Mesh VPN with Raspberry Pi 64-bit and Tailscale.
A few months ago, I needed a way to access my family member’s computers and networks for tech support purposes — the job that you are automatically assigned against your will when you know even a tiny bit of computers.
In the past, running OpenVPN was the norm. I ran it on my computer, router and even built my own PFSense box at one point. But it was always a hassle to setup and throughput was SLOW.
One day, a friend introduced me to Tailscale. It changed my life. I was able to get a Wireguard based mesh VPN running in minutes and connect to my family’s computers and networks that spread across three different countries. And best of all, the throughput was fast.
Of course, nothing is complete without a Raspberry Pi. In this article I’m going to show you some Tailscale speed tests on the Raspberry Pi.
What is Tailscale?
Tailscale is a zero config VPN based on WireGuard. Tailscale runs on macOS, iOS, Windows, Linux, and Android. Install it and it just works. You can go to Tailscale’s website to learn more about the technical details. https://tailscale.com/
In addition to being able to connect to all the computers in your VPN, you can also choose which computer in your VPN will act as an exit node. When a computer acts as an exit node, all the traffic is routed through that computer.
For example, if you have a Raspberry Pi running Tailscale in San Francisco, one in Vancouver, one in Hong Kong, and you are on your laptop in India and want to watch US Netflix, you can choose to route all the traffic from your laptop through your Pi in San Francisco! No need to pay for a VPN provider.
How Fast is Tailscale?
In a previous article, I’ve briefly tested Tailscale on the reTerminal running Raspberry Pi OS 32-bit:
The performance was usable but far from great. This is due to Tailscale running on ARM and 32-bit OS. ( https://github.com/tailscale/tailscale/issues/414 )
Since then, Raspberry Pi OS has gone 64-bit and Tailscale saw a few updates. In the following tests, we’ll be using Raspberry Pi OS 64-bit and Tailscale 64-bit comparing it to the 32-bit versions.
This is a Raspberry Pi 4B with 4gb ram in my SQ1 Case + Heatsink kit of my own design. Silent, passively cooled, and overclocked to 2.1ghz. You can buy the SQ1 Case + Heatsink kit at my shop: https://dickson.industries/products/sq1
This is the seeedStudio reServer i5 1135 with a Gen 11 Intel i5 CPU running PopOS acting as an exit node. I’ll have a review of this in a future article.
Baseline Throughput Test
This is the Raspberry Pi running speedtest-cli with no Tailscale on my 1 gigabit fiber internet connection.
Speedtest-cliDownload: 865.70 Mbit/sUpload: 754.57 Mbit/sLatency: 3.766 ms
Raspberry Pi OS 32-bit vs 64-bit with Tailscale — reServer as Exit Node.
The latency remains the same but the throughput increased by about 44 percent when compared against Raspberry Pi OS 32-bit. What an improvement going to 64-bit!
In this following test, we are going to use the Raspberry Pi with 64-bit OS running Tailscale as an exit node. The client will be an iMac 2020 with i7 8-core CPU. We’ll compare this with the reServer i5 also running as a Tailscale exit node.
Baseline Throughput Test
Speedtest of my iMac on my 1 gigabit fiber internet.
SpeedtestDownload: 930.29 Mbit/sUpload: 926.00 Mbit/sLatency: 1 ms
Raspberry Pi OS 64-bit Exit Node vs reServer i5 1135 Exit Node
Using the Raspberry Pi as a Tailscale exit node is awesome. Low latency and high throughput. Of course, it’s no match for a full blown x86 setup but we are talking about a Raspberry Pi here. Latency is within the margin of error.
I’m Sold! How do I set this up???
Setting up Tailscale is super easy. Create an account and download the software. If you are running macOS or Windows, download Tailscale from their website: https://tailscale.com/download
- To install on the Raspberry Pi, run their one command line install:
curl -fsSL https://tailscale.com/install.sh | sh
2. Then follow the procedure to authenticate your install.
3. Enable Magic DNS: https://tailscale.com/kb/1081/magicdns/
4. To setup the Raspberry Pi as an exit node, you’ll need to enable IP forwarding:
echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.confecho 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.confsudo sysctl -p /etc/sysctl.conf
5. Configure your Raspberry Pi to advertise as an Exit Node:
sudo tailscale up --advertise-exit-node
6. Go to your admin console and enable the Pi as an Exit Node. More information here: https://tailscale.com/kb/1103/exit-nodes/?q=exit%20node
You should be able to use the Raspberry Pi as an Exit Node where all traffic will be routed through the Pi. Now you can put a Tailscale enabled Pi at each of your relative’s place, friend’s place and at your local Starbucks. ;)