How to install Tailscale VPN on Linux and Windows
Tailscale is an open-source software, which uses the WireGuard VPN as its base layer, and simplifies creating, managing, and accessing private networks. Even when your servers are protected by firewalls, or reside in different subnets, Tailscale allows you to create secure networks, without requiring manual creation of configuration files or firewall ports/rules. It combines WireGuard’s Noise Protocol encryption with automatic key rotation, and audit-compliant logging to ensure high levels of security. It ensures that your servers and devices always connect directly; regardless of their geographical locations or the number of hops that separate them. This minimises latency and delivers excellent performance.
Tailscale can be installed on a device or a server in a few simple steps. Once installed, you should be able to view your machine’s Tailscale IP, and add more nodes (a device or a server) to the secure network.
How to install Tailscale on CentOS 8
Prerequisites:
• CentOS 8 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.
Step 1. Sign up
If you’re already signed in to Tailscale and are simply adding a new node, skip this step.
If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but this does ensure more security. Make sure you choose an email account you can access from all the devices and machines you intend to connect it to in order to keep it in sync.
Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.
Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.
Sign up with Tailscale to get started. This will later be used to manage your network.
Step 2. Add Tailscale repository
The first step is to add the Tailscale repository to your system. This repository is from where we will fetch the Tailscale rpm. Use the following command:
sudo dnf config-manager --add-repo https://pkgs.tailscale.com/stable/centos/8/tailscale.repo
Step 3. Install Tailscale
Install Tailscale using the following command:
sudo dnf install tailscale
Successful installation should display the following output:
Step 4. Enable and start the service
We will now enable and start the Tailscale service using the systemctl command:
sudo systemctl enable --now tailscaled
Check the status of the service using:
sudo systemctl status tailscaled
Step 5. Connect your Machine to the Tailscale network
At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:
sudo tailscale up
You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:
Upon successful authorisation, you should see the following message:
…and on your terminal window:
You should also be able to see the newly added machine on your Tailscale Dashboard.
Step 6. Find your Tailscale IP address
Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.
To get your Tailscale IP address, use the following command:
ip addr show tailscale0
Step 7. Test your connection
The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.
ping hello.ipn.dev
If (and only if) the ping works, it means that your Tailscale network has been properly configured.
Step 8. Add more devices or servers (nodes)
To add more nodes, you can repeat Step 2-6. on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same email domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)
Once added, you should be able to see all your nodes from the admin dashboard:
To check the reachability of different nodes within your network, a good start is the ping
command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:
How to install Tailscale on Debian 10
Prerequisites:
• Debian 10 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.
Step 1. Sign up
If you’re already signed in to Tailscale and are simply adding a new node, skip this step.
If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.
Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.
Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.
Sign up with Tailscale to get started. This will later be used to manage your network.
Step 2. Add key and repository
The first step is to add the Tailscale package key and repository.
You might need to install curl
and/or gnupg
packages before you can execute the commands below successfully. Use the following commands if needed:
sudo apt-get install gnupg
sudo apt-get install curl
Now use the two following commands:
curl https://pkgs.tailscale.com/stable/debian/buster.gpg | sudo apt-key add - curl https://pkgs.tailscale.com/stable/debian/buster.list | sudo tee /etc/apt/sources.list.d/tailscale.list
Step 3. Install Tailscale
Update your system and install Tailscale:
sudo apt-get update
sudo apt-get install tailscale
Successful installation should display the following output:
Step 4. Connect your Machine to the Tailscale network
At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:
sudo tailscale up
You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:
Upon successful authorisation, you should see the following message:
…and on your terminal window:
You should also be able to see the newly added machine on your Tailscale Dashboard.
Step 5. Get your Tailscale IP address
Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.
To get your Tailscale IP address, use the following command:
ip addr show tailscale0
Step 6. Test your connection
The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.
ping hello.ipn.dev
If (and only if) the ping works, it means that your Tailscale network has been properly configured.
Step 7. Add more devices or servers (nodes)
To add more nodes, you can repeat steps 2-5 on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)
Once added, you should be able to see all your nodes from the admin dashboard:
To check the reachability of different nodes within your network, a good start is the ping
command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:
How to install Tailscale on Ubuntu 20.04
Prerequisites:
• Ubuntu 20.04 server and/or device
• An account with sudo privileges.
• If you prefer to use root, sudo commands will still work. Alternatively, simply leave out the sudo prefix when you copy and paste all commands.
Step 1. Sign up
If you’re already signed in to Tailscale and are simply adding a new node, skip this step.
If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.
Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.
Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.
Sign up with Tailscale to get started. This will later be used to manage your network.
