Developer Demonstrates Tailscale Integration with OrbStack VMs on macOS

A developer has published a guide for integrating Tailscale VPN networking with OrbStack virtual machines on macOS, demonstrating secure credential handling and remote SSH access without exposing host ports.

Quick Facts

Who

Developer/contributor

What

Published a demonstration repository

When

2026-05-28

Where

macOS

Published a demonstration repository
Configured Ubuntu VM provisioning with cloud-init
Implemented Tailscale authentication with pre-authorized keys
Secured auth keys in Apple Keychain
Set up SSH access policies via ACLs

A developer has published a demonstration project showing how to integrate Tailscale networking with OrbStack virtual machines running on macOS. The project highlights OrbStack's ability to provision a fully capable Ubuntu Linux environment with native kernel modules, enabling Tailscale to use standard kernel networking rather than userspace alternatives.

The setup process involves using cloud-init to configure an Ubuntu VM with development packages and user profiles, then authenticating it to a Tailscale network using pre-authorized auth keys. A key innovation is the secure handling of authentication credentials on macOS: since guest VMs cannot directly access the host's security systems due to sandbox restrictions, the demonstration shows how to inject the Tailscale auth key from the host environment during provisioning, with the key stored in Apple Keychain.

The implementation enables several convenient access methods once configured. Users can connect via Tailscale SSH using MagicDNS naming, access the VM through OrbStack's built-in local SSH proxy, or use the OrbStack CLI directly. The setup also supports remote Git operations without additional authentication, allowing developers to clone repositories directly from the VM.

The project includes comprehensive configuration through Tailscale's Access Control Lists (ACLs), requiring administrators to define server tags, set SSH access policies, and generate reusable pre-authorized auth keys. The demonstration provides scripts for building the environment, storing credentials securely, running the setup, and cleaning up resources when no longer needed.

Topics

Technology

#ACLs #Tailscale #macOS #networking #OrbStack #Virtual machines #VPN #security #Cloud-init #Development tools #SSH #Ubuntu #Keychain

Why This Matters

This demonstration provides practical guidance for developers seeking secure, seamless networking between local development VMs and remote systems. By combining OrbStack's native kernel capabilities with Tailscale's encrypted networking, the approach eliminates the need for manual port forwarding and SSH key management, while keeping sensitive credentials isolated in Apple Keychain—a model that improves security posture and reduces operational friction for teams managing hybrid development environments.

Timeline & Sources

May 28, 2026

Wire

Developer published demonstration project on Hacker News showing Tailscale integration with OrbStack VMs

Entities

Sources

Show HN: Using Tailscale with an OrbStack VM on macOShacker_newsMediaMay 28, 2026