TIL - Securing Virtual Private Servers with Tailscale
Tailscale is a VPN service that makes our devices and applications accessible from anywhere, securely and effortlessly. I want to emphasize the word "effortlessly" because it is straightforward to set up and use Tailscale. They even brand Tailscale as "Zero config VPN."
Why Tailscale?
Tailscale enables encrypted point-to-point communications using the open-source WireGuard protocol, which means only devices on our private network can communicate with each other. Under the hood, it creates a virtual network interface, sets up public and private SSH keys, and takes care of key rotation, authentication, and network configuration. You can add up to 20 devices to your private network for free as of this date! 🔥
Tailscale builds a more fast, reliable, and secure network fabric that offers speed, stability, and simplicity over traditional VPNs. Unlike traditional VPNs, which tunnel all network traffic through a central VPN gateway server, Tailscale creates a peer-to-peer mesh network called a "tailnet."
For more information on how it works, check out this excellent documentation -
Securing an Ubuntu server using Tailscale
Before you begin, you will need -
- A Ubuntu server, you can use my referral code to get free credits from Digital Ocean.
- A Tailscale account.
A few other requirements are that Tailscale is installed on your machine (from which you want to access the Ubuntu Server) and logged in to Tailscale. To get through these steps, visit their downloads page - https://tailscale.com/download/.
# ssh into your new Ubuntu server
ssh <username>@<server host ip>
# install tailscale
curl -fsSL https://tailscale.com/install.sh | sh
# authenticate and connect your machine to your tailscale network
sudo tailscale up
# note down the tailscale network ip address
tailscale ip -4
# access the Ubuntu server over tailscale
ssh <username>@<tailscale ip addr>
# allow access over tailscale, using UFW (Uncomplicated Firewall)
sudo ufw allow in on tailscale0
sudo ufw allow 41641/udp
# enable UFW
sudo ufw enable
# restrict all other traffic (optional)
sudo ufw default deny incoming
sudo ufw default allow outgoing
# deleting SSH access over 22/tcp
sudo ufw delete 22/tcp
# restarting UFW and sshd
sudo ufw reload
sudo service ssh restart
At this point, we have successfully installed and configured Tailscale. The only thing left to do is to verify the connectivity.
# to test and verify connectivity
ssh <username>@<tailscale ip addr>
I hope the installation went smoothly, and you can connect to your Ubuntu server over Tailscale. If you are stuck at any point, please refer to this article -