Tailscale lets you easily manage access to private resources, quickly SSH into devices on your network, and work securely from anywhere in the world.
Install with one command
curl -fsSL https://raw.githubusercontent.com/akkupy/Homelab/main/scripts/install_tailscale.sh | sh
Log in to start using Tailscale by running:
tailscale up
OR
sudo tailscale up
You’re connected! You can find your Tailscale IPv4 address by running:
tailscale ip -4
If the device you added is a server or remotely-accessed device, you may want to consider disabling key expiry to prevent the need to periodically re-authenticate.
- Enable IP Forwarding
For many distros such as Ubuntu, Debian, CentOS, RHEL, Fedora, and more, you can enable IP forwarding with these commands:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
- If your Linux node uses firewalld, you may need to also allow masquerading due to a known issue. As a workaround, you can allow masquerading with this command:
firewall-cmd --permanent --add-masquerade
Other distros may require different steps.
When enabling IP forwarding, ensure your firewall is set up to deny traffic forwarding by default. This is a default setting for common firewalls like ufw and firewalld, and ensures your device doesn’t route traffic you don’t intend.
- Advertise the device as an exit node.
From the device you’d like to use as an exit node, re-run tailscale up with the --advertise-exit-node flag, along with any other flags you normally use:
sudo tailscale up --advertise-exit-node
If the device is authenticated by a user who can approve exit nodes in autoApprovers, then the exit node will automatically be approved.
- Allow the exit node from the admin console.
This step is not required if using autoApprovers.
An admin in your network must now allow this device to be used as an exit node.
Open the machines page in the admin console, and locate the exit node device. You can look for the Exit Node badge in the machines list, or use the is:exit-node filter in the search bar to see all devices claiming to be exit nodes.
Once you’ve found the machine, from the menu, open the Edit route settings panel, and enable the Use as exit node option.
- Use the exit node
You can now use the exit node from devices in your network. Each device must enable the exit node separately.
Check out the doc
- Done.
You can verify that your traffic is routed by another device by checking your public IP address using online tools. You should see the exit node’s public IP rather than your local device’s IP.
You can disable routing through the exit node at any time by selecting None from the same menu used in step 5.