Tailscale Installation & Subnet Routing Guide#

1. Proxmox LXC Container Preparation#

If you are installing Tailscale inside an LXC container, you must allow TUN device access from the Proxmox host.

Modify Container Config#

On the Proxmox host, edit the configuration file for the specific container (e.g., ID 119):

nano /etc/pve/lxc/119.conf

Add these lines to the bottom:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

Reboot the container:

pct reboot 119

2. Installation by OS#

Debian 12 (Bookworm)#

curl -fsSL [https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg](https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg) | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL [https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list](https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list) | sudo tee /etc/apt/sources.list.d/tailscale.list
apt update && apt install tailscale -y

Ubuntu 24.04 (Noble)#

curl -fsSL [https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg](https://pkgs.tailscale.com/stable/ubuntu/noble.noarmor.gpg) | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL [https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list](https://pkgs.tailscale.com/stable/ubuntu/noble.tailscale-keyring.list) | sudo tee /etc/apt/sources.list.d/tailscale.list
apt update && apt install tailscale -y

Ubiquiti UDM-SE#

# Install the latest version of Tailscale UDM
curl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh

3. Subnet Router & Exit Node Setup#

Enable IP Forwarding#

This is required if you want this node to act as a bridge to your local network.

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

Activate Tailscale (Specific Profiles)#

Marc (Home Network): Advertises all 10.1.x.x subnets and enables Tailscale SSH + Exit Node.

tailscale up --ssh --advertise-routes=10.1.0.0/24,10.1.1.0/24,10.1.2.0/24,10.1.3.0/24,10.1.4.0/24,10.1.5.0/24,10.1.6.0/24,10.1.7.0/24,10.1.8.0/24,10.1.9.0/24 --advertise-exit-node

Christian (Remote Network): Advertises 10.10.x.x subnets and enables Tailscale SSH + Exit Node.

tailscale up --ssh --advertise-routes=10.10.0.0/24,10.10.1.0/24,10.10.2.0/24,10.10.3.0/24,10.10.4.0/24,10.10.5.0/24,10.10.6.0/24,10.10.7.0/24 --advertise-exit-node

After running the up command, remember to visit the Tailscale Admin Console to “Approve” the advertised routes and disable “Key Expiry” for these infrastructure nodes.

Backward Syncthing Installation & Configuration (TrueNAS & Synology) To do Forward