Skip to content

Using Tailscale and Headscale: A Guide to Self-Hosted Mesh VPNs

Introduction

Tailscale is a popular mesh VPN solution built on WireGuard, offering seamless private networking across devices. However, it relies on Tailscale's coordination servers. Headscale is an open-source, self-hosted alternative to the Tailscale control server, providing full control over your mesh VPN setup while maintaining privacy.

This guide explores how to set up and use Tailscale with Headscale, covering installation, configuration, and practical use cases.

Why Use Headscale?

  • Privacy: Avoid relying on Tailscale’s cloud servers.
  • Control: Full control over your network and access management.
  • Self-Hosting: Run your own instance on any server.
  • Security: No third-party access to your VPN metadata.

Installing Headscale

Prerequisites

  • A Linux server (Debian/Ubuntu preferred)
  • Docker (optional but recommended)
  • A domain name (for HTTPS)

Installation Steps

  1. Install dependencies:
sudo apt update && sudo apt install -y git curl unzip
  1. Download and install Headscale:
curl -fsSL https://github.com/juanfont/headscale/releases/latest/download/headscale-linux-amd64 -o /usr/local/bin/headscale
chmod +x /usr/local/bin/headscale

  1. Configure Headscale by editing /etc/headscale/config.yaml.

  2. Start the Headscale service:

headscale serve

Connecting Tailscale Clients

  1. Install Tailscale on your devices:
curl -fsSL https://tailscale.com/install.sh | sh
  1. Authenticate with your self-hosted Headscale instance:
tailscale up --login-server https://headscale.example.com
  1. Verify the connection:
tailscale status

Managing Headscale Users and Nodes

  • List connected users:
headscale users list
  • Approve new nodes:
headscale nodes approve <node_id>
  • Remove devices:
headscale nodes expire <node_id>

Conclusion

Using Tailscale with Headscale offers a powerful, privacy-focused way to build your own secure mesh VPN. By self-hosting the coordination server, you gain full control over your network without relying on third-party infrastructure.

References

Research

  • Juan Font. (n.d.). Headscale: Self-Hosted Tailscale Control Server. Retrieved from GitHub
  • Tailscale Docs. (n.d.). Using Tailscale with a Custom Coordination Server. Retrieved from Tailscale

License

This document, Using Tailscale and Headscale, by Christopher Steel is licensed under the Creative Commons Attribution-ShareAlike 4.0 License.

CC License