Can I use tailscale to access my raspberry pi from outside my local network?


I have a simple set up.

  • Main laptop is a Mac
  • I use syncthing to back up my files to a Raspberry pi.

I want to access the GUI interface of the Raspberry pi from outside my local lan. What is the best way to do so? I was thinking on installing Tailscale but I am not clear how to access the GUI.


Normally, you just set the GUI listen address like this


and then connect to it remotely in a Web browser using the device’s IP address, e.g.

and so on. This is under the same LAN, of course, so you’ll probably need to figure out yourself how to set up such access in the VPN.

The best (more secure IMO, no need to trust another profitable third-party) way : install ssh server on the PI , set it up in /etc/ssh/sshd_config to prevent password authentication (PasswordAuthentication no) and create a key pair in the mac (ssh-keygen) whose you will copy the public part (content of default generated file) to the pi in ~/.ssh/authorized_keys (one single line per authorized key).

You must leave the ST GUI access set to

You have already set the pi LAN IP address as static or created a DHCP lease for it in your home router/gateway, and while still in the gateway settings, create a port forward to the pi’s sshd server for WAN access, e.g. ([any]:22922>>> So no need for a dedicated port forward for the ST GUI, the above single one can even be used to access the full PI desktop, regards to VNC RDP to pi’s localhost. Then:

Add 2 lines in the mac’s /etc/hosts file, one for the pi LAN ip, one other for your home’s WAN ip, e.g.

#strange aliases below to ease ssh... command single letter autocompletion, adapt as you like pi guipi wanpi remotepigui

Set/create the mac’s ~/.ssh/config file:

User pi
#hosts specific
#simple terminal
Host pi
  #nothing to specify here
Host wanpi
Port 22922
#gui access
Host guipi
LocalForward=8384 localhost:80
LocalCommand=firefox localhost:8384
Host remotepigui
Port 22922
LocalForward=8384 localhost:80
LocalCommand=firefox localhost:8384
#replace "localhost:8384" above with "https://localhost:8384" if you enabled HTTPS for the GUI in ST settings.

From the WAN you get the ST gui this way from within a terminal:

ssh r[TAB]emotepigui

I do this. It’s really easy to setup. Just put the tailscale ip for your divice in the syncthing address for that device. I normally do it after the normal address. That way it will search normal and if that does not work it will look for the tailscale ip.

Topic is a spam magnet