Download static tailscaled binary here
TAILSCALED_SOCKET="/tmp2/$USER/tailscaled.sock"
TAILSCALED_STATE="tailscaled.state"
./tailscaled --tun=userspace-networking --state="$TAILSCALED_STATE" --socket "$TAILSCALED_SOCKET"
then use it like this:
./tailscale --socket "$TAILSCALED_SOCKET" login
./tailscale --socket "$TAILSCALED_SOCKET" status
./tailscale --socket "$TAILSCALED_SOCKET" ... # whatever
Official Docs: Userspace networking mode
Add --socks5-server=localhost:21055 --outbound-http-proxy-listen=localhost:21055 to the ./tailscaled start command.
Create proxychains.conf:
strict_chain
proxy_dns
tcp_read_time_out 15000
tcp_connect_time_out 8000
[ProxyList]
socks5 127.0.0.1 21055
Then use it like this:
proxychains -f proxychains.conf -q ssh user@serverThe ssh command can be replaced with any other command you want to run. It is also possible to proxy your shell like this:
proxychains -f proxychains.conf -q $SHELLOfficial Docs: DERP Servers
Install derper: go install tailscale.com/cmd/derper@main
generate a self-signed cert:
DOMAIN="my-server.example.com" # can be an ip if you want
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes -keyout "$DOMAIN.key" -out "$DOMAIN.crt" -subj "/CN=$DOMAIN" -addext "subjectAltName=DNS:$DOMAIN"
run it:
DERPPort=28443
STUNPort=23478
~/go/bin/derper --hostname="$DOMAIN" -http-port=-1 -a=:$DERPPort -stun-port=$STUNPort -certmode manual -certdir $PWD -c derp_config.json
then add this to tailscale's ACL:
"derpMap": {
"Regions": {
"900": {
"RegionID": 900,
"RegionCode": "ANY_THING_YOU_WANT",
"Nodes": [
{
"Name": "ANY_THING_YOU_WANT",
"RegionID": 900,
"DERPPort": $DERPPort,
"STUNPort": $STUNPort,
"HostName": "$DOMAIN",
"InsecureForTests": true,
},
],
},
},
},
Thanks man, works great in a server where root is discouraged!