In today’s interconnected world, secure remote access to networks and the ability to route traffic through specific geographic locations has become essential for businesses and developers alike. Tailscale provides an elegant solution by creating a secure mesh VPN that simplifies network connectivity across devices and locations.
Setting up a Tailscale exit node allows you to route your internet traffic through a specific server, providing benefits like accessing geo-restricted content, enhanced privacy, and consistent IP addresses. Meanwhile, a subnet router enables you to access resources on a remote network through your Tailscale connection. This tutorial will guide you through configuring both features on an Ubuntu server.
Prerequisites
Before we begin, ensure you have the following:
- An Ubuntu 24.04 LTS VPS with at least 1GB RAM and 1 CPU core
- Root or sudo access to the server
- A Tailscale account (free tier available)
- Basic familiarity with Linux command line
- SSH access to your VPS
For this tutorial, we’ll assume you’re using a fresh Ubuntu 24.04 LTS installation. The commands provided work for both root and non-root users with sudo privileges.
Step-by-Step Tutorial
Step 1: Update System Packages
First, ensure your system is up to date
sudo apt update && sudo apt upgrade -yStep 2: Install Tailscale
Install Tailscale using the official installation script
curl -fsSL https://tailscale.com/install.shThis script automatically detects your distribution and installs the appropriate Tailscale package. For Ubuntu 24.04, it will install the latest stable version from Tailscale’s APT repository.
Step 3: Authenticate Tailscale
Start Tailscale and authenticate your device.
sudo tailscale upThis command will generate an authentication URL. Copy and paste it into your browser to authenticate with your Tailscale account. Once authenticated, your VPS will appear in your Tailscale admin console.
Step 4: Enable IP Forwarding
For both exit node and subnet routing functionality, enable IP forwarding.
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -pVerify the settings are applied
sudo sysctl net.ipv4.ip_forward net.ipv6.conf.all.forwardingStep 5: Configure Exit Node
Enable your VPS as an exit node by running
sudo tailscale up --advertise-exit-nodeThis command configures your VPS to advertise itself as an exit node to other devices in your tailnet (Tailscale network).
Step 6: Configure Subnet Router (Optional)
If you want to route traffic to specific subnets through your VPS, configure subnet routing. First, identify the subnets you want to advertise.
ip route | grep -E "(eth0|ens|enp)"
ip -6 route | grep -E "(eth0|ens|enp)"Then advertise the subnets (replace with your actual subnet ranges)
sudo tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24,10.0.0.0/24Step 7: Approve Routes in Admin Console
Navigate to your Tailscale Admin Console and
- Locate your VPS in the machines list
- Click the three dots menu next to your VPS
- Select “Edit route settings”
- Approve the exit node and/or subnet routes
- Optionally, disable key expiry for unattended operation
Step 8: Configure Firewall
If using UFW (Ubuntu’s default firewall), configure it to allow Tailscale traffic.
sudo ufw allow in on tailscale0sudo ufw allow 41641/udpFor iptables users, ensure forwarding rules are properly configured
sudo iptables -A FORWARD -i tailscale0 -j ACCEPTsudo iptables -A FORWARD -o tailscale0 -j ACCEPTStep 9: Test Configuration
From another device in your tailnet, test the exit node functionality:
# Check your current IP
curl ifconfig.me# Enable exit node on client device
tailscale up --exit-node=YOUR_VPS_TAILSCALE_IP #Verify IP has changed
curl ifconfig.meFor subnet routing, test connectivity to resources within the advertised subnets using their private IP addresses.
Reference
Set Up a Tailscale Exit Node and Subnet Router on an Ubuntu 24.04 VPS – Onidel Cloud
No responses yet