Maab S.
12min Read

How to install Tailscale VPN on Linux and Windows

How to install Tailscale VPN on Linux and Windows

Tailscale is an open-source software, which uses the WireGuard VPN as its base layer, and simplifies creating, managing, and accessing private networks. Even when your servers are protected by firewalls, or reside in different subnets, Tailscale allows you to create secure networks, without requiring manual creation of configuration files or firewall ports/rules. It combines WireGuard’s Noise Protocol encryption with automatic key rotation, and audit-compliant logging to ensure high levels of security. It ensures that your servers and devices always connect directly; regardless of their geographical locations or the number of hops that separate them. This minimises latency and delivers excellent performance.

Tailscale can be installed on a device or a server in a few simple steps. Once installed, you should be able to view your machine’s Tailscale IP, and add more nodes (a device or a server) to the secure network.

Screenshot of tailscale backend

How to install Tailscale on CentOS 8

Prerequisites:
CentOS 8 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.

Step 1. Sign up

If you’re already signed in to Tailscale and are simply adding a new node, skip this step.

If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but this does ensure more security. Make sure you choose an email account you can access from all the devices and machines you intend to connect it to in order to keep it in sync.

tailscale signup form screenshot

Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.

Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.

Sign up with Tailscale to get started. This will later be used to manage your network.

Step 2. Add Tailscale repository

The first step is to add the Tailscale repository to your system. This repository is from where we will fetch the Tailscale rpm. Use the following command:

sudo dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/8/tailscale.repo

Step 3. Install Tailscale

Install Tailscale using the following command:

sudo dnf install tailscale

Successful installation should display the following output:

tailscale installation output

Step 4. Enable and start the service

We will now enable and start the Tailscale service using the systemctl command:

sudo systemctl enable --now tailscaled

Check the status of the service using:

sudo systemctl status tailscaled
tailscale status output

Step 5. Connect your Machine to the Tailscale network

At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:

sudo tailscale up

You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:

tailscale machine ready

Upon successful authorisation, you should see the following message:

tailscale auth successful

…and on your terminal window:

tailscale auth success terminal

You should also be able to see the newly added machine on your Tailscale Dashboard.

dashboard newly added machine

Step 6. Find your Tailscale IP address

Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.

To get your Tailscale IP address, use the following command:

ip addr show tailscale0
ip address command output

Step 7. Test your connection

The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.

ping hello.ipn.dev
tailscale ping test

If (and only if) the ping works, it means that your Tailscale network has been properly configured.

Step 8. Add more devices or servers (nodes)

To add more nodes, you can repeat Step 2-6. on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same email domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)

Once added, you should be able to see all your nodes from the admin dashboard:

dashboard view of connected machines

To check the reachability of different nodes within your network, a good start is the ping command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:

tailscale ping command output

How to install Tailscale on Debian 10

Prerequisites:
Debian 10 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.

Step 1. Sign up

If you’re already signed in to Tailscale and are simply adding a new node, skip this step.

If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.

tailscale sign up

Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.

Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.

Sign up with Tailscale to get started. This will later be used to manage your network.

Step 2. Add key and repository

The first step is to add the Tailscale package key and repository.

You might need to install curl and/or gnupg packages before you can execute the commands below successfully. Use the following commands if needed:

sudo apt-get install gnupg
sudo apt-get install curl

Now use the two following commands:

curl https://pkgs.tailscale.com/stable/debian/buster.gpg | sudo apt-key add -
curl https://pkgs.tailscale.com/stable/debian/buster.list | sudo tee /etc/apt/sources.list.d/tailscale.list
tailscale install

Step 3. Install Tailscale

Update your system and install Tailscale:

sudo apt-get update
sudo apt-get install tailscale

Successful installation should display the following output:

tailscale successful install

Step 4. Connect your Machine to the Tailscale network

At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:

sudo tailscale up

You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:

tailscale auth

Upon successful authorisation, you should see the following message:

tailscale successful auth

…and on your terminal window:

tailscale auth successful

You should also be able to see the newly added machine on your Tailscale Dashboard.

tailscale dashboard

Step 5. Get your Tailscale IP address

Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.

To get your Tailscale IP address, use the following command:

ip addr show tailscale0
tailscale ip

Step 6. Test your connection

The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.

ping hello.ipn.dev
tailscale ping test

If (and only if) the ping works, it means that your Tailscale network has been properly configured.

