Tailscale Userspace Installation Guide

This document describes how to install and configure Tailscale in userspace networking mode within a container. This is particularly useful for NAT container environments where /dev/net/tun device permissions are not available.

Installation Steps

1. Install Tailscale

Run the following command to download and run the Tailscale installation script:

curl -fsSL https://tailscale.com/install.sh | sh

2. Create systemd Service File

Create the /etc/systemd/system/tailscaled.service file:

cat > /etc/systemd/system/tailscaled.service <<EOF
[Unit]
Description=tailscaled
After=network.target
Wants=network-online.target

[Service]
Type=simple
User=root
Group=root
ExecStart=tailscaled --tun=userspace-networking --socks5-server=127.0.0.1:1055
Restart=always

[Install]
WantedBy=multi-user.target
EOF

3. Enable and Start Tailscale Service

Run the following commands to enable and start the Tailscale service:

systemctl enable tailscaled
systemctl start tailscaled

4. Authenticate and Join the Tailscale Network

Join the Tailscale network using your authentication key. Keys can be obtained from the Tailscale Admin Console.

tailscale up --auth-key=${TAILSCALE_AUTHKEY}

Replace ${TAILSCALE_AUTHKEY} with your actual authentication key.

Configuration Details

• --tun=userspace-networking: Enables userspace networking mode, which does not require kernel module support.
• --socks5-server=127.0.0.1:1055: Starts a SOCKS5 proxy server on local port 1055.

Verify Installation

Check the service status:

systemctl status tailscaled

View the Tailscale node status:

tailscale status