Tailscale Network Management

Quick Start

# Install (Linux)
curl -fsSL https://tailscale.com/install.sh | sh

# Install (macOS)
brew install tailscale

# Connect and authenticate
sudo tailscale up

# Check status
tailscale status

# Get your Tailscale IP
tailscale ip -4

Common Operations

Connection Management

tailscale up                    # Connect
tailscale down                  # Disconnect (daemon stays running)
tailscale status                # View peers
tailscale status --json | jq    # Detailed network map
tailscale ping machine-name     # Test connectivity (ignores ACLs)
tailscale ping --icmp machine-name  # Test with ACLs
tailscale set --exit-node=name  # Use exit node
tailscale set --exit-node=      # Stop using exit node

Use tailscale set to change settings without reconnecting. Use tailscale up for initial setup.

Subnet Router Setup

Run scripts/setup_subnet_router.sh <subnet_cidr> [auth_key] for automated setup.

Manual steps:

1. Enable IP forwarding on the router device
2. sudo tailscale up --advertise-routes=192.168.1.0/24
3. Approve routes in admin console (Machines > device > Edit route settings)
4. Linux clients: sudo tailscale up --accept-routes

Exit Node Setup

Run scripts/setup_exit_node.sh [auth_key] for automated setup.

Manual steps:

1. Enable IP forwarding on the exit node
2. sudo tailscale up --advertise-exit-node
3. Approve in admin console (Machines > device > Edit route settings > Use as exit node)
4. Clients: tailscale set --exit-node=node-name --exit-node-allow-lan-access

Tailscale SSH

# Enable on server
sudo tailscale set --ssh

# Connect from client (no special setup needed)
ssh machine-name

Requires both network access grant and SSH ACL rule. See acl-examples.md for SSH ACL patterns.

Serve and Funnel

# Serve locally to tailnet
tailscale serve 3000

# Expose to public internet (ports 443, 8443, o...