Step 7. Add more devices or servers (nodes)

To add more nodes, you can repeat steps 2-5 on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)

Once added, you should be able to see all your nodes from the admin dashboard:

tailscale dashboard

To check the reachability of different nodes within your network, a good start is the ping command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:

tailscale ping output

How to install Tailscale on Ubuntu 20.04

Prerequisites:
Ubuntu 20.04 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.

Step 1. Sign up

If you’re already signed in to Tailscale and are simply adding a new node, skip this step.

If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.

tailscale signup

Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.

Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.

Sign up with Tailscale to get started. This will later be used to manage your network.

Step 2. Add key and repository

The first step is to add the Tailscale package key and repository.

You might need to install curl and/or gnupg packages before you can execute the above commands successfully. Use the following commands, if needed:

sudo apt-get install gnupg
sudo apt-get install curl

Now use the two following commands:

curl https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | sudo apt-key add -
curl https://pkgs.tailscale.com/stable/ubuntu/focal.list | sudo tee /etc/apt/sources.list.d/tailscale.list
tailscale install

Step 3. Install Tailscale

Update your system and install Tailscale:

sudo apt-get update
sudo apt-get install tailscale

Successful installation should display the following output:

tailscale successfull install

Step 4. Connect your Machine to the Tailscale network

At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:

sudo tailscale up

You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:

tailscale auth

Upon successful authorisation, you should see the following message:

tailscale auth successful

…and on your terminal window:

tailscale auth successful

You should also be able to see the newly added machine on your Tailscale Dashboard.

tailscale dashboard

Step 5. Get your Tailscale IP address

Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.

To get your Tailscale IP address, use the following command:

ip addr show tailscale0
tailscale ip

Step 6. Test your connection

The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.

ping hello.ipn.dev
tailscale ping test

If (and only if) the ping works, it means that your Tailscale network has been properly configured.

Step 7. Add more devices or servers (nodes)

To add more nodes, you can repeat steps 2-5 on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)

Once added, you should be able to see all your nodes from the admin dashboard:

tailscale dashboard

To check the reachability of different nodes within your network, a good start is the ping command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:

tailscale ping test

How to install Tailscale on Windows

Prerequisites:
Windows Server 2019 with sudo privileges.
• And/or device running Windows 7 or higher (32- or 64-bit Windows)

Step 1. Sign up

If you’re already signed in to Tailscale and are simply adding a new node, skip this step.

If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.

tailscale signup

Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.

Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.

Sign up with Tailscale to get started. This will later be used to manage your network.

Step 2. Download and install Tailscale

Download the installer from Tailscale. Run it and follow the on-screen steps to complete the installation.

Once done, you should see the following window:

tailscale install

Step 3. Authorise and connect to the Tailscale network

Press the Windows key, click the magnifying glass icon to bring up the search bar and type in “Tailscale”. Press enter or select it with your mouse.

tailscale auth

The Tailscale icon should now start appearing in the taskbar. See below:

tailscale icon desktop

Clicking on the icon will take you to the authentication window on your browser. Follow the instructions to complete the addition of your machine to the network. Upon success, you should see the following message:

tailscale auth successful

You should also be able to see the newly added machine on your Tailscale Dashboard.

tailscale dashboard

Step 4. Find your Tailscale IP address

Tailscale provides a static IP address for each node (server or device), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.

To find your Tailscale IP address on Windows devices, click on the Tailscale icon in the taskbar. My address: 100.x.y.z should be listed second from the top.

To get your Tailscale IP address on a server, open PowerShell and use the following command:

ifconfig
tailscale ip

Step 5. Test your connection

The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.

ping hello.ipn.dev
tailscale ping test

If (and only if) the ping works, it means that your Tailscale network has been properly configured.

Step 6. Add more devices or servers (nodes)

To add more nodes, you can repeat steps 2-5 on a different Windows node, or follow the Debian/Ubuntu/CentOS guides shared above to add nodes with other operating systems. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)

Once added, you should be able to see all your nodes from the admin dashboard:

tailscale dashboard

To check the reachability of different nodes within your network, use the ping command.

ping insert_your_ip

If this is successful, you have verified your set up. Now you’re up and running.


The Author

Maab S.

Maab is an experienced software engineer who specializes in explaining technical topics to a wider audience.

More posts from Maab