Tailscale - zbrewer/homelab GitHub Wiki

Installation

Tailscale can be installed on an unprivileged LCX, however, some additional steps must be taken in order to provide access to the /dev/net/tun device. Rather than provide that access to the host, I decided instead to install Tailscale in a VM. Debian might work; however, getting the exit node DNS to work (using my reverse proxy) proved a bit tricky so I used an Ubuntu server VM instead. A normal VM install can be completed with a static IP/DNS server specified, if desired. In addition, I specified the VPN VLAN (in Proxmox) during VM creation so that the VPN traffic wouldn't be on one of the trusted VLANs but I could still configure firewall rules to allow access to the reverse proxy (and therefore the services I wanted to expose).

Once the VM is ready, the Linux install instructions can be followed for the appropriate distro in order to perform a basic installation. Then, the instructions to enable IP forwarding should be followed so that the VM can be set up as a subnet router and as an exit node.

Finally, Tailscale can be started with the following command (with the routes to advertise replaced as appropriate):

$ sudo tailscale up --advertise-routes=10.0.0.0/16 --advertise-exit-node

This will print a URL that can be visited to authenticate/add the new node to the Tailnet. The Tailscale admin console must then be visited to enable the node as an exit node and to enable the advertised routes. Key expiry can also be disabled here, if desired.

At this point, connecting to the Tailnet from a different device and using the new node as an exit node should allow access to local resources.