Unlock Secure Freedom - Route All Traffic Through Tailscale + Gluetun

December 31, 20242 min read399 words

iPhone with VPN service enabled in hand

Introduction

Ever wished you could route all your devices’ traffic through a single, secure VPN—without jumping through too many hoops? Meet Tailscale, a powerful yet user-friendly VPN service that easily links all your devices under one private network. In this guide, we’ll pair Tailscale with Gluetun on a VPS, creating a robust setup that routes your entire connection securely through another VPN provider.

Prerequisites

Make sure you have the following on hand before you start:

  • A Tailscale account
  • A VPS running Docker (no worries, we won’t use this VPS as an exit node; it’s just your secure hub)
    • Recommendation: Hetzner offers excellent performance at a great price. (This is an affiliate link.)
  • A VPN provider account (we’ll use Gluetun for this guide)
    • Recommendation: Windscribe is a reliable, privacy-focused VPN provider. (This is an affiliate link.)

Step-by-Step Instructions

1. Install Docker and Docker Compose on Your VPS

First, install Docker with a handy one-liner, then add your current user to the Docker group:

curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER

2. Use This Docker Compose Configuration

Create a docker-compose.yml with the following content. This configuration pulls in Gluetun for VPN functionality and Tailscale for seamless, private networking. Tailscale will advertise itself as an exit node, allowing you to route all traffic through it.

volumes:
  ts-data:

services:
  # For additional VPN service providers, see: https://github.com/qdm12/gluetun-wiki
  gluetun:
    image: qmcgaw/gluetun
    restart: unless-stopped
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_SERVICE_PROVIDER=${PROVIDER}
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=${VPN_PRIVATE_KEY}
      - WIREGUARD_ADDRESSES=${VPN_ADDRESSES}
      - WIREGUARD_PRESHARED_KEY=${VPN_PRESHARED_KEY}
      - SERVER_REGIONS=${SERVER_REGIONS}

  tailscale-vpn-exit-node:
    image: tailscale/tailscale:latest
    container_name: tailscale-vpn-exit-node
    network_mode: service:gluetun
    environment:
      - TS_AUTHKEY=${TAILSCALE_AUTHKEY}
      - TS_EXTRA_ARGS=--advertise-exit-node  # or --advertise-tags=tag:vpn
      - TS_STATE_DIR=/var/lib/tailscale
      - TS_HOSTNAME=vpn-${SERVER_REGIONS}
    volumes:
      - ts-data:/var/lib/tailscale
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW
    restart: unless-stopped
    depends_on:
      gluetun:
        condition: service_healthy

3. Spin It All Up

Fire up your new setup:

docker-compose up -d

4. Connect Your Devices

  • Install Tailscale on each device you want to secure.
  • In the Tailscale admin panel, enable your newly created exit node.
  • Connect to Tailscale—now your traffic will be safely routed through Gluetun.

5. Bask in Secure Browsing

That’s it! Your devices are now shielded behind Gluetun’s VPN, with Tailscale delivering a seamless private connection experience. Browse, stream, and work securely on any network. Conclusion

By pairing Tailscale and Gluetun, you’ve built a reliable, encrypted path for all your internet traffic. No complicated configurations or manual networks—just straightforward, powerful privacy.

Further Reading

Buy Me a Coffee at ko-fi.com

Website created by Yassine Fathi © 2024