tailscale quick notes
Posted on :: Updated on

Tailscale is a vpn tool often used for development to connect into dev environments and enterprises. Unlike more traditional vpn systems it doesn’t have a central hub, its more like a mesh network. A group of machines that can talk to eachother is called a tailnet . Each tailnet also contains a coordination server which assigns each device a Tailscale ip address an handles metadata changes and network topology. Because Tailscale is a mesh network, typically machines will talk to eachother directly; when they can’t, they’ll use another node as a relay . Permissions are managed through an access control list on the coordination server.

Set Up

Download tailscale onto your device and log into your tailscale account. If you don’t have one you can log in using your github account or another identity provider.

You can then use the tailscale app to enable your device to be used as an exit node on your tailnet and, if you want, expose the LAN. Doing so enables vpn use to skirt firewalls. For example: accessing your campus network from home. If you enable LAN access then you can have your friends access your LAN to play minecraft or other games together.

Magic DNS

lets you access a device on your tailnet by going to <device name>.<user name>.ts.net. This also lets you set up public access to your projects without having to set up port forwarding on your home router if you want. Magic DNS also lets you visit https://<device-name> in your browser (if you’re connected to your tailnet) or you can ssh <device name> over your tailnet.

port forwarding

to forward within your tailnet use tailscale serve to forward to the public internet use tailscale funnel. Note that funnel can only listen on 3 specific ports: 443, 8443, 10000. We can forward to a specific port by doing something like tailscale funnel --http(s):443 localhost:5000 you can also forward to a specific path: tailscale funnel --set-path=/site/path localhost:5000. See this reddit post

Hosting a simple website

run tailscale serve absolute/path/to/my-site.html to serve the site on your tailnet and tailscale funnel absolute/path/to/my-site.html if you want to serve it to the internet more broadly.

forwarding a service

If you have a server listening on localhost:3000 you can use tailscale to forward that port by running tailscale funnel 3000

file server

you can host a directory with tailscale serve <path>

Table of Contents