How to Set Up Tailscale on pfSense

  • Post author:WunderTech
  • Post last modified:November 14, 2023
  • Post category:pfSense
  • Reading time:9 mins read

Share what you're reading!

In this article, we will look at how to set up Tailscale on pfSense.

Tailscale is a zero-configuration VPN, which means that without any port forwarding, you’ll be able to access all the devices on your local network. Now that Tailscale is supported on pfSense, it’s a great location to run Tailscale.

Please keep in mind that if you’d like to utilize a more traditional VPN, you can still set up OpenVPN or WireGuard. However, both of these options require port forwarding, whereas Tailscale doesn’t. From a pure configuration standpoint, Tailscale is incredibly easy to set up and we’ll look at how to set up Tailscale on pfSense below.

How to Set Up Tailscale on pfSense

Please run the steps below to set up Tailscale on pfSense.

1. Select System, then Package Manager.

opening the package manager in pfsense.

2. Search for Tailscale, then install the Tailscale package.

how to set up tailscale on pfsense - searching for and downloading the tailscale package.

3. Select VPN, then Tailscale to launch the Tailscale settings.

viewing tailscale under the vpn settings.

4. At this point, we need to configure the pre-authentication key. This can be created on the Tailscale website. If you don’t already have an account, create one, then log in and select Settings, then Keys.

configuring an auth key on the tailscale website.

5. Select generate auth key so that we can create the key for pfSense. Select Generate Key (the settings can stay as default).

generating an auth key in pfsense for tailscale.

6. After the key has been generated, copy it, then go back to the Authentication section of Tailscale on pfSense.

copying the auth key generated.

7. Paste the key that was just created, then select save.

adding the auth key to the tailscale configuration.

8. After saving, select Settings, then enable Tailscale and Save.

enabling the tailscale tunnel in pfsense.

Exit Node Configuration

If you set up Tailscale as an Exit Node, the Exit Node can be used as a full-tunnel VPN. The image below shows what a full-tunnel vs split-tunnel VPN is, but the important point is that all traffic will be routed through Tailscale if you use an exit node. Therefore, if you’re on public Wi-Fi, it’s probably a good idea to use this feature as you’ll be tunneling all traffic through pfSense (thus, securing the connection).

showing how a split-tunnel vpn routes only local traffic to the network while a full tunnel routes everything.

A few things must be configured to set this an exit node in Tailscale:

1. Inside the Tailscale settings on pfSense, enable the offer to be an exit node for outbound internet traffic from the Tailscale network option. Also, set the Advertised Routes as your local subnet (that you’d like to be able to access from external networks), then save.

setting the advertised routes and if the device should advertise as an exit node.

2. On the Tailscale website, select Machines, then the three ellipses next to your pfSense system, then Edit Route Settings.

viewing the route settings on the tailscale webpage.

3. Select use as exit node. The exit node functionality is now set up and can be used by client devices.

using pfsense as an exit node.

4. On whatever application you’re using, select Use Exit Node and change the exit node to be pfSense. If you do not want to use the exit node, select None, but ensure that Allow LAN Access is enabled so that you’re able to connect to your local devices.

forcing the android tailscale app to use the exit node of pfsense.

5. Tailscale is now configured! You can now add other devices or simply connect to Tailscale from an external network to access all of your local devices.

Conclusion & Final Thoughts

This tutorial looked at how to set up Tailscale on pfSense. Tailscale couldn’t possibly be easier to set up and it’s (in my opinion) the easiest and fastest way of setting up a VPN server on pfSense. It is important to note that this isn’t a traditional VPN the way that OpenVPN or WireGuard is, but it’s the fastest way to access your local network and doesn’t require any port forwarding.

Thanks for checking out the tutorial on how to set up Tailscale on pfSense. If you have any questions, please leave them in the comments!


Frank is an IT professional with 14+ years experience and the creator of WunderTech. He focuses on sharing his experience with others on computer hardware, servers, software, networking, and self-hosted apps. He has a BS in Computer Information Systems and an MBA. Learn more about Frank in his bio.