Tailscale into your VPS

tailscale-vps-firewall.md

Taken from ChatGPT

---

Perfect — Ubuntu 24.04 makes things really smooth. Here’s a more tailored version for you:

---

🧰 How to Set Up Tailscale + Secure Tunnel on Ubuntu 24.04 VPS

1. ✅ Install Tailscale on Your VPS

SSH into your VPS and run:

curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up

This will:

• Install Tailscale

• Prompt you to sign in via a browser (you can copy the link and open it locally)

After that, your VPS is in your Tailscale network.

---

2. 🧑💻 Install Tailscale on Your Local Machine

Do the same on your personal computer:

• Download Tailscale

• Sign in with the same account

• Run tailscale up

---

3. 🔎 Find Your VPS Tailscale IP or Name

After connecting both devices:

You’ll see something like:

vps-name       100.101.102.103   linux   idle

You can now SSH into your VPS like:

ssh [email protected]
# Or
ssh [email protected]

---

4. 🛡️ Lock Down Public SSH Access with UFW

This is the key part for keeping it secure while using a VPN:

Enable UFW and set it up:

sudo ufw default deny incoming
sudo ufw default allow outgoing

Allow SSH only from Tailscale IP range:

sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp

100.64.0.0/10 is the range used by Tailscale devices.

Enable UFW:

sudo ufw enable
sudo ufw status

Your VPS now:

• Rejects all public SSH access

• Accepts SSH only from your Tailscale-connected devices

• Doesn’t care if your IP changes via your main VPN

---

🧠 Pro Tips

• Enable MagicDNS in the Tailscale admin panel for easier hostname-based access.

• You can add ACLs and device tags if you want to control access to certain machines.