Attending AWS re:Invent?Where to find us
Product
Solutions
Enterprise
Customers
Docs
Blog
Pricing
Download
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
Terms of ServicePrivacy Policy
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.

Download

Install the app and sign in to get started.

Install with one command
curl -fsSL https://tailscale.com/install.sh | sh
View script source
Manually install on

Tailscale can run on Arch Linux (64-bit x86 only). See archlinux.org for more info.

Install

  1. Install Tailscale on Arch Linux:

    pacman -S tailscale

  2. Use systemctl to enable and start the service:

    sudo systemctl enable --now tailscaled

  3. Connect your machine to your Tailscale network and authenticate in your browser:

    sudo tailscale up

  4. You're connected! You can find your Tailscale IPv4 address by running:

    tailscale ip -4

If the device you added is a server or remotely-accessed device, you may want to consider disabling key expiry to prevent the need to periodically re-authenticate.

Post-install

As a hardening measure, you may want to consider setting the following sysctl values to set reverse path filtering to strict mode:

net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1

By enabling this setting, the kernel will only accept packets from a source address if there exists a route back to the source address in the routing table, such as the internal interfaces on the machine.

When using Tailscale as a subnet router or exit node, you will need to set the value to 2 (loose) or 0 (off) to allow packets to be forwarded from the Tailscale network.

By default, these are set in /usr/lib/sysctl.d/50-default.conf.

Next Steps

invite team
Invite your team
Ask your team to sign up at tailscale.com/start
subnet router
Set up subnet router
Connect to an existing network with a subnet router
access controls
Set up access controls
Restrict which users and devices can access each other using ACLs.