This repository contains a Magisk module for running Tailscale on rooted Android devices.
Tailscale is a networking tool that allows you to connect each of your devices as if they were on the same VPN. For example, an Android phone connected to the Tailscale network can communicate with any other device connected to Tailscale. You can install it on your PC and Android device and then connect them using the Tailscale IP. For more information, check out How Tailscale Works.
The Tailscale app on the Play Store runs with Android's VPN, which means you can't use Tailscale while another VPN is active. This Magisk module, on the other hand, allows you to use both an Android VPN and Tailscale at the same time.
su -c tailscale login
su -c tailscale set --accept-dns=false
After installation, the Tailscale daemon (tailscaled
) will run automatically on boot.
arm
or arm64
architecture, you can download manually for other architecture.tailscaled.tun.up
and tailscaled.tun.down
This module runs tailscaled
with the following command:
tailscaled -tun=userspace-networking -statedir=/data/adb/tailscale/tmp/ -state=/data/adb/tailscale/tmp/tailscaled.state -socket=/data/adb/tailscale/tmp/tailscaled.sock -port=41641
The state file for tailscaled is stored at /data/adb/tailscale/tmp/tailscaled.state
, and the log output is written to /data/adb/tailscale/run/tailscaled.log
.
tailscale
: This command is execute tailscale operation.tailscaled
: This command is execute tailscaled daemon operation.tailscaled.service
: This command for manage tailscaled service, you can start,stop,restart daemon and view live logs the tailscaled operation.tailscaled.tun
: This command is for manage hev-socks5-tunnel.You can use Tailscale to connect SSH from Termux on Android to a Windows PC. Here's how:
apt update && apt upgrade
apt install openssh
passwd
Enter your password when prompted, for example, 123
.
sshd
tailscale ip
or check your IP in the Tailscale Admin Dashboard.ssh <root>@<tailscale_ip> -p 8022
For example:
ssh root@100.95.95.95 -p 8022
You can also enable SSH access to your Android device using Tailscale SSH. To do this, advertise SSH on the host with the command tailscale up --ssh
.
By default, Tailscale's SSH feature may not work on Android because it requires getent
, which is part of GNU libc, and relies on glibc-specific features like nsswitch.conf.
To overcome this, I've created a mock getent
and placed it in tailscale/bin/
. This mock getent
is used by Tailscale's userLookupGetent function.
After advertising SSH on the host, you can SSH into your Android device using ssh root@<tailscale_ip>
.
You can run ADB over Tailscale. First, you need to enable ADB over TCP/IP. You can do this with the following commands:
setprop service.adb.tcp.port 5555
stop adbd
start adbd
These commands set the ADB daemon to listen on TCP port 5555 and then restart the ADB daemon to apply the change.
After enabling ADB over TCP/IP, you can connect to your Android device from your Windows machine using the adb connect
command followed by your Tailscale IP and the port number:
adb connect <tailscale_ip>:5555
USAGE
tailscale [flags] <subcommand> [command flags]
For help on subcommands, add --help after: "tailscale status --help".
This CLI is still under active development. Commands and flags will
change in the future.
SUBCOMMANDS
up Connect to Tailscale, logging in if needed
down Disconnect from Tailscale
set Change specified preferences
login Log in to a Tailscale account
logout Disconnect from Tailscale and expire current node key
switch Switches to a different Tailscale account
configure [ALPHA] Configure the host to enable more Tailscale features
netcheck Print an analysis of local network conditions
ip Show Tailscale IP addresses
status Show state of tailscaled and its connections
ping Ping a host at the Tailscale layer, see how it routed
nc Connect to a port on a host, connected to stdin/stdout
ssh SSH to a Tailscale machine
funnel Turn on/off Funnel service
serve Serve content and local servers
version Print Tailscale version
web Run a web server for controlling Tailscale
file Send or receive files
bugreport Print a shareable identifier to help diagnose issues
cert Get TLS certs
lock Manage tailnet lock
licenses Get open source license information
exit-node
FLAGS
--socket string
path to tailscaled socket (default /var/run/tailscale/tailscaled.sock)
For more details about CLI commands, check out the Tailscale CLI documentation.
Tailscale has manny issues. You can check them out here.
This module runs the tailscaled
binary in userspace-networking mode. To access other devices in the tailnet, you must use a local proxy on port 1099. I've implemented a workaround using hev-socks5-tunnel
to tunnel local socks5 on port 1099 and bind it to the interface named tailscale0
.
Please note, this tailscale0
interface is different from the original tailscale0
interface on Linux. In Linux, tailscale0
is managed by the tailscaled
daemon, whereas in this module, tailscale0
is managed by hev-socks5-tunnel
. The default gateway is 100.100.100.100
, as defined in the tailscaled.tun.config.yaml
file.
This solution should work on most common devices. However, if you encounter problems accessing other tailnet devices, follow these troubleshooting steps:
Verify that tailscaled.service
is running. If not, restart it with tailscaled.service restart
.
Verify that tailscaled.tun
is running. If not, restart it with tailscaled.tun restart
.
Check if your device is connected to tailscaled and try a ping connection with tailscale ping <your_tailnet_ip>
.
Verify the port you want to access is accessible. You can do this by accessing it with another tailscale device or using the Tailscale Android App.
Check if the local socks5 server is working with curl. Execute the following command:
curl 1.1.1.1 -vI -x localhost:1099
If it connects, then the local socks5 server is running and working.
Check if the local socks5 server can connect to the tailnet network.
curl <your_tailnet_ip>:<port> -vI -x localhost:1099
If it connects, then the local socks5 server is functioning correctly.
Finally, check the connection directly with curl <your_tailnet_ip>:<port> -vI
.
If the last step fails, the problem likely lies with socks5-tun
. Verify there is an interface named tailscale0
. If it exists, the problem may be with the iptables route, either due to a conflict with another rule or some other issue. Feel free to explore your own solutions. If you're unable to resolve the issue, contact me on Telegram and I'll see if I can assist you.
Yes because we need define the routes with iptables
in file tailscaled.tun.up
and tailscaled.tun.down
, you can check this issue reference.
I suppose you're already know the iptables works, if dont, there are chatAI to ask.
You can copy whole tailscaled.tun.up
script to chatAI and send instruction with please add 192.168.1.1/24 to this route, also dont forget tailscaled.tun.down
If you still can't do it by yourself, I'm verry welcome to people who needs help.
You can check this issue reference.
Unfortunately, I'm verry lazy to learn ipv6.
Check this. Also explore on the issue first, then you can ask trough telegram.
You can explore to the issue tab, if there not exists, you can open issue, for help me resolve the problem, you can include fresh log.
tailscaled.service restart
/data/adb/tailscale/run/tailscaled.log
This module is confirmed to be supported for KernelSU, as confirmed by the author of KernelSU. If you encounter any problems, please let me know.
For more information, check out the links below:
This module is provided as-is, I'm not employee at official tailscale, not a verry genius people which can resolve all your problem. This module is not affiliated with the official Tailscale. It is a third-party implementation and the author is not responsible for any damage to your device that may occur from its use. Use at your own risk. Any improvements is required, any PR is verry required, not just welcome.
Released under BSD 3-Clause License.