Ollama runs on your home server — but by default it only listens on localhost, which means you can only use it from that machine. Tailscale solves this cleanly: it creates a private encrypted mesh network between your devices, so your laptop, phone, or work computer can reach your home server’s Ollama instance as if they were on the same local network. No port forwarding, no exposed public IP, no VPN subscription. This guide walks through the complete setup.
What Is Tailscale?
Tailscale is a mesh VPN built on WireGuard. You install it on each device you want to connect, sign in with a Google or GitHub account, and those devices can communicate directly over an encrypted tunnel — regardless of where they are. A laptop at a coffee shop can reach a home server as easily as if it were on the same WiFi.
For Ollama, this means you can run large models on a home server with a proper GPU and use them from any of your devices without the model being on that device. Your phone’s AI app talks to your home server’s Ollama. Your work laptop’s scripts hit your home GPU. All encrypted, all private.
What You Need
- Ollama installed on a server or desktop you want to use as the host
- A Tailscale account (free for personal use — up to 100 devices)
- Tailscale installed on both the host machine and the client devices
Step 1 — Install Tailscale on Your Server
On Linux:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upFollow the link it gives you to authenticate. Your server now appears in your Tailscale admin panel with a Tailscale IP in the 100.x.x.x range.
On Windows or Mac, download the Tailscale desktop app from tailscale.com, install it, and sign in with the same account.
Step 2 — Configure Ollama to Accept Remote Connections
By default, Ollama binds only to 127.0.0.1 (localhost). To make it accessible over the Tailscale network, you need to tell it to listen on all interfaces.
On Linux (systemd service):
sudo systemctl edit ollamaAdd this content:
[Service]
Environment="OLLAMA_HOST=0.0.0.0"Save, then restart Ollama:
sudo systemctl daemon-reload
sudo systemctl restart ollamaOn Mac:
launchctl setenv OLLAMA_HOST "0.0.0.0"Then restart Ollama from the menu bar.
On Windows: Set the environment variable OLLAMA_HOST=0.0.0.0 in System Properties → Environment Variables, then restart Ollama.
Step 3 — Install Tailscale on Your Client Devices
Install Tailscale on every device you want to use Ollama from — laptops, phones, other servers. Sign in with the same account on each. They all appear in your Tailscale network automatically.
Find your server’s Tailscale IP from the admin panel at login.tailscale.com or by running:
tailscale ip -4It looks like 100.64.0.x or similar.
Step 4 — Test the Connection
From a client device connected to Tailscale, test that Ollama is reachable:
curl http://100.x.x.x:11434/api/tagsReplace 100.x.x.x with your server’s Tailscale IP. You should see a JSON list of your installed models. If that works, Ollama is accessible over your Tailscale network.
Step 5 — Use Ollama From a Remote Device
Any tool that accepts an Ollama base URL can now point at your server’s Tailscale IP instead of localhost.
Ollama CLI on a client machine:
OLLAMA_HOST=http://100.x.x.x:11434 ollama run qwen3:14bPython applications:
import ollama
client = ollama.Client(host='http://100.x.x.x:11434')
response = client.chat(model='qwen3:14b', messages=[
{'role': 'user', 'content': 'Explain quantum entanglement simply.'}
])
print(response['message']['content'])Open WebUI or LibreChat on a client machine: Set the Ollama base URL to http://100.x.x.x:11434 in the configuration instead of http://localhost:11434.
Option: Use MagicDNS Instead of IPs
Tailscale’s MagicDNS feature gives each device a stable hostname so you do not have to remember IP addresses. Enable it in the Tailscale admin panel under DNS. Your server becomes accessible as http://your-server-name:11434 from any device in the network — even if the IP changes.
Security Considerations
Setting OLLAMA_HOST=0.0.0.0 means Ollama listens on all network interfaces — including your local LAN, not just Tailscale. If your home network is trusted, this is fine. If you want to restrict Ollama to Tailscale traffic only, bind it to the Tailscale interface IP instead:
Environment="OLLAMA_HOST=100.x.x.x"Use your server’s Tailscale IP here. This means Ollama only responds to requests arriving over the Tailscale tunnel — your local LAN cannot reach it unless those devices are also in the Tailscale network.
Tailscale itself is end-to-end encrypted using WireGuard. Traffic between devices in your Tailscale network is not accessible to anyone outside it, and Tailscale’s servers relay only metadata — not your model traffic.
Using Tailscale Serve for HTTPS
If you want HTTPS access with a proper certificate (useful for browser-based tools that require it), Tailscale Serve can proxy your Ollama endpoint:
tailscale serve --bg http://localhost:11434This exposes Ollama at https://your-server-name.tailnet-name.ts.net with an automatic TLS certificate. The URL is only accessible from within your Tailscale network.
What This Unlocks
Once Ollama is accessible over Tailscale, you can:
- Use large models on your home GPU from a lightweight laptop when travelling
- Run Open WebUI or LibreChat on the server and access them from any device via browser
- Point AnythingLLM on your work machine at a home Ollama instance
- Use Ollama from mobile apps that support custom base URLs
- Build scripts and automations on remote machines that call your home server’s models
The combination of a capable home server and Tailscale effectively gives you a private AI API endpoint available everywhere — without the ongoing cost or privacy implications of cloud APIs.
Related Guides
- What Is Ollama? A Beginner’s Guide to Local AI
- How to Run Qwen3 on Ollama: All Sizes and Thinking Mode
- How to Set Up Open WebUI with Ollama
- LibreChat + Ollama: Setup Guide
- How to Build a Home Server
