Tailscale on Proxmox host
Proxmox is a popular open-source solution for running virtual machines and containers, built on top of a Debian Linux platform.
Installing Tailscale allows the Proxmox console to be accessed from anywhere, without needing to open firewall ports or manually configure a VPN.
Proxmox can run virtual machines, emulating a hardware device and allowing an unmodified operating system to run within it. Tailscale can be installed in the OS within the virtual machine as normal.
Proxmox can also run lightweight Linux containers called LXC/LXD and can run them privileged or unprivileged. Tailscale can run within LXC/LXD containers, though running within an unprivileged container requires an adjustment in the config.
By default Proxmox writes its own DNS config to /etc/resolv.conf within LXCs. Even if the LXC gets its DNS configuration via DHCP, Proxmox will overwrite /etc/resolv.conf with its own. If Tailscale is installed on Proxmox and using MagicDNS, Proxmox will write that config to the container’s /etc/resolv.conf:
# --- BEGIN PVE --- nameserver 100.100.100.100 search example.ts.net # --- END PVE ---
If the LXC itself does not have Tailscale installed, this configuration is unlikely to work and DNS lookups will time out.
Two options to mitigate this behavior are:
- Configure tailscale without MagicDNS on the Proxmox host with
tailscale up --accept-dns=false.
- Create a file named
/etc/.pve-ignore.resolv.confwithin each LXC’s filesystem that will tell Proxmox not to overwrite /etc/resolv.conf.