Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Tailscale Setup

Overview

Tailscale is a mesh VPN that lets your devices communicate securely as if they were on the same local network, regardless of location. Unlike traditional VPNs, Tailscale uses WireGuard to create direct P2P connections between devices — no central server routing your traffic.

┌─────────────────────────────────────────────────────────┐
│                  Tailscale Cloud                         │
│                  (Coordination)                         │
│                                                          │
│   Manages authentication, distributes keys,              │
│   helps devices find each other                         │
└─────────────────────────────────────────────────────────┘
                           │
          ┌────────────────┼────────────────┐
          │                │                │
          ▼                ▼                ▼
     ┌─────────┐     ┌─────────┐     ┌─────────┐
     │ Laptop  │◄───►│ Phone   │◄───►│  Server │
     │ 100.x.x │     │ 100.x.x │     │ 100.x.x │
     └─────────┘     └─────────┘     └─────────┘
          │                │                │
          └────────────────┴────────────────┘
                 Direct P2P connections
                 (encrypted, no central routing)

This guide uses Tailscale’s free hosted service — just install the client and log in.

What is a “tailnet”? Your Tailscale network is called a “tailnet.” It’s your private virtual network that all your Tailscale-connected devices join. Each tailnet gets its own private IP range (typically 100.64.x.x), and devices can communicate as if they were on the same local network, even across the internet.

Prerequisites

Install Tailscale Client

Linux

curl -fsSL https://tailscale.com/install.sh | sh

macOS

brew install tailscale

Or download from tailscale.com.

Mobile

Install from App Store (iOS) or Play Store (Android).

Log In

Start Tailscale and authenticate via browser:

sudo tailscale up

This opens your default browser asking you to log in with your Tailscale account. Once authenticated, your device joins your Tailscale network.

Options

# Advertise as exit node (route all traffic through this device)
sudo tailscale up --advertise-exit-node

# Use a custom Tailscale name instead of hostname
sudo tailscale up --hostname my-server

# Accept routes to your local network (if advertised)
sudo tailscale up --accept-routes

Connect Other Devices

Install Tailscale on each device and run tailscale up with the same account. Devices automatically discover each other and create direct P2P connections.

Check Status

tailscale status

Shows all connected devices, their Tailscale IPs, and connection type (direct vs relay).

Exit Node

Any device can become an exit node to route internet traffic for other devices:

  1. Enable on the exit node device:

    sudo tailscale up --advertise-exit-node

  2. Approve it in the Tailscale admin console at tailscale.com/admin

  3. Connect other devices through it:

    tailscale up --exit-node=<exit-node-ip>

Key Commands

CommandDescription
tailscale upStart Tailscale
tailscale downStop Tailscale
tailscale statusShow connected devices
tailscale ip -4Show your Tailscale IPv4
tailscale logoutLog out of Tailscale