RamNode logo
    Sign UpLogin
    VPN Guide

    Setting Up Tailscale VPN

    Tailscale is a modern, zero-config VPN built on WireGuard that creates secure mesh networks across your devices. Combined with RamNode's reliable VPS hosting, you can create seamless private networks that automatically handle NAT traversal and provide direct device-to-device connections wherever possible.

    Ubuntu 22.04/24.04
    Zero-Config VPN
    ⏱️ 10-15 minutes

    Prerequisites

    Before starting, ensure you have:

    Server Requirements

    • • RamNode VPS (Ubuntu 24.04 LTS)
    • • SSH access with sudo privileges
    • • Internet connectivity
    → View Recommended Lite VPS Plans

    Account Requirements

    • • Free Tailscale account
    • • Basic Linux command line knowledge
    • • Understanding of networking concepts
    What is Tailscale?

    Tailscale is a zero-config VPN built on WireGuard that creates secure point-to-point connections between your devices. Unlike traditional VPNs, Tailscale creates a mesh network where devices can communicate directly with each other, with traffic automatically taking the most efficient path.

    2

    Initial VPS Setup

    Connect to your RamNode VPS and update the system:

    Connect via SSH
    ssh root@your-vps-ip-address
    Update System Packages
    apt update && apt upgrade -y
reboot

    After reboot, reconnect and verify the system:

    Check System Information
    uname -a
lsb_release -a

    RamNode Advantage: RamNode's Ubuntu 24.04 LTS images provide a stable, optimized foundation for Tailscale with excellent network performance.

    3

    Install Tailscale

    Install Tailscale using the official installation script:

    Download and Install Tailscale
    curl -fsSL https://tailscale.com/install.sh | sh

    Alternatively, you can install via package manager:

    Install via APT (Alternative Method)
    # Add Tailscale's package signing key and repository
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

# Install Tailscale
apt update
apt install tailscale

    💡 Note: The installation script automatically handles the repository setup and is the recommended method.

    4

    Configure Tailscale

    Start Tailscale and authenticate with your account:

    Start Tailscale Service
    sudo tailscale up

    This will display a URL for device authentication. Copy and open it in your browser to authenticate.

    Authentication Process:
    1. Copy the authentication URL from the terminal
    2. Open the URL in your web browser
    3. Sign in to your Tailscale account
    4. Authorize the device
    Check Tailscale Status
    sudo tailscale status
    Get Device IP Address
    sudo tailscale ip -4

    🎉 Success! Your VPS is now connected to your Tailscale network with a unique IP address in the 100.x.x.x range.

    5

    Configure Subnet Routing

    Enable your VPS as a subnet router to access your RamNode private network:

    Enable IP Forwarding
    echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
    Advertise Subnet Routes
    # Replace with your actual private network CIDR
sudo tailscale up --advertise-routes=10.24.0.0/16

    Check your private network CIDR:

    Find Your Private Network
    ip route | grep -E "(10.|172.|192.168.)"
ip addr show
    Enable Subnet Router in Tailscale Admin:
    1. Go to the Tailscale admin console
    2. Find your VPS device
    3. Click the "..." menu and select "Edit route settings"
    4. Enable the advertised subnet routes
    6

    Add Devices to Network

    Install Tailscale on your client devices:

    7

    Access Control Lists (ACLs)

    Configure network access policies in the Tailscale admin console:

    Basic ACL Configuration:
    • • Go to Access Controls in the Tailscale admin console
    • • Define user groups and device tags
    • • Set up rules for inter-device communication
    • • Configure subnet access permissions
    Example ACL Configuration
    {
  "groups": {
    "group:admin": ["user@example.com"],
    "group:users": ["user1@example.com", "user2@example.com"]
  },
  "acls": [
    {
      "action": "accept",
      "users": ["group:admin"],
      "ports": ["*:*"]
    },
    {
      "action": "accept",
      "users": ["group:users"],
      "ports": ["tag:server:22", "tag:server:80", "tag:server:443"]
    }
  ]
}

    ⚠️ Security: Always follow the principle of least privilege when configuring access controls.

    8

    Testing Your Network

    Verify your Tailscale network is working correctly:

    Connectivity Tests:
    • • Ping between devices
    • • SSH to your VPS via Tailscale IP
    • • Access private network resources
    • • Test from mobile devices
    Network Information:
    • • Check device status
    • • Verify subnet routes
    • • Test DNS resolution
    • • Monitor connection logs
    Test Connectivity
    # Check Tailscale status
sudo tailscale status

# Ping another device (replace with actual Tailscale IP)
ping 100.x.x.x

# SSH via Tailscale IP
ssh user@100.x.x.x

# Check which routes are being advertised
sudo tailscale status --json | jq '.Self.PrimaryRoutes'
    Test Private Network Access
    # From a client device, ping a server in your private network
ping 10.24.0.x

# Test SSH to private IP through Tailscale
ssh user@10.24.0.x

    🎉 Success! If you can communicate between devices and access your private network, Tailscale is configured correctly!

    9

    Advanced Features

    10

    Troubleshooting