Tailscale VPN: Complete Homelab Setup Guide
Secure VPN tunnel for accessing homelab services without port forwarding. access your homelab from anywhere with internet or service without exposing any ports keeping your private network secure and encrypted with wireguard, the de facto standard for modern lightweight VPN's.
Installation
1. Install Tailscale Client
curl -fsSL https://tailscale.com/install.sh | sh
Exit Node Configuration
2. Enable IP Forwarding
Check if /etc/sysctl.d/
exists:
ls /etc/sysctl.d
If directory exists:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
If directory doesn't exist:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
3. Advertise as Exit Node
sudo tailscale up --advertise-exit-node
4. Combined Subnet + Exit Node Setup
For routing entire local network:
sudo tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
Admin Panel Activation
Visit Tailscale Admin Console
Locate your device
Click "..." → Edit route settings
Enable:
✅ Exit Node
✅ Subnet Routes (if used)
Verification
tailscale status
# Should show: "exit node enabled" and/or "subnet routes"
Usage Examples
Route all traffic through homelab:
tailscale up --exit-node=your-server-ip
Access local devices:
ssh username@192.168.1.x # Through advertised subnet
Maintenance
sudo tailscale logout
Remove device from network
tailscale ping <device>
Test connectivity
sudo tailscale up --reset
Fix connection issues
Security Notes
All traffic encrypted with WireGuard®
No inbound firewall rules needed
Device approval required in admin console
Free for personal use (20 device limit)
Pro Tip: Use
--advertise-tags=tag:homelab
for granular access control.
Last updated