Tailscale

This article is a stub. Please help out by expanding it - how to get started.

Resources

Home

Official documentation

Tailscale facilitates remote access between devices and services across complex network boundaries such as CGNAT.

Installation

Emerge

Tailscale does not support any USE flags.

Merge the package:

root #emerge --ask net-vpn/tailscale

Configuration

Signing up

Setting up Tailscale requires an account. Tailscale does not store passwords, but instead relies on third-party single sign-on (SSO) providers such as Google, GitHub or OpenID connect. Users can sign up at login.tailscale.com.

See also
https://tailscale.com/kb/1013/sso-providers has a list of supported SSO providers.

Service

OpenRC

Add the Tailscale daemon to the default runlevel:

root #

rc-service tailscale start

root #

rc-update add tailscale default

systemd

Enable the Tailscale daemon:

root #

systemctl start tailscaled.service

root #

systemctl enable tailscaled.service

Usage

Invocation

user $tailscale --help

USAGE
  tailscale [flags] <subcommand> [command flags]

For help on subcommands, add --help after: "tailscale status --help".

This CLI is still under active development. Commands and flags will
change in the future.

SUBCOMMANDS
  up         Connect to Tailscale, logging in if needed
  down       Disconnect from Tailscale
  set        Change specified preferences
  login      Log in to a Tailscale account
  logout     Disconnect from Tailscale and expire current node key
  switch     Switches to a different Tailscale account
  configure  [ALPHA] Configure the host to enable more Tailscale features
  netcheck   Print an analysis of local network conditions
  ip         Show Tailscale IP addresses
  status     Show state of tailscaled and its connections
  ping       Ping a host at the Tailscale layer, see how it routed
  nc         Connect to a port on a host, connected to stdin/stdout
  ssh        SSH to a Tailscale machine
  funnel     Serve content and local servers on the internet
  serve      Serve content and local servers on your tailnet
  version    Print Tailscale version
  web        Run a web server for controlling Tailscale
  file       Send or receive files
  bugreport  Print a shareable identifier to help diagnose issues
  cert       Get TLS certs
  lock       Manage tailnet lock
  licenses   Get open source license information
  exit-node  Show machines on your tailnet configured as exit nodes
  update     [BETA] Update Tailscale to the latest/different version
  whois      Show the machine and user associated with a Tailscale IP (v4 or v6)

FLAGS
  --socket string
    	path to tailscaled socket (default /var/run/tailscale/tailscaled.sock)

Enabling the VPN

Once the service is running, enable the VPN and follow the instructions:

root #tailscale up

Removal

Unmerge

Unmerge the package:

root #emerge --ask --depclean --verbose net-vpn/tailscale

External resources

Manage permissions (ACLs) — used to restrict traffic between devices in both directions, optionally based on port number.
Subnet routers and traffic relay nodes — allows access to devices that can't run Tailscale on a local network.
Exit Nodes (route all traffic) — routes all traffic through one device, similarly to popular VPN services. By default, Tailscale acts as an overlay network and does not route internet traffic.
Setting up a server on your Tailscale network — provides instructions for setting up a server and limiting access to it.
Tailscale Funnel — exposes a service to the internet.