Unlock Secure Freedom - Route All Traffic Through Tailscale + Gluetun
Introduction
Ever wished you could route all your devices’ traffic through a single, secure VPN—without jumping through too many hoops? Meet Tailscale, a powerful yet user-friendly VPN service that easily links all your devices under one private network. In this guide, we’ll pair Tailscale with Gluetun on a VPS, creating a robust setup that routes your entire connection securely through another VPN provider.
Prerequisites
Make sure you have the following on hand before you start:
- [ ] A Tailscale account
- [ ] A VPS running Docker (no worries, we won’t use this VPS as an exit node; it’s just your secure hub)
- Recommendation: Hetzner offers excellent performance at a great price. (This is an affiliate link.)
- [ ] A VPN provider account (we’ll use Gluetun for this guide)
- Recommendation: Windscribe is a reliable, privacy-focused VPN provider. (This is an affiliate link.)
Step-by-Step Instructions
1. Install Docker and Docker Compose on Your VPS
First, install Docker with a handy one-liner, then add your current user to the Docker group:
curl -fsSL https://get.docker.com | sh
sudo usermod -aG docker $USER
2. Use This Docker Compose Configuration
Create a docker-compose.yml with the following content. This configuration pulls in Gluetun for VPN functionality and Tailscale for seamless, private networking. Tailscale will advertise itself as an exit node, allowing you to route all traffic through it.
volumes:
ts-data:
services:
# For additional VPN service providers, see: https://github.com/qdm12/gluetun-wiki
gluetun:
image: qmcgaw/gluetun
restart: unless-stopped
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_SERVICE_PROVIDER=${PROVIDER}
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=${VPN_PRIVATE_KEY}
- WIREGUARD_ADDRESSES=${VPN_ADDRESSES}
- WIREGUARD_PRESHARED_KEY=${VPN_PRESHARED_KEY}
- SERVER_REGIONS=${SERVER_REGIONS}
tailscale-vpn-exit-node:
image: tailscale/tailscale:latest
container_name: tailscale-vpn-exit-node
network_mode: service:gluetun
environment:
- TS_AUTHKEY=${TAILSCALE_AUTHKEY}
- TS_EXTRA_ARGS=--advertise-exit-node # or --advertise-tags=tag:vpn
- TS_STATE_DIR=/var/lib/tailscale
- TS_HOSTNAME=vpn-${SERVER_REGIONS}
volumes:
- ts-data:/var/lib/tailscale
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
- NET_RAW
restart: unless-stopped
depends_on:
gluetun:
condition: service_healthy
3. Spin It All Up
Fire up your new setup:
docker-compose up -d
4. Connect Your Devices
- Install Tailscale on each device you want to secure.
- In the Tailscale admin panel, enable your newly created exit node.
- Connect to Tailscale—now your traffic will be safely routed through Gluetun.
5. Bask in Secure Browsing
That’s it! Your devices are now shielded behind Gluetun’s VPN, with Tailscale delivering a seamless private connection experience. Browse, stream, and work securely on any network.
Conclusion
By pairing Tailscale and Gluetun, you’ve built a reliable, encrypted path for all your internet traffic. No complicated configurations or manual networks—just straightforward, powerful privacy.
