Skip to main content
HashnodeBlog | Padhi Mayank

Command Palette

Search for a command to run...

LXC Container + Tailscale Setup on Proxmox (We have got vpn at home)

Secure your Proxmox homelab by turning an LXC container into a Tailscale exit node and subnet router

Updated
2 min read
LXC Container + Tailscale Setup on Proxmox (We have got vpn at home)
M
Mayank Padhi
Part of seriesHome-Lab

LXC Container + Tailscale Setup on Proxmox

Part of the Proxmox Baremetal Journey series

I wanted to make my Proxmox homelab more secure and flexible by using Tailscale on an Ubuntu 22.04 LXC container. The end goal: turn the LXC into a subnet router and exit node for my entire Tailscale network. And later add IDS/IPS for experimentation. This post documents the steps to install and set-up tailscale.

Think of this as both a how-to guide and a "learn from my setup journey" story.

1. Preparing the LXC in Proxmox

When creating your container in Proxmox, you’ll need to enable nesting and ensure the tun device is available.

Here is my config : /etc/pve/lxc/100.conf (for container CT100):

arch: amd64
cores: 2
features: nesting=1
hostname: CT100
memory: 512
net0: name=eth0,bridge=vmbr0,hwaddr=BC:24:11:58:98:29,ip=dhcp,type=veth
rootfs: local-lvm:vm-100-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

2. Configure Netplan for Networking

Inside the container, set up DHCP with Netplan:

nano /etc/netplan/50-cloud-init.yaml

network:
  version: 2
  ethernets:
    eth0:
      dhcp4: true

Apply changes:

sudo netplan apply

Verify IP:

ip a

Screenshot of IP output:

Screenshot of netplan config:

3. Install Tailscale

Follow the official guide:

curl -fsSL https://tailscale.com/install.sh | sh

Bring Tailscale up:

sudo tailscale up

A browser window will open asking to connect your device.

Tailscale auth screen:

4. Enable Subnet Routing & Exit Node

Advertise your container as an exit node:

sudo tailscale up --advertise-exit-node

Or to route your LAN subnet:

sudo tailscale up --advertise-routes=<>

Approve routes in the Tailscale admin console.

5. Using the LXC as Exit Node

On another Tailscale device, set the container as your exit node:

sudo tailscale up --exit-node=<LXC_IP>

Replace <LXC_IP> with the container’s Tailscale or LAN IP.

6. Handling Key Expiry

By default, Tailscale auth keys expire. If you need reusable or long-lived keys, check Key Expiry Docs.

Generate and use reusable keys for automation.

Takeaways

  • Nesting + tun device are required in the LXC config.

  • Netplan must be configured with DHCP.

  • Tailscale can easily advertise routes and exit node.

  • Keys expire unless replaced with reusable ones.

With this setup, my Proxmox-hosted LXC is now a fully functioning VPN gateway + exit node for my Tailscale network.

#tailscale#lxc#virtual-machine#vpn#proxmox
9 views

Home-Lab

Part 4 of 5

I'll post updates on my current homelab here, focusing on significant changes to the network and other major projects ......

Up next

Installing Proxmox Backup Server (PBS) on Ubuntu 22.04 Laptop

When I first decided to try Proxmox Backup Server (PBS) on my Ubuntu 22.04 laptop, I thought it would be a quick setup. Spoiler: it wasn’t.

More from this blog

B

Blog | Padhi Mayank

8 posts

A tech journal by Mayank Padhi, documenting ML models, Linux experiments, and everything in between, for bits, bytes, and the bystanders watching him debug at 3AM.