Setting up Tailscale on Raspberry Pi

Follow these steps to install Tailscale on your Raspberry Pi device:

  1. Download the tailscale binary to your Raspberry Pi, and make it executable.

    curl https://tailscale.com/files/dist/relaynode.arm --output relaynode.arm
    chmod +x ./relaynode.arm

  2. Run it to create a config file

    sudo ./relaynode.arm --config relay.conf
    In any browser, visit the URL posted to the console to authenticate. If necessary, use Ctrl-C to exit.

  3. Move the tailscale binary and newly written config file to convenient locations. We recommend /var/lib/tailscale for config and /usr/sbin for the binary.

    cp ./relay.conf /var/lib/tailscale/relay.conf
    cp ./relaynode.arm /usr/sbin/relaynode.arm

  4. Next, run tailscale manually.

    /usr/sbin/relaynode.arm --config=/var/lib/tailscale/relay.conf --tun=wg0

  5. Visit the admin console and authorize your new endpoint. Note that new devices using @gmail.com addresses are automatically authorized. We also suggest disabling key expiry for Raspberry Pis, to avoid the hassle of reauthenticating every few days.

  6. Check out Next Steps for steps on verifying that your endpoint is working. With multiple endpoints, simple pings are a good way to start:

    ping 100.86.48.22
    You can find your Raspberry Pi's IP address via the admin console or by running ifconfig wg0 while Tailscale is running.

  7. Optionally, daemonize the service to run it at startup. Below is a sample service file for use with systemctl. Be sure to update the paths and filenames as necessary.

    [Unit]
    Description=Traffic relay node for Tailscale
    After=network.target
    ConditionPathExists=/var/lib/tailscale/relay.conf
    [Service] ExecStart=/usr/sbin/relaynode.arm --config=/var/lib/tailscale/relay.conf --tun=wg0 Restart=on-failure
    [Install] WantedBy=multi-user.target
    Add this file to /etc/systemd/system/tailscale.service and enable it with the following commands
    sudo systemctl enable tailscale.service
    sudo systemctl start tailscale.service

  8. For fun, setup a webcam using Motion. You can safely run the webserver on port 80 by blocking all inbound access on your firewall to that port and instead connecting to it over HTTP using its Tailscale IP (from above).

Last updated