From ArchWiki

Tailscale builds on top of WireGuard and provides OAuth2 (SSO), OpenID, and SAML authentication for peers to build a mesh network. It is crossplatform, has ACL settings and internal DNS.


Install tailscale. Alternatively, one can use unstable builds by installing the tailscale-gitAUR or tailscale-unstable-binAUR package.


To use tailscale, enable/start tailscaled.service and run the server as follows:

# tailscale up

You can authenticate a headless machine by specifying auth key tailscale up --authkey=tskey-KEY.

See also