Previously we looked at how to access services hosted on your home network via a VPN, using OpenVPN running on our TP-Link router. But what if you don’t have a router that can run OPenVPN? Well, we are busy building our own homelab, so let’s get our own VPN server installed. We are going to use the most popular VPN service called Tailscale. Tailscale is a mesh VPN service that uses the WireGuard protocol to create a private, encrypted network between your devices. It simplifies connecting devices and services across different networks, offering a more efficient and secure alternative to traditional VPNs. However, to make it easier, we are going to install Headscale: A single node solution that aims to implement a self-hosted, open source alternative to Tailscale.
Step 1: Get the Headscale Installer Script
We are going to use the amazing helper-scripts.com again for our script to get a LXC Container up and running that contains Headscale. On helper-scripts, search for Headscale. Tehre should only be one search result. Read though it and get the command ready to run.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/headscale.sh)"As a side note, you can also search for Tailscale and read the instructions. You will see that it runs on the main Proxmox node(s) and not in a seperate LXC container or VM. Yes, it is possible to run Tailscale in a LXC container or VM, but that is kinda what Headscale is anyway, so it just makes sense to make it easier to implement using Headscale. We might implement a full mesh VPN with Tailscale sometime in the future when we have multiple Proxmox nodes running at the same time.
Step 2: Install a new Headscale LXC
Now that we have the command to install a new instance, open a new browser window and navigate to your Proxmox. Log in and in the left navigation lane expand Datacenter. Select the Promox node you want to install Headscaleon and in the middle navigation pane, select 
. Paste the command and press enter.
bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/headscale.sh)"The install will start. The first screen will just be a prompt to confirm that we want to install Headscale. Select yes and continue. The next will be a selection of settings. We are happy with the default settings, so we are selecting that and continuing. Feel free to select the custom settings option if you want to change any settings. If you have multiple disks, the next prompt will ask you to select a location where to install Headscale. Select a disk and continue. Installation will now start and should complete fairly quickly.
If you want, configure either your router’s address reservation or in the settings on the newly created LXC so that this Headscale server has a static IP address. We are going to need it it keep the same IP address for our configuration section.
Configuration is a bit trickier than a normal container or VM we have installed previously, so we are going to dedicate an entire article to it.
Conclusion
Although the next instalment on the configuration of Headscale is a bit trickier, we are going to break it down into easy-to-understand bits. For now, we have a brand new Headscale server up and running, serving as a single entry point VPN server for our connections. We can’t see this server yet and there is no Interface we can access, but all of that will change in tomorrow’s article on the configuration of our Headscale server. Stay tuned!