aimeeble@blog

Tailnet VPN

There are two main parts:

  1. Creating a “tailnet” – a virtual LAN of sorts by using the Tailscale software (which is itself just a great convenience layer over WireGuard).
  2. Creating a Linode to serve as an exit node that your tailnet traffic is routed through.

Tailnet

This is the easiest part. Create an account, then download and install Tailscale. You’ll need to install the Tailscale client on your main desktop (or any other client machine that you want to be able to use your own Tailnet VPN).

Linode

I resurrected my old Linode account. I was a Linode customer since about 20 years ago. I had kept an instance running for ages, but barely used it for anything; it was just a general-purpose Linux box. I finally decided to terminate that instance a few years back.

Well now, I’m back at it. I created a “Nanode” for $5 / month. It comes with 1 TB of transfer which should be plenty for personal use.

Tailscale, being a security product, obviously follows the generally decried practice of asking you to pipe curl output into a shell.

curl -fsSL https://tailscale.com/install.sh | sh

With that taken care of, connecting it to the tailnet was easy enough.

Configuring it as an exit-node was a little more of a pain. The command

tailscale set --advertise-exit-node

provided a way to tell the local client to serve as an optional exit route for the tailnet. (don’t forget to approve the exit node on the Tailscale web admin page)

Conveniently, it set up all the iptables forwarding rules needed to make this happen. Inconveniently, it did not enable IP forwarding more generally. I still needed to manually run

echo 1 > /proc/sys/net/ipv4/ip_forward

to tell the kernel to do its thing (don’t forget to edit /etc/sysctl.conf or equivalent to get this option re-applied on reboot).

Using It

After the Linode is running as an approved exit node, just point at it! Client devices should be able to select it as an exit node in the Tailscale client. Once active, all your traffic will get encrypted and sent over your tailnet and appear to come from your Linode.

aimeeble@blog

the blog of aimeeble

Creating a Tailnet exit node in the States using a Linode VPS.

By Aimee, 2024-02-16


Tagged:Table of Contents: