twhite96/tailscale-vps-firewall.md

## tailscale-vps-firewall.md

      
    Raw
  

              tailscale-vps-firewall.md
            
          
Taken from ChatGPT


Perfect — Ubuntu 24.04 makes things really smooth. Here’s a more tailored version for you:

🧰 How to Set Up Tailscale + Secure Tunnel on Ubuntu 24.04 VPS

1. ✅ Install Tailscale on Your VPS

SSH into your VPS and run:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
This will:


Install Tailscale


Prompt you to sign in via a browser (you can copy the link and open it locally)


After that, your VPS is in your Tailscale network.

2. 🧑💻 Install Tailscale on Your Local Machine

Do the same on your personal computer:


Download Tailscale


Sign in with the same account


Run tailscale up


3. 🔎 Find Your VPS Tailscale IP or Name

After connecting both devices:
You’ll see something like:
vps-name       100.101.102.103   linux   idle
You can now SSH into your VPS like:
ssh username@100.101.102.103
# Or
ssh username@vps-name.tailnet-name.ts.net

4. 🛡️ Lock Down Public SSH Access with UFW

This is the key part for keeping it secure while using a VPN:
Enable UFW and set it up:

sudo ufw default deny incoming
sudo ufw default allow outgoing
Allow SSH only from Tailscale IP range:

sudo ufw allow from 100.64.0.0/10 to any port 22 proto tcp

100.64.0.0/10 is the range used by Tailscale devices.

Enable UFW:

sudo ufw enable
sudo ufw status
Your VPS now:


Rejects all public SSH access


Accepts SSH only from your Tailscale-connected devices


Doesn’t care if your IP changes via your main VPN


🧠 Pro Tips


Enable MagicDNS in the Tailscale admin panel for easier hostname-based access.


You can add ACLs and device tags if you want to control access to certain machines.
No results found