When I first started building my homelab, one of the things I wanted was a way to access it from anywhere. The obvious choice that people talk about is port forwarding. But here’s the catch: I don’t even have a router, I rely on a mobile hotspot for internet. And mobile hotspots don’t give you a real public IP address, so there’s no way to forward ports.
Even if I did have a router, I quickly realized that port forwarding isn’t exactly the safest option. It literally opens up a port on your machine to the whole world, and that means anyone out there could try to knock on it. For a beginner like me, that sounded more like trouble than learning.
That’s when I came across Tailscale. What clicked for me is how simple it makes the whole thing no worrying about public IPs, no messing with routers, and no exposing ports. It just quietly sets up a secure, private connection between my devices, almost like magic. Suddenly, SSH into my homelab from anywhere went from “complicated and risky” to “easy and safe.”
In this blog i will tell how i setup ssh into my homelab using tailscale.
Tailscale setup for the windows laptop.
The first step is to create an account to the tailscale and download it on your windows laotop (this windows laptop is going to be the host through i will access my linux laptop), you can download the tailscale from this link.
When you connect to the tailscale it will open below window.
Click the connect button from the above image and in your admin panel, you will see there is a machine connected, like in below image and it requires approval as i have configured that i will manually approval for a machine to connect, the reason for this is because it provides me flexibility to configure the connection and configure the IP as i want. If you want to apply the manual approval setting then go to the settings -> device management -> enable manual approval.
Coming to the admin panel, click on the three dots and you will see the option to change the IP of the machine there and if you want to configure the IP, you can do it as below, if you want to read more about the IP address and the CGNAT that tailscale uses, you can refer this documentation.
- So what i do is, i like to keep the last two octets of my tailnet similar to my machines private ipv4, you can verify both using the image below.
- After updating the IP, you need to approve the connection, so approve by clicking on the three dots then approve.
Tailscale setup for the linux homelab
- Go to the download page and download the tailscale for the linux, you can refer the above provided link to go to the download page or use the below script
curl -fsSL https://tailscale.com/install.sh | sh
sudo apt install tailscale
- To connect the tailscale to your network use
sudo tailscale upcommand and visit the login link that is provided to you. - If above command give error as tailscale.service not found that means you have to start the service and for that you can run
sudo systemctl start tailscaled - when you login, it will again show the connect page, you have to connect to the same tailnet as that of your windows (use same email for signin).
- In your console, you will see two machines now, you can modify the ip of your new machine and then approve it and you setup will look like below.
- To verify if the linux machine is connected, you can do
ip aand there will be an entry for the tailscale with ip that you just set.
Enabling ssh to homelab
- In a terminal window on the homwlab, run the tailscale set command to advertise SSH for that VM:
sudo tailscale set --ssh
- Open the Access Controls page of the Tailscale admin console and add the following lines to your tailnet policy file to allow network connectivity to the VM:
"grants": [
{
"src": ["yoursigninemail@gmail.com"],
"dst": ["100.78.10.1"],
"ip": ["22"]
}
]
- In the same tab, add the following rules to the SSH section of your tailnet policy file to allow SSH access to the VM:
"ssh": [
{ "action": "accept",
"src": ["yoursigninemail@gmail.com"],
"dst": ["autogroup:self"],
"users": ["root","autogroup:nonroot", "<your-local-username>"]
}
],
- To see (in my case local-user) run the following command in the homelab terminal:
whoami
Access HomeLab from the windows machine
- Now you can access your homelab from you windows terminal using the following command:
ssh local-user@100.64.65.66 - I am accessing using the git bash in my windows and you can see the final results below.
Top comments (0)