Tailscale on Proxmox host

Proxmox is a popular open-source solution for running virtual machines and containers, built on top of a Debian Linux platform.

Installing Tailscale allows the Proxmox console to be accessed from anywhere, without needing to open firewall ports or manually configure a VPN.

Access to the proxmox Web UI via Tailscale

Troubleshooting

Installing Tailscale within a VM

Proxmox can run virtual machines, emulating a hardware device and allowing an unmodified operating system to run within it. Tailscale can be installed in the OS within the virtual machine as normal.

Installing Tailscale within an LXC

Proxmox can also run lightweight Linux containers called LXC/LXD and can run them privileged or unprivileged. Tailscale can run within LXC/LXD containers, though running within an unprivileged container requires an adjustment in the config.

resolv.conf within LXC

By default Proxmox writes its own DNS config to /etc/resolv.conf within LXCs. Even if the LXC gets its DNS configuration via DHCP, Proxmox will overwrite /etc/resolv.conf with its own. If Tailscale is installed on Proxmox and using MagicDNS, Proxmox will write that config to the container’s /etc/resolv.conf:

# --- BEGIN PVE ---
nameserver 100.100.100.100
search example.ts.net
# --- END PVE ---

If the LXC itself does not have Tailscale installed, this configuration is unlikely to work and DNS lookups will time out.

Two options to mitigate this behavior are:

  • Configure tailscale without MagicDNS on the Proxmox host with tailscale up --accept-dns=false.
  • Create a file named /etc/.pve-ignore.resolv.conf within each LXC’s filesystem that will tell Proxmox not to overwrite /etc/resolv.conf.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2023 Tailscale Inc.

Privacy & Terms