Setting up Tailscale on Arch Linux
Tailscale can run on Arch Linux (64-bit x86 only). See archlinux.org for more info.
Install Tailscale on Arch Linux:
pacman -S tailscale
systemctlto enable and start the service:
sudo systemctl enable --now tailscaled
Connect your machine to your Tailscale network and authenticate in your browser:
sudo tailscale up
You’re connected! You can find your Tailscale IPv4 address by running:
tailscale ip -4
If the device you added is a server or remotely-accessed device, you may want to consider disabling key expiry to prevent the need to periodically re-authenticate.
As a hardening measure, you may want to consider setting the following sysctl values to set reverse path filtering to strict mode:
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
By enabling this setting, the kernel will only accept packets from a source address if there exists a route back to the source address in the routing table, such as the internal interfaces on the machine.
When using Tailscale as a subnet router or exit node, you will need to set the value to
2 (loose) or
to allow packets to be forwarded from the Tailscale network.
By default, these are set in