How to Set Up Tailscale Mesh VPN on Your Homelab Using a VM or Raspberry Pi
If you have a homelab running at home, one of the biggest challenges is securely accessing it when you’re away. Whether you want to manage servers, access self-hosted apps, or just tinker with your lab from anywhere, you’ll need a VPN. Traditional VPNs can be tricky to configure, but there’s a modern and much simpler solution: Tailscale Mesh VPN.
Tailscale creates a secure, peer-to-peer network between your devices without the need for port forwarding, static IPs, or complicated firewall rules. It uses the WireGuard protocol under the hood for speed and security. The best part? You can run it easily on a virtual machine (VM) or a Raspberry Pi in your homelab.
In this guide, I’ll walk you through setting it up.
🔹 Why Tailscale for Your Homelab?
- No port forwarding needed – Works behind NAT and firewalls.
- Zero config – Simple installation with single sign-on (Google, Microsoft, GitHub, etc.).
- Mesh networking – Devices talk directly when possible, improving performance.
- Cross-platform – Works on Linux, Windows, macOS, iOS, Android, Docker, and more.
- Free for personal use – Generous free tier for hobbyists.
🔹 Requirements
- A VM running Linux (Ubuntu/Debian recommended) or a Raspberry Pi (3/4/5).
- A free Tailscale account (Google, Microsoft, or GitHub login works).
- Basic terminal/SSH access.
🔹 Step 1: Install Tailscale
On Ubuntu/Debian VM
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
On Raspberry Pi (Raspberry Pi OS or Debian-based)
Same commands work:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
When you run sudo tailscale up, it will output a URL. Open that link in your browser and log in with your Tailscale account.
Now your device (VM or Pi) is part of your Tailscale network! 🎉
🔹 Step 2: Verify Your Connection
Run:
tailscale status
You’ll see a list of all devices in your Tailscale network and their private Tailscale IPs (100.x.x.x).
From another device with Tailscale installed (like your laptop or phone), try pinging the homelab:
ping 100.x.x.x
You should get a response!
🔹 Step 3: Enable Exit Node (Optional)
Want to route your entire internet traffic through your homelab VM or Pi? You can enable it as an Exit Node:
sudo tailscale up --advertise-exit-node
Then, from another device, enable the exit node in the Tailscale app. This is useful if you want secure browsing from public Wi-Fi or to appear as if you’re at home.
🔹 Step 4: Accessing Homelab Services
If you’re running self-hosted apps (like Nextcloud, Home Assistant, Docker containers, etc.), just use the Tailscale IP or hostname to access them securely from anywhere.
For example:
- Nextcloud:
http://100.x.x.x:8080 - Proxmox WebUI:
https://100.x.x.x:8006 - Pi-hole:
http://100.x.x.x/admin
🔹 Step 5: Bonus – Use Tailscale MagicDNS
Instead of remembering IPs, enable MagicDNS in the Tailscale dashboard. This lets you access your devices with easy hostnames like:
proxmox.tailnet-name.ts.netnas.tailnet-name.ts.net
🔹 Step 6: Run Tailscale as a Subnet Router (Optional)
Want to access your entire LAN (like printers, smart home devices, NAS) through Tailscale? Advertise your local subnet:
sudo tailscale up --advertise-routes=192.168.1.0/24
Approve it from the Tailscale admin panel, and now you can reach everything on your home network.
🔹 Step 7: Configure Tailscale on Mobile Devices or TV
📱 On Mobile (iOS / Android)
- Download the Tailscale app from the App Store or Google Play Store.
- Open the app and log in with the same account you used on your homelab (Google, Microsoft, or GitHub).
- Once logged in, your phone will instantly join your Tailscale network.
- Tap the “Connect” button. Now you can securely access your homelab apps and servers just by using the Tailscale IP or MagicDNS hostname.
- Example:
proxmox.tailnet-name.ts.net - Example:
http://100.x.x.x:8080
- Example:
💡 Bonus: You can enable your phone as an Exit Node too, so your other devices can route traffic through your phone’s internet connection (great when traveling).
📺 On Smart TV / Streaming Devices (Android TV, Fire TV, Chromecast with Google TV)
Many modern TVs and streaming sticks run Android TV, so you can install the Tailscale app directly:
- Open the Google Play Store (or Amazon Appstore on Fire TV).
- Search for Tailscale and install it.
- Open the app → sign in with the same account you use for Tailscale.
- Once connected, your TV becomes part of your Tailscale network.
- Now you can stream from your Plex/Jellyfin server, access self-hosted apps, or even cast content from other devices — all over your secure mesh VPN.
💡 If your TV doesn’t support installing Tailscale directly, you can:
- Run Tailscale on a Raspberry Pi or VM in your homelab and use it as a Subnet Router, so your TV gets access automatically.
- Or, use a small device like an Android TV box / Chromecast with Google TV that supports Tailscale.
✅ Now You’re Everywhere!
With Tailscale running on your VM / Raspberry Pi, phone, and even your TV, you’ve built a secure private mesh network across all your devices. Whether you’re at home or away, you can seamlessly access your homelab services, stream media, or manage your setup without worrying about firewalls or port forwarding.
✅ Conclusion
With just a few commands, you now have a secure mesh VPN for your homelab using Tailscale. Whether you run it on a VM or a Raspberry Pi, you can securely access your servers, self-hosted apps, and even your entire LAN from anywhere in the world — without touching your router’s settings.
Tailscale makes networking simple, secure, and fast, making it perfect for homelab enthusiasts like us.
Thank you so much for taking the time to read my blog! Your support and engagement truly mean a lot and inspire me to keep creating and sharing more valuable content. If you enjoyed this post, I’d love to hear your thoughts—feel free to leave a comment in the box below and join the conversation. And if you’d like to stay updated with the latest posts, tips, and insights, don’t forget to subscribe to my newsletter. By joining, you’ll be the first to know when new content is published, so you never miss an update.