To automatically authenticate Tailscale on startup in Ubuntu, follow these steps:
-
Generate a reusable auth key from the Tailscale admin console at https://login.tailscale.com/admin/authkeys. Make sure to select the appropriate options for your use case (e.g., whether the node is ephemeral or not).
-
On your Ubuntu machine, run the following commands to set up the auth key and create a systemd service:
# Create a directory for the auth key
sudo mkdir -p /etc/tailscale
# Store the auth key in a file with secure permissions
# Replace 'tskey-auth-abc123' with the actual auth key you generated.
echo "tskey-auth-abc123" | sudo tee /etc/tailscale/authkey
sudo chmod 600 /etc/tailscale/authkey
# Create the systemd service file
sudo tee /etc/systemd/system/tailscale-up.service <<EOF
[Unit]
Description=Tailscale Up
After=tailscaled.service network-online.target
Requires=tailscaled.service
Wants=network-online.target
[Service]
ExecStart=/usr/bin/tailscale up ––auth–key file:/etc/tailscale/authkey ––accept–routes
Restart=on–failure
RestartSec=5s
StartLimitInterval=60s
StartLimitBurst=3
[Install]
WantedBy=multi-user.target
EOF
# Enable and start the new service
sudo systemctl daemon-reload
sudo systemctl enable tailscale-up.service
sudo systemctl start tailscale-up.service- Verify that the service is running correctly:
sudo systemctl status tailscale-up.service
tailscale status- If you need to update the auth key in the future, simply update the
/etc/tailscale/authkeyfile with the new key and restart the service:
sudo systemctl restart tailscale-up.serviceThis setup will ensure that your machine automatically authenticates and connects to the Tailscale network on boot. Make sure to adjust the flags in the tailscale up command (e.g., --accept-routes, --accept-dns) based on your specific requirements.
If you encounter any issues, you can check the logs for the service with:
sudo journalctl -u tailscale-up.serviceThis should help you diagnose any problems with the authentication process.