RamNode logo
VPN Guide

Setting Up Tailscale VPN

Tailscale is a modern, zero-config VPN built on WireGuard that creates secure mesh networks across your devices. Combined with RamNode's reliable VPS hosting , you can create seamless private networks that automatically handle NAT traversal and provide direct device-to-device connections wherever possible.

Ubuntu 22.04/24.04
Zero-Config VPN
⏱️ 10-15 minutes

Prerequisites

Before starting, ensure you have:

Server Requirements

  • • RamNode VPS (Ubuntu 24.04 LTS)
  • • SSH access with sudo privileges
  • • Internet connectivity

Account Requirements

  • • Free Tailscale account
  • • Basic Linux command line knowledge
  • • Understanding of networking concepts
What is Tailscale?

Tailscale is a zero-config VPN built on WireGuard that creates secure point-to-point connections between your devices. Unlike traditional VPNs, Tailscale creates a mesh network where devices can communicate directly with each other, with traffic automatically taking the most efficient path.

2

Initial VPS Setup

Connect to your RamNode VPS and update the system:

Connect via SSH
ssh root@your-vps-ip-address
Update System Packages
apt update && apt upgrade -y
reboot

After reboot, reconnect and verify the system:

Check System Information
uname -a
lsb_release -a

RamNode Advantage: RamNode's Ubuntu 24.04 LTS images provide a stable, optimized foundation for Tailscale with excellent network performance.

3

Install Tailscale

Install Tailscale using the official installation script:

Download and Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh

Alternatively, you can install via package manager:

Install via APT (Alternative Method)
# Add Tailscale's package signing key and repository
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/jammy.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
# Install Tailscale
apt update
apt install tailscale

💡 Note: The installation script automatically handles the repository setup and is the recommended method.

4

Configure Tailscale

Start Tailscale and authenticate with your account:

Start Tailscale Service
sudo tailscale up

This will display a URL for device authentication. Copy and open it in your browser to authenticate.

Authentication Process:
  1. Copy the authentication URL from the terminal
  2. Open the URL in your web browser
  3. Sign in to your Tailscale account
  4. Authorize the device
Check Tailscale Status
sudo tailscale status
Get Device IP Address
sudo tailscale ip -4

🎉 Success! Your VPS is now connected to your Tailscale network with a unique IP address in the 100.x.x.x range.

5

Configure Subnet Routing

Enable your VPS as a subnet router to access your RamNode private network:

Enable IP Forwarding
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
Advertise Subnet Routes
# Replace with your actual private network CIDR
sudo tailscale up --advertise-routes=10.24.0.0/16

Check your private network CIDR:

Find Your Private Network
ip route | grep -E "(10.|172.|192.168.)"
ip addr show
Enable Subnet Router in Tailscale Admin:
  1. Go to the Tailscale admin console
  2. Find your VPS device
  3. Click the "..." menu and select "Edit route settings"
  4. Enable the advertised subnet routes
6

Add Devices to Network

Install Tailscale on your client devices:

7

Access Control Lists (ACLs)

Configure network access policies in the Tailscale admin console:

Basic ACL Configuration:
  • • Go to Access Controls in the Tailscale admin console
  • • Define user groups and device tags
  • • Set up rules for inter-device communication
  • • Configure subnet access permissions
Example ACL Configuration
{
 "groups": {
 "group:admin": ["user@example.com"],
 "group:users": ["user1@example.com", "user2@example.com"]
 },
 "acls": [
 {
 "action": "accept",
 "users": ["group:admin"],
 "ports": ["*:*"]
 },
 {
 "action": "accept",
 "users": ["group:users"],
 "ports": ["tag:server:22", "tag:server:80", "tag:server:443"]
 }
 ]
}

⚠️ Security: Always follow the principle of least privilege when configuring access controls.

8

Testing Your Network

Verify your Tailscale network is working correctly:

Connectivity Tests:
  • • Ping between devices
  • • SSH to your VPS via Tailscale IP
  • • Access private network resources
  • • Test from mobile devices
Network Information:
  • • Check device status
  • • Verify subnet routes
  • • Test DNS resolution
  • • Monitor connection logs
Test Connectivity
# Check Tailscale status
sudo tailscale status
# Ping another device (replace with actual Tailscale IP)
ping 100.x.x.x
# SSH via Tailscale IP
ssh user@100.x.x.x
# Check which routes are being advertised
sudo tailscale status --json | jq '.Self.PrimaryRoutes'
Test Private Network Access
# From a client device, ping a server in your private network
ping 10.24.0.x
# Test SSH to private IP through Tailscale
ssh user@10.24.0.x

🎉 Success! If you can communicate between devices and access your private network, Tailscale is configured correctly!

9

Advanced Features

10

Troubleshooting

AltStyle によって変換されたページ (->オリジナル) /