Access PiKVM from anywhere

PiKVM is a Raspberry Pi-based KVM over IP solution. It allows you to connect to a computer remotely and use it as if you were sitting in front of it. This guide shows you how to set up Tailscale on PiKVM.

To find out more about PiKVM, visit pikvm.org.

Prerequisites

  • A PiKVM device or a Raspberry Pi with PiKVM installed.
  • You’ll also need a Tailscale account. You don’t need to pay for Tailscale—this is possible on the Personal plan!

Install Tailscale

  1. Access your PiKVM via the web interface and open the web terminal.

    A screenshot of the 'terminal' option on the [**PiKVM**][pikvm] web interface.

  2. Elevate to root.

    # default password is 'root'
    su -
    
  3. Enable read-write mode.

    rw
    
    If you reboot your PiKVM during this process, you will need to re-enable read-write mode.
  4. Install the tailscale-pikvm package.

    pacman -Syu tailscale-pikvm
    
    This will also perform a full system upgrade.
  5. Enable and start the Tailscale service.

    systemctl enable --now tailscaled
    
  6. Log in to Tailscale.

    For more information on the available login options, see our Command Reference.

    tailscale up
    
  7. Revert to read-only mode.

    ro
    
You may prefer to disable key expiry on your subnet nodes to avoid having to periodically reauthenticate. See key expiry for more information about machine keys and how to disable their expiry. If you are using ACL tags, key expiry is disabled by default.

Access your PiKVM device

Once you have installed Tailscale on your PiKVM device, you can access it from anywhere using the Tailscale network.

Open the Tailscale admin console and find your PiKVM device.

You can access the web interface by visiting https://<your-pikvm>.<your-tailnet>.ts.net. For example, if your PiKVM device is named pikvm and your Tailscale network is named pango-lin, you would visit https://pikvm.pango-lin.ts.net.

Use Tailscale Serve to access your PiKVM device

You can set up Tailscale Serve to proxy connections to your PiKVM device. This has the advantage of providing a valid TLS certificate for your PiKVM device, which will prevent your browser from displaying a security warning.

To setup Tailscale Serve, follow the instructions below. You can also find more information on our Use Tailscale Funnel and Serve article.

A Tailscale Serve server can only be access over your tailnet. It is not accessible from the public internet. Using Tailscale Funnel would open your PiKVM device to the public internet, which is not recommended.
tailscale serve https / https+insecure://localhost:443

After running the command above, you can access your PiKVM device, as before, by visiting https://<your-pikvm>.<your-tailnet>.ts.net. The difference is that the connection will be proxied through your Tailscale Serve server, which will provide a valid TLS certificate for your PiKVM device.

The first request to your PiKVM device may take a few seconds to complete. This is because Tailscale Serve needs to fetch a valid TLS certificate for your PiKVM device. Subsequent requests will be much faster.