Say goodbye to your legacy VPNMake the switch to Tailscale
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Download

Install the app and sign in to get started.

Install with one command
curl -fsSL https://tailscale.com/install.sh | sh
View script source
Manually install on

Tailscale can run on Arch Linux (64-bit x86 only). See archlinux.org for more info.

Install

  1. Install Tailscale on Arch Linux:

    pacman -S tailscale
    
  2. Use systemctl to enable and start the service:

    sudo systemctl enable --now tailscaled
    
  3. Connect your machine to your Tailscale network and authenticate in your browser:

    sudo tailscale up
    
  4. You're connected! You can find your Tailscale IPv4 address by running:

    tailscale ip -4
    

If the device you added is a server or remotely-accessed device, you may want to consider disabling key expiry to prevent the need to periodically re-authenticate.

Post-install

As a hardening measure, you may want to consider setting the following sysctl values to set reverse path filtering to strict mode:

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1

By enabling this setting, the kernel will only accept packets from a source address if there exists a route back to the source address in the routing table, such as the internal interfaces on the machine.

When using Tailscale as a subnet router or exit node, you will need to set the value to 2 (loose) or 0 (off) to allow packets to be forwarded from the Tailscale network.

By default, these are set in /usr/lib/sysctl.d/50-default.conf.