-
Notifications
You must be signed in to change notification settings - Fork 0
Tailscale
Tailscale is a virtual private network (VPN) tool that connects your devices together over the internet as if they were all on the same local network. Once set up, any device running Tailscale can reach any other device on your Tailscale network (called a tailnet) directly and securely - regardless of where in the world it is.
Tailscale builds an encrypted peer-to-peer connection between your devices using a technology called WireGuard. Unlike traditional VPNs, traffic travels directly between devices rather than through a central server, which keeps speeds fast and latency low.
Tailscale handles all the complex networking automatically - there is no need to configure port forwarding, open firewall rules, or manage certificates.
- Accessing your home server, NAS, or Home Assistant remotely as if you were on your home network
- Securely connecting to self-hosted services without exposing them to the public internet
- Linking devices across multiple sites into a single private network
-
Go to tailscale.com and click Get started.
-
Choose how you want to sign in — Tailscale does not use a separate username and password. Instead, you sign in using an existing account such as Google, Microsoft, GitHub, or Apple.
-
Follow the prompts to authorise Tailscale to use your chosen account. You will be taken to the Tailscale admin console at login.tailscale.com/admin.
-
Your tailnet is now created and ready to use. The admin console is where you manage all connected devices, users, and settings.
- Download the installer from tailscale.com/download.
- Run the
.exefile and follow the installation wizard. - Once installed, click the Tailscale icon in the system tray and select Log in.
- A browser window will open — sign in with the same account you used to create your tailnet.
- The device will appear in your admin console once connected.
- Download Tailscale from the Mac App Store or from tailscale.com/download.
- Open the app and click Log in.
- A browser window will open — sign in with your tailnet account.
- The device will appear in your admin console once connected.
- Run the following command in a terminal:
curl -fsSL https://tailscale.com/install.sh | sh- Once installed, start and connect Tailscale:
sudo tailscale up- A URL will be displayed in the terminal — open it in a browser and sign in with your tailnet account.
- The device will appear in your admin console once connected.
If you want other devices on your tailnet to access a local network (for example 192.168.100.0/24) through a device, that device needs to be configured as a subnet router.
- Open a PowerShell window as Administrator.
- Run the following command, replacing the subnet with your own if different:
tailscale up --advertise-routes=192.168.100.0/24- You will also need to enable IP routing in Windows. In the same PowerShell window run:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "IPEnableRouter" -Value 1- Restart the device for the routing change to take effect.
- Approve the route in the admin console — see Authorising a subnet route.
- Open a Terminal window.
- Run the following command, replacing the subnet with your own if different:
sudo tailscale up --advertise-routes=192.168.100.0/24- You may be prompted for your macOS password.
- Approve the route in the admin console — see Authorising a subnet route.
- Run the following command, replacing the subnet with your own if different:
sudo tailscale up --advertise-routes=192.168.100.0/24- Enable IP forwarding for routing to work:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf- Approve the route in the admin console — see Authorising a subnet route.
Advertised routes must be approved before other devices can use them.
- Go to the admin console at login.tailscale.com/admin/machines.
- Find the device that is advertising the route and click the three-dot menu (⋯) next to it.
- Select Edit route settings.
- Under Subnet routes, toggle on the route you want to approve (e.g.
192.168.100.0/24). - Click Save. Devices on your tailnet can now reach that subnet.
Some devices or applications (such as servers, containers, or home automation systems) cannot open a browser to complete sign-in interactively. An auth key lets them authenticate automatically on first connection.
- In the admin console, go to Settings → Keys or visit login.tailscale.com/admin/settings/keys.
- Click Generate auth key.
- Configure the key options:
- Reusable — leave this off if the key is for a single device; turn it on only if multiple devices will use the same key.
- Expiry — set how long the key remains valid for authentication (not how long the device stays connected).
- Ephemeral — enable this for temporary devices (such as containers) that should be removed from your tailnet automatically when they disconnect.
- Tags — optionally assign a tag to devices that connect using this key, useful for applying access policies.
- Click Generate key and copy the key — it will only be shown once.
- Paste the key into the application or device when prompted during its initial setup. The device will connect to your tailnet without requiring a browser sign-in.
Keep auth keys secure. Treat them like a password — anyone with the key can add a device to your tailnet.
Once Tailscale is installed, open GivLocal, turn on the Use Tailscale option and paste your auth key into the box provided then tap on "Connect" button. The app will register with Tailscale then connect to your tailnet. Only traffic from the app will be routed over the tailnet so the rest of your phone traffic will not be impacted.
Once enabled, Tailscale should connect automatically when the app is launched, giving you full remote access outside of your network (you can leave it enabled permanently, it will work fine both inside and outside of your network over Tailscale).
<-- Insert Screenshot(s) -->