Using Tailscale SSH in Docker Containers Without Host Access

1. The host environment is provided and cannot be modified
2. VNC is possible into a Docker container running on that host

I was able to get to the point of using Tailscale SSH in such an environment, so I'm sharing it here.

1. Install Tailscale
2. sudo tailscaled --tun=userspace-networking &
3. sudo tailscale up --ssh

Explanation

Normally, you would just run tailscaled as a systemd service, but since Docker doesn't use systemd as init, I'm starting it directly.
Furthermore, the crucial part is --tun=userspace-networking.
TUN is a virtual network driver usable in Linux, and its name reportedly comes from "network TUNnel."
Tailscale also uses the kernel's TUN, but inside a Docker container, there are usually no permissions like CAP_NET_ADMIN, so you cannot create or operate a TUN.
By specifying userspace-networking, communication can be handled entirely in user space without depending on the kernel's TUN, making it possible to run even in environments where the host cannot be modified. 💪
Finally, by enabling Tailscale SSH with tailscale up --ssh, you can SSH via the Tailscale network!

Enjoy your Tailscale SSH life!