Tailscale

Tailscale builds on top of WireGuard and provides OAuth2 (SSO), OpenID, and SAML authentication for peers to build a mesh network. It is crossplatform, has ACL settings and internal DNS.

Installation

Install tailscale. Alternatively, one can use unstable builds by installing the tailscale-git^AUR or tailscale-unstable-bin^AUR package.

Usage

To use tailscale, enable/start tailscaled.service and run the server as follows:

# tailscale up

You can authenticate a headless machine by specifying the auth key:

# tailscale up --authkey=tskey-KEY

Using a custom Control Server

Using a custom control server like headscale is possible.

To login run

# tailscale up --login-server https://example.com

On headless systems a non-interactive login using a token is possible.

# tailscale up --login-server https://example.com --authkey your_auth_key

See also

• https://tailscale.com/
• https://github.com/juanfont/headscale