Get started
© 2024

Access PiKVM from anywhere

PiKVM is a Raspberry Pi based KVM (keyboard, video, and mouse) over IP solution. It lets you connect to a computer remotely and use it as if you were in front of it. This guide shows you how to set up Tailscale on PiKVM.

To find out more about PiKVM, visit


  • A PiKVM device or a Raspberry Pi with PiKVM installed.
    • The PiKVM project recommends a Pi 4. The Pi 5 provides little to no performance improvement for this use case.
  • A Tailscale account-the free Personal plan includes all you need to get started.

Install Tailscale

  1. Access your PiKVM via the web interface and open the web terminal.

    A screenshot of the 'terminal' option on the pikvm web interface.
  2. Elevate to root.

    # default password is 'root'
    su -
  3. Enable read-write mode.

    If you reboot your PiKVM during this process, you will need to re-enable read-write mode.
  4. Install the tailscale-pikvm package.

    pacman -Sy tailscale-pikvm
    We recommend the tailscale-pikvm package as a result of this issue
  5. Enable and start the Tailscale service.

    systemctl enable --now tailscaled
  6. Log in to Tailscale.

    For more information on the available login options, see our Command Reference.

    tailscale up
  7. (Optional) Enable Tailscale SSH.

    tailscale set --ssh
  8. Revert to read-only mode.

You might prefer to disable key expiry on your subnet nodes to avoid having to periodically reauthenticate. Refer to key expiry for more information about machine keys and how to disable their expiry. If you use tags, key expiry is disabled by default.

Access your PiKVM device

Once you have installed Tailscale on your PiKVM device, you can access it from anywhere using the Tailscale network.

Open the Tailscale admin console and find your PiKVM device.

You can access the web interface by visiting https://<your-pikvm>.<your-tailnet> For example, if your PiKVM device is named pikvm and your Tailscale network is named pango-lin, you would visit

Use Tailscale Serve to access your PiKVM device

You can set up Tailscale Serve to proxy your PiKVM's web interface. This provides a valid TLS certificate for your PiKVM device, preventing your browser from displaying a security warning.

To setup Tailscale Serve, follow the instructions below. You can also find more information on our Use Tailscale Funnel and Serve article.

A Tailscale Serve server can only be access over your tailnet. It is not accessible from the public internet. Using Tailscale Funnel would open your PiKVM device to the public internet, which is not recommended.
tailscale serve --bg https+insecure://localhost:443

After running the command above, you can access your PiKVM device, as before, by visiting https://<your-pikvm>.<your-tailnet> The difference is that the connection is proxied through your Tailscale Serve server, providing a valid TLS certificate for your PiKVM device.

The first request to your PiKVM device may take a few seconds to complete. This is because Tailscale Serve needs to fetch a valid TLS certificate for your PiKVM device. Subsequent requests will be much faster.

Use your PiKVM node as an exit node or subnet router

Now that PiKVM is on your Tailnet, you can configure it to do other useful things, such as functioning an exit node or a subnet router.