2025-07-27

Using Tailscale to proxy traffic to the US

I'm traveling, and found that some sites I needed to access forbid traffic from my location. In order to, like, pay a utility bill and renew some insurance, I needed my requests to appear to be coming from the United States.

Obviously, the easy thing would be just be to install one of a zillion VPNs that would let one do this. But they usually involve some subscription fee, this is a rare issue for me and I'm cheap, and I've been curious about Tailscale, which has a free personal-use tier.

Anyway, here's what I did:

  1. Download the Tailscale app on my Mac (from the app store)

  2. Run the app

  3. Authenticate (I chose Apple as authentication provider) and give Tailscale VPN permissions

  4. Install Tailscale on a US-based linux machine

    1. Check the linux version I'm running

      • I know it's a Debian, so run cat /etc/*-release

    2. I'm skittish about curl -fsSL whatever | sh style installations, which Tailscale first suggests for linux, so I ran (the not all that much safer) version-specific Tailscale installation.

    3. The sudo apt-get commands installed a new kernel. I rebooted after this part of the installation.

    4. Running tailscale up prints an authetication URL and then hangs. I copy the URL, then authenticate the Linux machine from my Mac laptop, by pasting it into my browser.

  5. Enable IP forwarding for Tailscale, see the docs

    • For me this was the following, but do read the docs, it's system dependent: 
      % echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
% echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
% sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

  6. Allow my linux box to become an exit node with tailscale up --advertise-exit-node

    • Note there was no need to do a tailscale down before rerunning tailscale up with the --advertise-exit-node flag

  7. On my Tailscale dashboard (link will only work when you're authenticated into Tailscale) my linux box is visitable and is marked as a potential exit node. Click "..." in the entry for the linux box, then "Edit route settings...", and check "Use as exit node."

  8. In the Tailscale menu visible in the Mac menu bar when Tailscale is running, go to the "Exit Nodes" submenu, then select the linux box

  9. Traffic is now being proxied through the US-located linux machine

  10. Since I don't want (for now) to use Tailscale all the time, I turn Tailscale off:

    1. On the linux box tailscale down

    2. On the Mac, via the Tailscale menu, reset the exit node to "None"

    3. Turn the green "Connected" switch to gray "Not Connected"

    4. Via the Tailscale menu again, quit the Tailscale app

    Hopefully now I am back to ordinary networking.

I think (hope) that at any time, I can rerun the Tailscale app on my Mac, restore the "Not Connected" switch to "Connected", rerun tailscale up --advertise-exit-node on the linux box, then continue from Step 7 above.

On linux tailscale status will tell you whether tailscale is running. I reboot and check, to ensure Tailscale is not set to start-up on boot.

↑↑↑