Setting up a secure, private network across your devices has never been easier thanks to Tailscale. In this comprehensive guide, we’ll walk through installing and configuring Tailscale on an Ubuntu 24.04 VPS hosted with RamNode, creating a seamless mesh network that you can access from anywhere.
What is Tailscale?
Tailscale is a zero-config VPN built on WireGuard that creates secure point-to-point connections between your devices. Unlike traditional VPNs, Tailscale creates a mesh network where devices can communicate directly with each other, with traffic automatically taking the most efficient path.
Why Use RamNode for Your VPS?
RamNode offers reliable, affordable VPS hosting with excellent performance and customer support. Our Ubuntu 24.04 LTS images provide a stable foundation for your Tailscale node, and their network infrastructure ensures low latency connections.
Prerequisites
Before we begin, ensure you have:
- An active RamNode VPS running Ubuntu 24.04 LTS
- SSH access to your VPS with sudo privileges
- A Tailscale account (free at tailscale.com)
- Basic familiarity with Linux command line
Initial VPS Setup
First, connect to your RamNode VPS via SSH:
ssh root@your-vps-ip-address
Update your system packages:
apt update && apt upgrade -y
Create a non-root user for better security (optional but recommended):
adduser tailscale-admin
usermod -aG sudo tailscale-admin
Install Tailscale
Tailscale provides an official installation script that handles the repository setup and package installation. Run the following command:
curl -fsSL https://tailscale.com/install.sh | sh
This script will:
- Add the Tailscale package repository
- Install the GPG key for package verification
- Install the tailscale package and dependencies
Alternatively, you can install manually by adding the repository:
# Add Tailscale's package signing key
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
# Add the tailscale repository
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
# Install Tailscale
apt update
apt install tailscale
Authenticate Your VPS
Start and authenticate your Tailscale installation:
sudo tailscale up
This command will output a URL that you need to visit in your web browser to authenticate the device. The output will look something like:
To authenticate, visit: https://login.tailscale.com/a/xxxxxxxxxx
Open this URL in your browser and log in to your Tailscale account. Once authenticated, your VPS will appear in your Tailscale admin console.
Configure Your Tailscale Node
Enable IP Forwarding (Optional)
If you want to use your VPS as an exit node or subnet router, enable IP forwarding:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Set Up as Exit Node (Optional)
To use your VPS as an exit node for routing all internet traffic:
sudo tailscale up --advertise-exit-node
Then, approve the exit node in your Tailscale admin console.
Configure Subnet Routing (Optional)
If your VPS needs to route traffic to other networks:
sudo tailscale up --advertise-routes=192.168.1.0/24,10.0.0.0/8
Replace the IP ranges with your actual subnet ranges.
Firewall Configuration
Configure the firewall to allow Tailscale traffic:
# Allow SSH (important!)
sudo ufw allow ssh
# Allow Tailscale
sudo ufw allow in on tailscale0
# Enable the firewall
sudo ufw --force enable
Verify Your Installation
Check that Tailscale is running correctly:
# Check service status
sudo systemctl status tailscaled
# View your Tailscale IP and status
tailscale ip
tailscale status
You should see output showing your Tailscale IP address and connected peers.
Connect Other Devices
Install Tailscale on your other devices (computers, phones, etc.) using the appropriate installers from tailscale.com/download. Each device will appear in your network automatically once authenticated.
Advanced Configuration
Custom DNS Settings
Configure custom DNS for your Tailscale network:
sudo tailscale up --accept-dns=false
SSH Access via Tailscale
Edit your SSH configuration to allow connections via Tailscale:
sudo nano /etc/ssh/sshd_config
Add or modify:
ListenAddress 0.0.0.0
ListenAddress 100.x.x.x # Your Tailscale IP
Restart SSH:
sudo systemctl restart ssh
Auto-start Configuration
Ensure Tailscale starts automatically on boot:
sudo systemctl enable tailscaled
Troubleshooting
Common Issues
Tailscale won’t start:
sudo systemctl status tailscaled
sudo journalctl -u tailscaled
Connection issues:
tailscale ping [peer-name-or-ip]
tailscale netcheck
Firewall blocking connections:
sudo ufw status
sudo ufw allow in on tailscale0
Logs and Diagnostics
View Tailscale logs:
sudo journalctl -u tailscaled -f
Generate a bug report:
sudo tailscale bugreport
Security Best Practices
- Regular Updates: Keep your VPS and Tailscale updated
apt update && apt upgrade - Access Controls: Use Tailscale ACLs to restrict access between devices
- Key Expiry: Configure appropriate key expiry times in your Tailscale admin console
- Monitoring: Regularly check connected devices and remove unused ones
- Backup Authentication: Set up multiple authentication methods
Performance Optimization
RamNode-Specific Optimizations
- Choose the Right Location: Select a RamNode datacenter close to your primary location
- Bandwidth Considerations: Monitor your VPS bandwidth usage, especially if using as an exit node
- Resource Monitoring: Keep an eye on CPU and memory usage
htop tailscale status --peers
Conclusion
You now have Tailscale successfully running on your Ubuntu 24.04 VPS with RamNode! Your VPS can serve as a secure access point to your private network, an exit node for secure internet browsing, or a bridge to other networks.
This setup provides you with a robust, secure networking solution that scales with your needs. Whether you’re accessing home services remotely, creating secure connections between offices, or simply wanting a private tunnel to the internet, your Tailscale-enabled RamNode VPS is ready to serve.