Step 2. Add key and repository
The first step is to add the Tailscale package key and repository.
You might need to install curl
and/or gnupg
packages before you can execute the above commands successfully. Use the following commands, if needed:
sudo apt-get install gnupg
sudo apt-get install curl
Now use the two following commands:
curl https://pkgs.tailscale.com/stable/ubuntu/focal.gpg | sudo apt-key add - curl https://pkgs.tailscale.com/stable/ubuntu/focal.list | sudo tee /etc/apt/sources.list.d/tailscale.list
Step 3. Install Tailscale
Update your system and install Tailscale:
sudo apt-get update
sudo apt-get install tailscale
Successful installation should display the following output:
Step 4. Connect your Machine to the Tailscale network
At this stage, your machine is ready to connect with the Tailscale network. Use the following command to do so:
sudo tailscale up
You will see a link appear on your terminal window, click on it and follow the steps to authorise your machine:
Upon successful authorisation, you should see the following message:
…and on your terminal window:
You should also be able to see the newly added machine on your Tailscale Dashboard.
Step 5. Get your Tailscale IP address
Tailscale provides a static IP address for each node (device or server), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.
To get your Tailscale IP address, use the following command:
ip addr show tailscale0
Step 6. Test your connection
The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.
ping hello.ipn.dev
If (and only if) the ping works, it means that your Tailscale network has been properly configured.
Step 7. Add more devices or servers (nodes)
To add more nodes, you can repeat steps 2-5 on a different node. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)
Once added, you should be able to see all your nodes from the admin dashboard:
To check the reachability of different nodes within your network, a good start is the ping
command. See the screenshot below where we successfully pinged 100.116.96.36 from the 100.89.11.96 machine, to verify our setup:
How to install Tailscale on Windows
Prerequisites:
• Windows Server 2019 with sudo privileges.
• And/or device running Windows 7 or higher (32- or 64-bit Windows)
Step 1. Sign up
If you’re already signed in to Tailscale and are simply adding a new node, skip this step.
If this is your first time, please note the following! Tailscale networks are based on your email address domain name and plugs into your existing identity providers you or your company already use, meaning there are no extra passwords but does ensure more security. Make sure you choose an email account you can login to from all the devices and machines you intend to connect it to in order to keep it in sync.
Team: If you intend to invite team members to your Tailscale network be sure to use your company/work email address, because only users with the same email domain will be able to access your network. For example, if I sign up with name@hostafrica.com, only users with registered @hostafrica.com email addresses will be able to access my network. It’s advisable to “Sign up with Microsoft” account.
Single user: If you intend to be the only user on your Tailscale network, then feel free to “Sign up with Google” account, as these shared email hosts are limited to the solo plan, and may only have one user.
Sign up with Tailscale to get started. This will later be used to manage your network.
Step 2. Download and install Tailscale
Download the installer from Tailscale. Run it and follow the on-screen steps to complete the installation.
Once done, you should see the following window:
Step 3. Authorise and connect to the Tailscale network
Press the Windows key, click the magnifying glass icon to bring up the search bar and type in “Tailscale”. Press enter or select it with your mouse.
The Tailscale icon should now start appearing in the taskbar. See below:
Clicking on the icon will take you to the authentication window on your browser. Follow the instructions to complete the addition of your machine to the network. Upon success, you should see the following message:
You should also be able to see the newly added machine on your Tailscale Dashboard.
Step 4. Find your Tailscale IP address
Tailscale provides a static IP address for each node (server or device), which means it remains the same regardless of whether the location of your nodes changes. This IP is auto-assigned and cannot be changed manually.
To find your Tailscale IP address on Windows devices, click on the Tailscale icon in the taskbar. My address: 100.x.y.z should be listed second from the top.
To get your Tailscale IP address on a server, open PowerShell and use the following command:
ifconfig
Step 5. Test your connection
The Tailscale team have set up a dummy IRC test server that can be used to check the connection and authorisation of a single endpoint. Let’s ping the server.
ping hello.ipn.dev
If (and only if) the ping works, it means that your Tailscale network has been properly configured.
Step 6. Add more devices or servers (nodes)
To add more nodes, you can repeat steps 2-5 on a different Windows node, or follow the Debian/Ubuntu/CentOS guides shared above to add nodes with other operating systems. Remember that you can either use the same user for all of your nodes, or use different users of the same domain. All users/nodes with the same domain can see each other. To restrict access between nodes, visit Access Control Lists (ACLs)
Once added, you should be able to see all your nodes from the admin dashboard:
To check the reachability of different nodes within your network, use the ping
command.
ping insert_your_ip
If this is successful, you have verified your set up. Now you’re up and running.