From ArchWiki

Tailscale builds on top of WireGuard and provides OAuth2 (SSO), OpenID, and SAML authentication for peers to build a mesh network. It is crossplatform, has ACL settings and internal DNS.


Install tailscale. Alternatively, one can use unstable builds by installing the tailscale-gitAUR or tailscale-unstable-binAUR package.


To use tailscale, enable/start tailscaled.service and run the server as follows:

# tailscale up

You can authenticate a headless machine by specifying the auth key:

# tailscale up --authkey=tskey-KEY

Using a custom Control Server

Using a custom control server like headscale is possible.

To login run

# tailscale up --login-server https://example.com

On headless systems a non-interactive login using a token is possible.

# tailscale up --login-server https://example.com --authkey your_auth_key

See also