Installing Tailscale VPN: Access Your Home Lab Anywhere

Tailscale in Proxmox LXC!

Harish Thangadurai
6 min readDec 10, 2023

In the previous article, we dived deeper into the step-by-step process of installing AdGuard Home in our Home Lab.

In this article, we will be taking a peek at Tailscale — A VPN service that makes the devices and applications you own accessible anywhere in the world.

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. It enables encrypted point-to-point connections using the open-source WireGuard protocol, which means only devices on your private network can communicate with each other.

In simpler terms, Tailscale kind of creates a network. The more number of devices connected to Tailscale, the larger the network would be. Since all the devices would have Tailscale, the devices connected to it would behave like the devices in a local network.

This makes it convenient to access resources, share files, and interact with devices as if they were all physically connected within the same local network. It’s a powerful solution for creating a unified and easily accessible network across different locations and devices. So we will be able to access our Home Lab no matter where our current location would be.

Steps to install Tailscale:

  • We’ll be directly installing Tailscale bare metal on our Proxmox LXC. We need to make a few changes to our LXC config before proceeding further if we are using an Unprivileged LXC.
  • If we are using privileged LXC then we can skip the below config change. Since we previously created an Unprivileged LXC we will be making this change.
  • First, we need to head over to our Proxmox Login and shut down the LXC. Now we can head over to the Proxmox Shell and navigate to our LXC’s config file.
  • For that first, we need to find out the ID of the unprivileged LXC. On the left, we can see that mine is 106. Now we can type in the below command to open the config file.
# Replace the 106 with the ID of your LXC in which Tailscale is to be installed
nano /etc/pve/lxc/106.conf
  • Now we need to add the below lines to the config file.
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
  • Once done we can then hit on Ctrl + X followed by Y and Enter to save the file. We can now start the LXC and proceed with the actual installation.
  • Now we need to log in to the LXC. We can either use SSH or Proxmox Console as usual. We can copy and paste the below commands one by one to get started with the installation.
# Add Tailscale’s package signing key and repository:
curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg > /dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

# Install Tailscale:
sudo apt-get update
sudo apt-get install tailscale
  • We have successfully installed Tailscale in our Home Lab. We just need to make a few more changes to fully utilize the functionalities of Tailscale.
  • We can copy and paste the below command to advertise a device as an exit node. It means that all the network traffic will be forwarded to that device in our Home Network. In our case, it would be this LXC in our Home Lab. We can use this exit node if we don’t trust the current network to which we are connected.
# Advertise a device as exit node
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
  • Before proceeding further we need to create an account for Tailscale. We can just head over to the below link and click on the ‘Try for free’ button to get started with creating the account. Just follow the on-screen instructions and get the account created for free.
  • We now can start Tailscale and advertise the subnet route. Using this we will be able to access all other devices in our Home Lab when connected to Tailscale as if they are in the local network without the actual need to install Tailscale on those devices separately.
  • We need to change the route in the below command as per your home network. If your IP address goes something like 192.168.0.10 then the below command can be used. If your IP address goes something like 192.168.1.10 then the route would be 192.168.1.0/24. Based on the individual’s home network we need to change the route.
# Advertise subnet route and start tailscale
sudo tailscale up --reset --advertise-routes=192.168.0.0/24 --advertise-exit-node
  • A URL will be shown in the console. We need to open the URL in a browser and authenticate the device.
  • We can click on the connect button to authorize the device. Once done we can now login to our Tailscale admin console to make a few minor changes.
  • I have a few devices connected to my account hence those devices are listed already. We can now click on the device to view the detailed information of the device.
  • We can click on the 3 dot menu to disable the key expiry so that the account on the device would not ask us to re-authenticate after every fixed time.
  • We can click on the Edit route settings to enable the subnet and the exit node setting that we configured earlier.
  • We can hit the button to enable the same.

We have successfully installed and configured Tailscale. Now we can install the respective PC and Mobile Apps on our devices. Once done we can login to our account and connect to our network.

After connecting to the Tailscale VPN we will now be able to access our Home Lab and all the devices connected to it from anywhere in the world. We can also enable the exit node option to forward all our browsing traffic to our Home Network. Try opening a browser after turning off your WiFi and opening up TrueNAS, Proxmox, or AdGuard Home using the IP address. The sites would load without any issues when connected to Tailscale.

Feel free to play around in the Tailscale’s admin console. There are more options available in the console that can be enabled and used. You add more users to your Home Network, configure various access controls for those users and many more settings are available in the admin console.

In this article, we have explored Tailscale and went into the step-by-step process of deploying the same in our Home Lab.

In the next article, we will be looking into another service that we will be deploying in our Home Lab. Stay tuned for more detailed instructions on expanding our Home Labbing capabilities.

Happy Homelabbing!!!

--

--

Harish Thangadurai

👨‍💻 Software Engineer | 🌍Tech Explorer | 🧠 Lifelong Learner