SSH SOCKS proxy but it's Tailscale

Have you ever run ssh -D 9999 somehost?
You might find the rest of this interesting.

I'm not going to go into detail for the use cases of why you might want to use a SOCKS proxy with e.g. your web browser, but if, like me, you've ever done it, you might be interested in this method of doing something comparable with Tailscale. You'll need an existing Tailscale account and an exit node set up.

Run the daemon using userspace networking

tailscaled -tun userspace-networking -socket ~/.ssh/tailscale.socket -state ~/.ssh/tailscale.state -socks5-server localhost:9999 &

Configure it to use your exitnode and give it an identifiable hostname (you'll need to then auth the machine):

tailscale -socket ~/.ssh/tailscale.socket up --exit-node exitnode --hostname=laptop-proxy

Now you can configure your browser (I find Firefox easiest to use for this purpose) to use the SOCKS proxy just as you would have when you used SSH.

This can even be run on a machine that is already set up for Tailscale allowing use of the exit node just for this particular browser while all other network traffic from the machine behaves normally.

The tailscale.state file is sensitive; it contains the private key used for the wireguard traffic from this tailscaled process. Protect it. I put it in my .ssh directory to remind me of that.

References:

• https://tailscale.com/kb/1112/userspace-networking/
• https://tailscale.com/kb/1103/exit-nodes/