The Tailscale service addresses access between individual devices, especially if you don't have a public IP address. It's not always possible to have one, and for some internet providers, it's also quite expensive. For a single user, the Tailscale service is free with support for up to 100 devices. (You can easily add your spouse's or children's phones if needed.) We'll show you how to install Tailscale on a Raspberry Pi that you'll have at home and on a client device (Android, iPhone) from which you'll want to access your home Raspberry Pi. Our example will demonstrate remote access to OpenHAB running on a Raspberry Pi. However, the same setup applies to many other applications - home NAS, PiHole, Home Assistant, Domoticz, NextCloud, and others.
Hardware
Raspberry Pi 5 or older
Software
Tailscale
Internet connection without a public IPv4 address (if you have a public address, WireGuard is a more elegant solution)
Introduction
Tailscale is a commercial service that is free for a single user by default, with only registration required. It is based on the popular WireGuard protocol but adds additional components such as public servers and a central registration interface for IP allocation. After creating an account, you register a client (e.g., Android, iPhone, or laptop) and in our case, a Raspberry Pi where our smart home is running. The Tailscale application then creates a WireGuard tunnel where registered devices communicate securely and encrypted.
Note: It's possible to get access and add additional devices here through stolen username/password. It's thus a less secure option than WireGuard itself, which we set up on MikroTik, partly because with Tailscale, we use third-party servers.
How to Do It
First, register an account on Tailscale. Unfortunately, authentication is possible only through other services (Google, Microsoft, Apple, etc.)
Under Add device, you'll find links for various clients. You can easily find an app for Android, iPhone, or a link to download the client for Windows.
In our case, we selected the Android app. Download the app, open it, and enter the account details you used during registration. Once logged in, your phone will automatically be added to the "Devices" list.
Great. Now let's move to our Raspberry Pi. Connect via SSH. If you don't know how, check out our tutorial.
ssh openhabian@youripaddress
We'll install the necessary plugin:
sudo apt-get install apt-transport-https
Add the repository:
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
Note: This is the repository for Debian Bookworm (Raspberry Pi 5). If you have a different RPi or OS version, check here for the correct repository:
sudo apt-get update
sudo apt-get install tailscale
and finally:
sudo tailscale up
Copy the link into your browser and log in. After logging in, you'll see Success, and the Raspberry Pi will be added to the list of devices.
You can display your RPi's address in Tailscale using tailscale ip -4.
That's it!
Now, on your mobile phone, open the Tailscale app, activate the connection, and then enter the assigned address of your Raspberry Pi in Tailscale and the necessary port for the application in your browser. In our case (OpenHAB), it will be port 8080 for http:// or 8443 for https://
Hint:
After logging in to the Tailscale website, you'll have an overview of connected devices.
Add new comment