Tailscale Runbook
Overview
Tailscale creates a secure private network (VPN) between your devices. Think of it as making all your devices appear to be on the same local network, no matter where they are in the world.Initial Setup
On Your Arch Linux PC
- Install Tailscale:
- Enable and start the service:
- Connect to Tailscale:
-
Authenticate:
- This will give you a URL to visit in a browser
- Sign up/login with your Google, Microsoft, or GitHub account
- Authorize the device
- Check your Tailscale IP:
- You’ll get an IP like
100.x.x.x- this is your Tailscale IP - Write this down or remember it
- Set a machine name (optional but recommended):
On Your Remote Machine (laptop, work computer, etc.)
Linux/Mac:- Install Tailscale from https://tailscale.com/download
- Run
sudo tailscale up - Authenticate with the same account
- Download the Tailscale Windows client
- Install and sign in with the same account
- Install the Tailscale app from app store
- Sign in with the same account
Daily Operations
Connecting to Your Arch PC via SSH
From any Tailscale-connected device:- You’ll see a fingerprint warning - type
yes - Enter your Arch PC password
Checking Connection Status
See all connected devices:Starting/Stopping Tailscale
Disconnect (but keep service running):Useful Commands
Ping Test
Check if your Arch PC is reachable:List All Devices
Check Tailscale Logs
If something isn’t working:Remove a Device
From the web admin panel: https://login.tailscale.com/admin/machinesConfiguration Tips
Setting Up SSH Keys (Passwordless Login)
On your remote machine, generate a key if you don’t have one:Enable MagicDNS (Recommended)
MagicDNS lets you use hostnames instead of IPs.- Go to https://login.tailscale.com/admin/dns
- Enable MagicDNS
- Now you can use:
ssh user@arch-desktopinstead ofssh user@100.x.x.x
Subnet Routing (Advanced)
If you want to access other devices on your home network through Tailscale: On your Arch PC:192.168.1.0/24 with your actual home network range)
Then approve the subnet route in the Tailscale admin console.
Troubleshooting
Can’t Connect to Arch PC
- Check Tailscale is running on Arch PC:
- Check firewall isn’t blocking:
- Verify both devices show up:
- Try pinging:
“Connection Refused” When SSHing
- SSH service might not be running on Arch:
Tailscale Won’t Start
- Check logs:
- Try restarting:
Security Notes
- Tailscale uses WireGuard encryption - it’s very secure
- Your traffic does NOT go through Tailscale’s servers (except for NAT traversal coordination)
- Each device needs to authenticate with your account
- You can revoke device access anytime from the admin console
- Enable 2FA on your Tailscale account for extra security
Web Admin Console
Access at: https://login.tailscale.com/admin/machines Here you can:- See all connected devices
- Remove/disable devices
- Set up ACLs (access control)
- Configure DNS settings
- View connection logs
Common Workflows
Accessing Files from Remote
Using SCP:Running GUI Apps Remotely
Quick Reference
| Task | Command |
|---|---|
| Connect to Tailscale | sudo tailscale up |
| Disconnect | sudo tailscale down |
| Check status | tailscale status |
| Get your IP | tailscale ip |
| SSH to Arch PC | ssh user@arch-desktop |
| Test connectivity | tailscale ping arch-desktop |
| View logs | sudo journalctl -u tailscaled -f |
Notes
- Tailscale IPs are in the 100.64.0.0/10 range
- Free tier allows up to 3 users and 100 devices
- Tailscale works through most firewalls and NATs
- No need to configure port forwarding on your router
- Works on mobile data, public WiFi, anywhere with internet