Skip to main content

Setting up a tailscale/headscale exit-node

On the client

The example below is for linux client

  1. install tailscale using your method of choice, I picked the one liner script
    # one liner script from tailscale
curl -fsSL https://tailscale.com/install.sh | sh

# If for some reason you can't use the one liner script to install it, refer to the official docs for manually installing at
https://tailscale.com/download/linux/debian-bookworm

  2. run this command to initiate the tailscale client with a custom control server
    # Sample
tailscale up --login-server "http://your-headscale-serverip:port" --advertise-exit-node

# Since I run headscale on the same machine I want to use as an exit-node, I set it as localhost
tailscale up --login-server "http://localhost:8082" --advertise-exit-node

# If the node is already registered, then we can advertise it as an exit-node in this manner
tailscale set --advertise-exit-node

On the server

  1. First we confirm that our nodes are seen and their routes are either 0.0.0.0/0 and/or ::/0
    # Check routes using this command
headscale routes list

# Output
ID | Machine            | Prefix    | Advertised | Enabled | Primary
1  | exit-node1         | 0.0.0.0/0 | true       | false   | -
2  | exit-node1         | ::/0      | true       | false   | -
3  | phone1             | ::/0      | false      | false   | -
4  | phone1             | 0.0.0.0/0 | false      | false   | -
5  | phone2             | ::/0      | false      | false   | -
6  | phone2             | 0.0.0.0/0 | false      | false   | -
    As we can confirm here, the routes are advertised, but not enabled.
  2. To enable the routes, we will use the following command to allow the exit-node to advertise itself, you will have to repeat this for every exit-node you want to add.
    # First select the route you wanna add, in my case I want both IPv4 and IPv6 so I'll add id 1 and 2
ID | Machine            | Prefix    | Advertised | Enabled | Primary
1  | exit-node1         | 0.0.0.0/0 | true       | false   | -
2  | exit-node1         | ::/0      | true       | false   | -
3  | phone1             | ::/0      | false      | false   | -
4  | phone1             | 0.0.0.0/0 | false      | false   | -
5  | phone2             | ::/0      | false      | false   | -
6  | phone2             | 0.0.0.0/0 | false      | false   | -

# Command
headscale routes enable -r 1
headscale routes enable -r 2

# Confirm we enabled it
headscale routes list

ID | Machine            | Prefix    | Advertised | Enabled | Primary
1  | exit-node1         | 0.0.0.0/0 | true       | true    | -
2  | exit-node1         | ::/0      | true       | true    | -
3  | phone1             | ::/0      | false      | false   | -
4  | phone1             | 0.0.0.0/0 | false      | false   | -
5  | phone2             | ::/0      | false      | false   | -
6  | phone2             | 0.0.0.0/0 | false      | false   | -
  3. Test with your client to see if it worked, with these steps done any client should be able to utilize your new exit-node
No Comments
Back to top