Skip to content

Instantly share code, notes, and snippets.

@aont

aont/0 Rootless Tailscale Setup and Serving.md

Last active December 19, 2025 05:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aont/d3841aeb8e08209114210fb255f5e14e to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aont/d3841aeb8e08209114210fb255f5e14e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
0 Rootless Tailscale Setup and Serving.md

Rootless Tailscale Setup and Serving

1) Assumption: rootless mode requires userspace networking

Without root, you generally cannot use a TUN device, so you run tailscaled in userspace networking mode.

2) Start tailscaled as a normal user (no sudo)

Set XDG_DATA_HOME so state is written under the current directory:

export XDG_DATA_HOME="$PWD/.xdg"
mkdir -p "$XDG_DATA_HOME"

Store the control socket in the current directory as well:

./tailscaled --tun=userspace-networking --socket="./tailscaled.sock" --verbose=1

Check it’s running:

./tailscale --socket="./tailscaled.sock" status

3) Connect to your tailnet

Browser-based login:

./tailscale --socket="./tailscaled.sock" up

Or using an auth key:

./tailscale --socket="./tailscaled.sock" up --authkey tskey-auth-XXXX

5) Raw TCP (not HTTP) with tailscale serve

TCP forwarding:

./tailscale --socket="./tailscaled.sock" serve --tcp 11434 tcp://127.0.0.1:11434

If you are forwarding the same port on localhost, a shorter form may work:

./tailscale --socket="./tailscaled.sock" serve --tcp 11434 11434

Test from another tailnet device:

nc -vz <hostname-or-tailnet-ip> 11434

6) Check status / disable serving

./tailscale --socket="./tailscaled.sock" serve status
./tailscale --socket="./tailscaled.sock" serve off
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment