When you enable the exit node on a client device, all internet traffic from that device is routed through this VPS before going to the public internet.
Your Device (home IP hidden)
|
| [Tailscale encrypted tunnel]
v
Hostinger VPS (31.220.104.201)
|
| [all internet traffic exits from here]
v
The Internet
| Traffic Type | Routed Through VPS? | Notes |
|---|---|---|
| Web browsing (HTTP/HTTPS) | YES | Websites see the VPS IP, not your home IP |
| DNS queries | YES | DNS resolution happens from the VPS |
| App traffic | YES | All TCP/UDP goes through the tunnel |
| Local network traffic | NO | Devices on your LAN are unaffected |
31.220.104.201 (the VPS) insteadTailscale exit nodes use Linux's IP forwarding and NAT (masquerading). When enabled:
31.220.104.201)The entire tunnel is encrypted with WireGuard -- neither your ISP nor any intermediate network can see the content.
https://ifconfig.me -- it should show 31.220.104.201https://ifconfig.me in your browser# List available exit nodes
tailscale status | grep exit
# Enable exit node
sudo tailscale set --exit-node=vps-t --exit-node-allow-lan-access=true
# Verify
curl ifconfig.me
# Should show: 31.220.104.201
# Disable exit node (go back to direct)
sudo tailscale set --exit-node=
The exit node is already configured on the VPS:
# Tailscale is running with exit node flags
tailscale up --advertise-exit-node --advertise-routes=0.0.0.0/0,::/0
# IP forwarding is enabled
sysctl net.ipv4.ip_forward=1 # = 1
sysctl net.ipv6.conf.all.forwarding=1 # = 1
# NAT/masquerade rules are active
iptables -t nat -L POSTROUTING # MASQUERADE rules present
The exit node was approved in the Tailscale admin console.