Using Tailscale to bypass Internet Censorship

This is a quick guide on how to use Tailscale and turn a Raspberry Pi into a low maintenance personal proxy server.

hile proxy servers have many uses, I created this guide specifically to help friends and family bypass internet filtering in Iran by rerouting their public internet traffic through this server.

Why Tailscale?

I chose Tailscale after using it as a VPN for my personal devices. It’s impressively user-friendly, which is uncommon for networking software. Recently, I discovered Tailscale has an exit node feature which is a great fit for running a proxy to tunnel internet traffic.

Raspberry Pi

I chose a Raspberry Pi for this project because it’s both affordable (under $100 CAD) and can run continuously without keeping a personal computer on. I’m using a Raspberry Pi 4 with 32GB of memory, running Raspberry Pi OS (based on Debian 10 Buster). However, this guide should work with other Raspberry Pi models as well.

$ cat /sys/firmware/devicetree/base/model
Raspberry Pi 4 Model B Rev 1.4


$ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 10 (buster)
Release:	10
Codename:	buster

Install Tailscale

To install Tailscale on Raspberry Pi follow their instruction

Enable IP forwarding

First, we need to enable IP forwarding on your Raspberry Pi. Edit the /etc/sysctl.conf file and uncomment these two lines:

$ sudo vim /etc/sysctl.conf
# Uncomment the following
# net.ipv4.ip_forward=1
# net.ipv6.conf.all.forwarding=1

Then reload the sysctl configuration to apply the changes.

$ sudo sysctl -p /etc/sysctl.conf

Enable tailscale and make it advertise as an exit node

Since this Raspberry Pi will act as a server, I decided to set it the Tailscale up with no key expiry.

Now enable Tailscale with the exit node option:

$ sudo tailscale up --advertise-exit-node --reset

This will warn you if your IP forwarding is not setup properly. If it is then you are in business.

Exit node is advertised but not yet enabled

At this point your should be able to see “Exit Node” label next to this machine in your Tailscale adming consode. The final step is to actually enable this node as an Exit Node from your Tailscale admin console.

Exit node is enabled in your Tailscale network

Congratulations! You can now use this node to route traffic from any other Tailscale node in your network.

Sharing exit node with others

At this point, I, the owner of Tailscale network, is the only user that can use this new exit node. To enable others to use this node, we use another Tailscale feature: *shared nodes.

I can share any node on my network with any other Tailscale users and it becomes part of thier network. Sharing the exit node allows them to use it as a proxy too!

The steps are simple:

  1. Ask your friend to install Tailscale application on their device.
  2. Send them an invitation for this node.
  3. They can now see the exit node using Tailscale app on their device and use it on demand.
Sharing exit node with others