Tailscale makes accessing your NAS from anywhere super easy, without port forwarding, and is therefore very popular. It is lightweight and secure and we have received many requests to install it on QNAP and Synology.
There is already an installation package for Synology, but not for QNAP. One option for QNAP is to first create a QPKG for QNAP and then install it- but that needs you to know how to use make.
However, there is an easier way to install Tailscale on QNAP with Docker using QNAP's Container Station.
The only downside to using QNAP GUI is that you can not use the - - authkey option with it. The created client is an ephemeral node - every time this container is restarted , you need to visit the web interface and reauthorize. Not that containers are restarted frequently or reauthorization is a big deal, but you should know that you can not use authkey.
And of course, tailscale only creates a tunnel to one device ( QNAP in this case) . Do not expect to be able to access your entire network like you can with OpenVPN. There is one option, but it requires additional configuration and we will save that for another time.
This turtorial is also available as a video on youtube now.
Step 1: Create your tailscale container on QNAP and run it
Start the container station and search for tailscale. We will use the official tailscale image. You will see many other images, but for security reasons it is better to use the official image.
Select it and create a new container. The only option you need to change is the network mode from default NAT to host
Step 2 : Find your tailscale auth link and add your QNAP as a node
In the command window of your container, you will find the Auth link. Go to this link, log in and add it to your network.
You can now download the client for another device, add that device to your network, and access your QNAP from any device logged into your Tailscale account.
Running Tailscale in Ephemeral mode
You can run tailscale in ephemeral mode by specifying auth key as TS_AUTH_KEY environmental variable. When you do so you don't have to authenticate by visiting the auth link.
Step 1 : Obtain your Auth key
Login to tailscale. Go to settings -> personal settings -> keys -> auth key. Here you can generate a key ( go with reusable key ). They key is generated and shown only once to you, so you need to copy it when its displayed.
Step 2 : At the time of creating the container you can specify your env variable with the name of TS_AUTH_KEY and value as the value that you got from step 1
