Use exit nodes

This topic is a quick guide for configuring exit nodes in a tailnet. For more detailed information, see Exit nodes.

Advertise a device as an exit node

To use a tailnet device as an exit node, select an OS and complete the steps.

Download and install the Tailscale client.

Open a terminal session on the device and enable IP forwarding.

If your Linux system has a /etc/sysctl.d directory, use:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Otherwise, use:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

In the terminal session, advertise the device as an exit node.
```
sudo tailscale up --advertise-exit-node
```
Go to the Machines page of the admin console.
Locate the device in the list. It should display the Exit Node badge.
Select the menu, then select Edit route settings.
Check the Use as exit node box, then select Save.

Use an exit node

Each device must enable the exit node separately. The instructions for enabling an exit node vary depending on the device's operating system.

Android iOS Linux macOS tvOS Windows

Run tailscale set with the --exit-node= flag, passing the Tailscale 100.x.y.z IP address of the exit node.

sudo tailscale set --exit-node=<exit-node-ip>

You can find the IP address for the device from the admin console or by running tailscale status.

Alternatively, set --exit-node-allow-lan-access to true to allow direct access to your local network when routing traffic through an exit node.

sudo tailscale set --exit-node=<exit-node-ip> --exit-node-allow-lan-access=true

To stop using an exit node, run the --exit-node flag without passing in an IP address.

sudo tailscale up --exit-node=

You can turn off routing through an exit node by selecting None from the Exit Node drop-down.