Route traffic through a VPS in another country via Tailscale. $5/month on Vultr with Alpine Linux.

Prerequisites

  • Tailscale account and client installed locally
  • SSH key pair
  • Vultr account

Create VPS

Via Web UI

  1. Deploy โ†’ Cloud Compute โ†’ Shared CPU
  2. Location: Mexico City (or your choice)
  3. Image: Alpine Linux
  4. Plan: $5/month (1GB RAM)
  5. SSH Keys: Add your public key
  6. Hostname: mx-exit
  7. Deploy

Via API

Get API key from https://my.vultr.com/settings/#settingsapi

# Get SSH key ID
curl -s "https://api.vultr.com/v2/ssh-keys" \
  -H "Authorization: Bearer YOUR_API_KEY" | jq '.ssh_keys[] | {id, name}'

# Get Alpine OS ID
curl -s "https://api.vultr.com/v2/os" \
  -H "Authorization: Bearer YOUR_API_KEY" | jq '.os[] | select(.name | test("Alpine"))'

# Create instance (mex = Mexico City, yto = Toronto, lhr = London)
curl -s "https://api.vultr.com/v2/instances" \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -X POST \
  -d '{
    "region": "mex",
    "plan": "vc2-1c-1gb",
    "os_id": 2076,
    "label": "mx-exit",
    "hostname": "mx-exit",
    "sshkey_id": ["YOUR_SSH_KEY_ID"],
    "backups": "disabled"
  }'

SSH Config

Add to ~/.ssh/config:

Host mx-exit
  HostName YOUR_VPS_IP
  User root
  IdentityFile ~/.ssh/id_ed25519
  IdentitiesOnly yes

VPS Setup

SSH in and run:

# Update and install Tailscale
apk update && apk upgrade
apk add tailscale

# Start Tailscale
rc-update add tailscale default
rc-service tailscale start

# Enable IP forwarding
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.all.forwarding = 1" >> /etc/sysctl.conf
sysctl -p

# Advertise as exit node
tailscale up --advertise-exit-node

Open the auth URL it prints, then:

# Disable password auth
sed -i 's/#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
rc-service sshd restart

Tailscale Admin Console

At https://login.tailscale.com/admin/machines:

  1. Find your VPS โ†’ three dots โ†’ “Edit route settings”
  2. Enable “Use as exit node”
  3. Click “Disable key expiry” (prevents 180-day timeout)

Usage

# Route through exit node
sudo tailscale set --exit-node=mx-exit

# Verify
curl ifconfig.me

# Stop using exit node
sudo tailscale set --exit-node=

# Allow LAN access while using exit node
sudo tailscale set --exit-node=mx-exit --exit-node-allow-lan-access

On mobile: Tailscale app โ†’ Exit Node โ†’ select your VPS.

Optional: Automatic Updates

cat > /etc/periodic/weekly/upgrade << 'EOF'
#!/bin/sh
apk update && apk upgrade
EOF

chmod +x /etc/periodic/weekly/upgrade
rc-update add crond default
rc-service crond start

Troubleshooting

# Check connection type (should say "direct", not "relay")
tailscale status

# Check IP forwarding
sysctl net.ipv4.ip_forward

# Check VPS resources
top

Relay connection = firewall blocking UDP. Still works but slower.