s Github SSH key 

 

 

 

 

 Last Updated: 2/22/2025 Contributors: Lilian, Vivian

2.0 Creating a Tailscale Connection
Adding a Device 

 

 Go to your   Tailscale Admin Console 

 

 Add new machine on user’s Tailscale 

 

 Add device > Linux Server 

 

 

 Generate install script 

 Copy and paste install script into user's Ubuntu Server VM (might have to manually type it out if ssh isn't configured // all one continuous line) 

 EXAMPLE: curl -fsSL https://tailscale.com/install.sh | sh && sudo tailscale up --auth-key=tskey-auth-kEc5KrwcPv11CNTRL-rsE7QpaFhNeKRnTdUALKJgbkJ2Vg 

 

 

 Start up Tailscale in it: 

 sudo tailscale up 

 

 Open the given login link and sign into Tailscale 

 

 

 Configure Advertised Subnet Routes 

 

 To connect to Tailscale as a subnet router , type in the following commands: 

 Note - Change the advertise routes according to your subnet in a home lab environment *Any confusion on command syntax/structure can be clarified in Legend 

 echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf

sudo sysctl -p /etc/sysctl.conf 

 

 To advertise subnet routes, type into the shell: 

 CIDR Notation uses a slash (/) and a number to indicate the length of the network prefix (e.g. 10.0.0.0/24) 

 sudo tailscale up --advertise-routes=[IP ADDRESS CIDR] 

 

 Enable the configured route on Tailscale 

 

 Edit route settings > Check the box with the IP route > Save 

 

 

 

 IMAGE SHOWING WHERE TO EDIT ROUTE SETTINGS: 

 

 

 Last Updated: 2/22/2025 Contributors: Lilian, Vivian