Proxmox: Running Tailscale

3 min readJul 27, 2023

Tailscale is a ‘mesh VPN’ that allows you to securely connect to your services hosted at home from anywhere in the world. Once I learned how to set it up I slapped it on pretty much everything I had and it has been amazing! And all of this without forwarding any ports on your router!! Today we will be adding this to one VM and one LXC on Proxmox.

Tailscale

Tailscale is a zero config VPN for building secure networks. Install on any device in minutes. Remote access from any…

tailscale.com

Requirements:

Proxmox fully installed and configured and access to GUI
A Tailscale account
Tailscale installed on your laptop (or computer you will be using to access these remote services).

Installing Tailscale on VM:

Installing Tailscale on a VM is extremely straightforward. I am using a Debian 10 VM here. These instructions should work for all other Debian versions and popular linux distros.

Install Tailscale:

apt update && apt install curl
curl -fsSL https://tailscale.com/install.sh | sh

Verify the Tailscale service is running using:

systemctl status tailscale

Run Tailscale:

tailscale up

This should give you an authentication link. Copy and paste the link into your browser, connect the device to your account and you are all good to go!

Installing inside an LXC:

Installing Tailscale inside an LXC is not as straightforward as on a VM but it is still quite simple.

Note: To install Tailscale on Alpine Linux follow the Tailscale setup steps in this guide.

Allow creation of TUN device inside LXC:
Tailscale needs access to /dev/net/tun in order to function. By default this is not allowed inside an LXC and we need to modify the configuration on the host to allow this.

First make note of the container ID on the Proxmox GUI. Then on the Proxmox host open /etc/pve/lxc/xxx.conf

Add the following lines:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

Save the file and reboot the container in question. There is no need to reboot the Proxmox host.

Now install and activate Tailscale, just like on a VM:

apt update && apt install curl
curl -fsSL https://tailscale.com/install.sh | sh

tailscale up

And that’s it! Extremely simple plug and play system that just works.

Credit:

The following article helped me and perhaps will help you too.

How to enable tun/tap in a LXC container?

Hi! I need to enable the tun device to run a tinc VPN but I can't create the tun device. I have tested several solution…

forum.proxmox.com

Disclaimer:

This is not a guide for setup in production or business environments. Make sure all services you expose are properly secured before exposing them to the internet using any VPN.

I am not an IT professional. I am not tech support. I am a college student with a server. You are ultimately responsible for any commands you run on your system.

If you have any questions, leave a comment. Enjoy!