top of page
Search

My Tailscale Setup

  • KevinsinghJ
  • May 5
  • 2 min read

Tailscale - Personal Setup

In a modern hybrid work environment, ensuring the right level of access between your devices is crucial for security and productivity. I have come up with this article to explain how access is structured in my Tailscale-managed network, featuring my home laptop, my office laptop, and critical infrastructure like Proxmox, NGINX, and Pi-hole servers. It also includes a network diagram to help visualize the access permissions that i have set

Network Overview

My Tailscale network consists of the following tagged devices:

  • Home Laptop (tag:home)


  • Office Laptop (tag:office)


  • Proxmox Server (tag:proxmox)


  • NGINX Server (tag:nginx)


  • Pi-hole Server (tag:pihole)


Each device has access controlled via ACLs (Access Control Lists), defined in my Tailscale admin console.


Access Rules Summary

Home Laptop Access

The home laptop (tag:home) is granted access to:


Proxmox Web UI


  • Port: 8006


  • Tag: tag:proxmox


    Pi-hole DNS


  • Port: 53


  • Tag: tag:pihole


    Pi-hole Web Admin UI


  • Port: 80


  • Tag: tag:pihole


Not Allowed:

  • Access to NGINX (web services)


Office Laptop Access

The office laptop (tag:office) is granted access to:

Proxmox Web UI


  • Port: 8006


  • Tag: tag:proxmox


    NGINX Web Server (HTTP/HTTPS)


  • Ports: 80, 443


  • Tag: tag:nginx


    Pi-hole DNS and Web UI


  • Ports: 53, 80


  • Tag: tag:pihole


Office laptop is basically allowed to access everything for now, unless if i restrict access to any of the server in the future


Visual Diagram

Below is a diagram illustrating access permissions between the devices as I have set. Green arrows indicate allowed access, and red lines indicate blocked access.


ree


Benefits of This Setup

  • Security: Devices only get access to the services they need.


  • Granularity: You can fine-tune access by port and tag.


  • Scalability: Easily extend rules to new devices using tags.



Tailscale ACL JSON


Below is the ACL JSON that have set the accesses and blocking as explained above:-


{

  "ACLs": [

    {

      "Action": "accept",

      "Users":  ["tag:home"],

      "Ports": [

        "tag:proxmox:8006",

        "tag:pihole:53",

        "tag:pihole:80"

      ]

    },

    {

      "Action": "accept",

      "Users":  ["tag:office"],

      "Ports": [

        "tag:proxmox:8006",

        "tag:nginx:80",

        "tag:nginx:443",

        "tag:pihole:53",

        "tag:pihole:80"

      ]

    }

  ],

  "TagOwners": {

    "tag:home":    ["kevinsingh.j@gmail.com"],

    "tag:office":  ["kevinsingh.j@gmail.com"],

    "tag:proxmox": ["kevinsingh.j@gmail.com"],

    "tag:nginx":   ["kevinsingh.j@gmail.com"],

    "tag:pihole":  ["kevinsingh.j@gmail.com"]

  }

}



Conclusion

This article is just to show some trial run and testing i did with Tailscale, to restrict accesses, to restrict ports for those allowed accesses etc. So basically I can efficiently manage access based on device role and necessity via Tailscale. This structure allows me to maintain a secure and organized network, whether I’m working from home or the office.



 
 
  • LinkedIn
bottom of page