Exit Nodes¶

On the node¶

Register the node and make it advertise itself as an exit node:

$ sudo tailscale up --login-server https://my-server.com --advertise-exit-node

If the node is already registered, it can advertise exit capabilities like this:

$ sudo tailscale set --advertise-exit-node

To use a node as an exit node, IP forwarding must be enabled on the node. Check the official Tailscale documentation for how to enable IP fowarding.

On the control server¶

$ # list nodes
$ headscale routes list
ID | Machine | Prefix    | Advertised | Enabled | Primary
1  |         | 0.0.0.0/0 | false      | false   | -
2  |         | ::/0      | false      | false   | -
3  | phobos  | 0.0.0.0/0 | true       | false   | -
4  | phobos  | ::/0      | true       | false   | -
$ # enable routes for phobos
$ headscale routes enable -r 3
$ headscale routes enable -r 4
$ # Check node list again. The routes are now enabled.
$ headscale routes list
ID | Machine | Prefix    | Advertised | Enabled | Primary
1  |         | 0.0.0.0/0 | false      | false   | -
2  |         | ::/0      | false      | false   | -
3  | phobos  | 0.0.0.0/0 | true       | true    | -
4  | phobos  | ::/0      | true       | true    | -

On the client¶

The exit node can now be used with:

$ sudo tailscale set --exit-node phobos

Check the official Tailscale documentation for how to do it on your device.