1) Assumption: rootless mode requires userspace networking
Without root, you generally cannot use a TUN device, so you run tailscaled in userspace networking mode.
2) Start tailscaled as a normal user (no sudo)
Set XDG_DATA_HOME so state is written under the current directory:
export XDG_DATA_HOME="$PWD/.xdg"
mkdir -p "$XDG_DATA_HOME"
Store the control socket in the current directory as well:
./tailscaled --tun=userspace-networking --socket="./tailscaled.sock" --verbose=1
Check it’s running:
./tailscale --socket="./tailscaled.sock" status
3) Connect to your tailnet
Browser-based login:
./tailscale --socket="./tailscaled.sock" up
Or using an auth key:
./tailscale --socket="./tailscaled.sock" up --authkey tskey-auth-XXXX
5) Raw TCP (not HTTP) with tailscale serve
TCP forwarding:
./tailscale --socket="./tailscaled.sock" serve --tcp 11434 tcp://127.0.0.1:11434
If you are forwarding the same port on localhost, a shorter form may work:
./tailscale --socket="./tailscaled.sock" serve --tcp 11434 11434
Test from another tailnet device:
nc -vz <hostname-or-tailnet-ip> 11434
6) Check status / disable serving
./tailscale --socket="./tailscaled.sock" serve status
./tailscale --socket="./tailscaled.sock" serve off
Top comments (0)