Skip to content
Live $300 credit for new accounts Valid for 60 days from account creation Get started →
ZSoftly Docs

Tailscale

Tailscale is a zero-config VPN built on WireGuard. It connects your devices and servers into a private network with end-to-end encryption, without requiring you to manage firewall rules, open ports, or configure certificates. This image ships a VM with the Tailscale client pre-installed, ready to join your Tailnet.

Software included

Section titled “Software included”
ComponentVersion
TailscaleLatest stable
Ubuntu24.04 LTS

Getting started

Section titled “Getting started”

1. Connect to your VM

Section titled “1. Connect to your VM”
ssh ubuntu@<your-vm-ip>

2. Join your Tailnet

Section titled “2. Join your Tailnet”

Option A: Automatic via cloud-init (at deploy time)

Provide your Tailscale auth key in the VM’s userdata before deploying:

#cloud-config
write_files:
  - path: /run/tailscale-authkey
    content: 'tskey-auth-xxxxxxxxxxxxxxxx'
    permissions: '0600'
    owner: root:root

The VM will connect to your Tailnet automatically on first boot.

Option B: Manual (after SSH)

Generate an auth key at tailscale.com/admin/settings/keys, then run:

sudo tailscale up --authkey tskey-auth-xxxxxxxxxxxxxxxx

3. Verify the connection

Section titled “3. Verify the connection”
tailscale status

You should see the VM listed with its Tailscale IP (usually in the 100.x.x.x range). The MOTD on login shows the current connection status.

tailscale ip -4

Managing Tailscale

Section titled “Managing Tailscale”
# Check connection status
tailscale status


# Disconnect from Tailnet
sudo tailscale down


# Reconnect
sudo tailscale up


# View logs
sudo journalctl -u tailscaled -f

Routing and exit nodes

Section titled “Routing and exit nodes”

Advertise as a subnet router to expose your ZCP network to other Tailnet devices:

sudo tailscale up --advertise-routes=<your-subnet-cidr>

Use as an exit node to route all Tailnet traffic through this VM:

sudo tailscale up --advertise-exit-node

Enable both in the Tailscale admin console after running the above command.

Security

Section titled “Security”

Tailscale handles its own encryption and authentication. No additional firewall rules are needed for Tailnet traffic. UFW remains enabled and allows SSH (port 22) only.

Once connected to your Tailnet, other Tailnet devices can reach this VM at its 100.x.x.x address. Access control is managed via Tailscale ACLs in the admin console.

Next steps

Section titled “Next steps”

© 2026 ZSoftly Technologies Inc. v0.1.0