Create Tailscale Account

Go to https://login.tailscale.com/start, and sign in an account to create your Trailscale account. I’m using my google account to create an account.

Once created, you will get the welcome screen.

Copy the following command to your server and run:-

curl -fsSL https://tailscale.com/install.sh | sh

This will prompt for your sudo password.

Once finished, run the following command:-

sudo tailscale up

This will give a login page to go to. Follow that link and sign into your account. This will your Tailscale account to your server.

Connecting your android phone to the network

Download the Tailscale app from the AppStore

Sign in to your Tailscale account, and this will link your Tailscale account to the phone.

Create a route to your server

As I just want to connect to my server remotely, I am creating a route just for this.

In tailscale, this is using your server as a subnet route. To enable this, we need to modify how tailscale starts.

On your server run, changing 10.0.0.0 to whatever your local lan range is:-

sudo tailscale up --advertise-routes=10.0.0.0/24

Log into Tailscale admin, https://login.tailscale.com/admin and click subnets under your server listed in Machines.

This will give you an enable radio button to click. Once enabled, it will send that route to all clients, so from my phone I can now get to my server using my internal IP.

Using your server to forward traffic to your lan

If you want to access stuff within your network from Tailscale then you will need to enable IP forwarding.

For example, say my server is 10.0.0.10, and my router is on 10.0.0.1. I have already set up my route before so I can see 10.0.0.10 from my Tailscale VPN. Now I want to access my router’s web management. To do this, we use the server as a subnet router.

First we need to enable ip forwarding on the server:-

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf

echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf

sudo sysctl -p /etc/sysctl.conf

Once that has been enabled, we need to configure the IPTABLES for forwarding.

iptables -t nat -A POSTROUTING -j MASQUERADE

Now test and you should be able to access 10.0.0.1 from your mobile on Tailscale VPN only. Once you have confirmed, save the config so it persists reboot.

sudo apt update -y && sudo apt install iptables-persistent

This will prompt you to save the routes. Press Yes for both IPv4 and IPv6.

Setting up DNS

As I’m using Adguard at home, I want to keep using it when I’m connected to Tailscale as it has my custom domain dns list and ad blocking.

Under DNS in the admin console, there is a nameserver section. Add your local IP under Global Name Servers, and tick Override Local DNS.

You should now be using Adguard DNS when connected to Tailscale