About me: My name is Solène Rapenne, pronouns she/her. I like learning and sharing knowledge. Hobbies: '(Qubes OS BSD OpenBSD Lisp cmdline gaming security QubesOS internet-stuff). I love percent and lambda characters. Qubes OS core team member, former OpenBSD developer solene@. No AI is involved in this blog.

Contact me: solene at dataswamp dot org or @solene@bsd.network (mastodon).

I'm a freelance OpenBSD, FreeBSD, Linux and Qubes OS consultant, this includes DevOps, DevSecOps, technical writing or documentation work.

File transfer made easier with Tailscale

Written by Solène, on 08 March 2026.
Tags: #security #privacy #linux #vpn

Comments on Fediverse/Mastodon

1. Introduction §

Since I started using Tailscale (using my own headscale server), I've been enjoying it a lot. The file transfer feature is particularly useful with other devices.

This blog post explains my small setup to enhance the user experience.

2. Quick introduction §

Tailscale is a network service that allows to enroll devices into a mesh VPN based on WireGuard, this mean every peer connects to every peers, this is not really manageable without some lot of work. It also allows automatic DNS assignment, access control, SSH service and lot of features.

Tailscale refers to both the service and the client. The service is closed source, but not the client. There is a reimplementation of the server called Headscale that you can use with the tailscale client.

Tailscale official website

Headscale official website

3. Automatically receive files §

When you want to receive a file from Tailscale on your desktop system, you need to manually run tailscale file get --wait $DEST, this is rather not practical and annoying to me.

I wrote a systemd service that starts the tailscale command at boot, really it is nothing fancy but it is not something available out of the box.

In the directory ~/.config/systemd/user/ edit the file tailscale-receiver.service with this content: 

[Unit]
Description=tailscale receive file
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/tailscale file get --wait --loop /%h/Documents/
Restart=always
RestartSec=5

[Install]
WantedBy=default.target

The path /%h/Documents/ will expand to /$HOME/Documents/ (the first / may be too much, but I keep it just in case), you can modify it to your needs.

Enable and start the service with the command: 

systemctl --user daemon-reload
systemctl --enable --now tailscale-receiver.service

4. Send files from Nautilus §

When sending files, it is possible to use tailscale file cp $file $target: but it is much more convenient to have it directly from the GUI, especially when you do not know all the remotes names. This also makes it easier for family member who may not want to fire up a terminal to send a file.

Someone wrote a short python script to add this "Send to" feature to Nautilus

Script flightmansam/nautilus-sendto-tailscale-python

Create the directory ~/.local/share/nautilus-python/extensions/ and save the file nautilus-send-to-tailscale.py in it.

Make sure you have the package "nautilus-python" installed, on Fedora it is nautilus-python while on Ubuntu it is python3-nautilus, so your mileage may vary.

Make sure to restart nautilus, a killall nautilus should work but otherwise just logout the user and log back. In Nautilus, in the contextual menu (right click), you should see "Send to Tailscale" and a sub menu should show the hosts.

5. Conclusion §

Tailscale is a fantastic technology, having a mesh VPN network allows to secure access to internal services without exposing anything to the Internet. And because it features direct access between peers, it also enables some interesting uses like fast file transfer or VOIP calls without a relay.