Ollama runs on your home server — but by default it only listens on localhost, which means you can only use it from that machine. Tailscale solves this cleanly: it creates a private encrypted mesh network between your devices, so your laptop, phone, or work computer can reach your home server’s Ollama instance as if they were on the same local network. No port forwarding, no exposed public IP, no VPN subscription. This guide walks through the complete setup — and how to do it securely.
A joint analysis by SentinelOne and Censys scanned the internet for 293 days in early 2026 and found 175,000 unique Ollama hosts exposed across 130 countries with no authentication and no firewall. Nearly half had tool-calling enabled, meaning an attacker could execute code on the server, not just steal compute. The setup below avoids that outcome entirely by keeping Ollama off the public internet.
What Is Tailscale?
Tailscale is a mesh VPN built on WireGuard. You install it on each device you want to connect, sign in with a Google or GitHub account, and those devices can communicate directly over an encrypted tunnel — regardless of where they are. A laptop at a coffee shop can reach a home server as easily as if it were on the same WiFi.
For Ollama, this means you can run large models on a home server with a proper GPU and use them from any of your devices without the model being on that device. Your phone’s AI app talks to your home server’s Ollama. Your work laptop’s scripts hit your home GPU. All encrypted, all private.
What You Need
- Ollama installed on a server or desktop you want to use as the host
- A Tailscale account (free for personal use — up to 100 devices)
- Tailscale installed on both the host machine and the client devices
Step 1 — Install Tailscale on Your Server
On Linux:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale up
Follow the link it gives you to authenticate. Your server now appears in your Tailscale admin panel with a Tailscale IP in the 100.x.x.x range.
On Windows or Mac, download the Tailscale desktop app from tailscale.com, install it, and sign in with the same account.
Step 2 — Configure Ollama to Accept Remote Connections
By default, Ollama binds only to 127.0.0.1 (localhost). To make it accessible over the Tailscale network, you need to tell it to listen on a wider interface. There are two ways to do this, and which one you should use depends on how much you trust your local network.
Recommended: bind directly to your Tailscale IP. Get your server’s Tailscale address first:
tailscale ip -4
This returns a stable 100.x.x.x address. On Linux (systemd service):
sudo systemctl edit ollama
Add this content:
[Service]
Environment="OLLAMA_HOST=100.x.x.x:11434"
Replace 100.x.x.x with your actual Tailscale IP, save, then restart:
sudo systemctl daemon-reload
sudo systemctl restart ollama
Verify with ss -tlnp | grep 11434 — you should see 100.x.x.x:11434, not 0.0.0.0:11434. Binding directly to the Tailscale IP means Ollama only responds to requests arriving over the tailnet — your local LAN cannot reach it even if those devices aren’t in your Tailscale network.
Simpler but less secure: bind to all interfaces. If your home network is fully trusted (no untrusted devices on the LAN), you can instead set:
Environment="OLLAMA_HOST=0.0.0.0"
This is less work but means Ollama listens on your LAN too, not just Tailscale. Only use this if you trust every device on your local network.
On Mac:
launchctl setenv OLLAMA_HOST "100.x.x.x"
Then restart Ollama from the menu bar.
On Windows: Set the environment variable OLLAMA_HOST=100.x.x.x in System Properties → Environment Variables (using your Tailscale IP), then restart Ollama.
Step 3 — Install Tailscale on Your Client Devices
Install Tailscale on every device you want to use Ollama from — laptops, phones, other servers. Sign in with the same account on each. They all appear in your Tailscale network automatically.
Find your server’s Tailscale IP from the admin panel at login.tailscale.com or by running tailscale ip -4 on the server. It looks like 100.64.0.x or similar.
Step 4 — Test the Connection
From a client device connected to Tailscale, test that Ollama is reachable:
curl http://100.x.x.x:11434/api/tags
Replace 100.x.x.x with your server’s Tailscale IP. You should see a JSON list of your installed models. If that works, Ollama is accessible over your Tailscale network.
Step 5 — Use Ollama From a Remote Device
Any tool that accepts an Ollama base URL can now point at your server’s Tailscale IP instead of localhost.
Ollama CLI on a client machine:
OLLAMA_HOST=http://100.x.x.x:11434 ollama run qwen3:14b
Python applications:
import ollama
client = ollama.Client(host='http://100.x.x.x:11434')
response = client.chat(model='qwen3:14b', messages=[
{'role': 'user', 'content': 'Explain quantum entanglement simply.'}
])
print(response['message']['content'])
Open WebUI or LibreChat on a client machine: Set the Ollama base URL to http://100.x.x.x:11434 in the configuration instead of http://localhost:11434.
Option: Use MagicDNS Instead of IPs
Tailscale’s MagicDNS feature gives each device a stable hostname so you do not have to remember IP addresses. Enable it in the Tailscale admin panel under DNS. Your server becomes accessible as http://your-server-name:11434 from any device in the network — even if the IP changes.
Are You Already Exposed? How to Check
If you followed an older guide that told you to set OLLAMA_HOST=0.0.0.0 on a public VPS (rather than a home server behind a router), check now whether that exposed you. Run this from the server:
ss -tlnp | grep 11434
If the output shows 0.0.0.0:11434 or *:11434 and your server has a public IP with no firewall blocking port 11434, you are exposed right now. Test from a separate machine:
curl -s http://YOUR_SERVER_PUBLIC_IP:11434/api/tags
If this returns a JSON list of your installed models, the API is publicly accessible with no authentication. Treat this as an active security incident and switch to the Tailscale-bound setup above immediately.
What an Attacker Can Do with an Exposed Ollama API
This is not theoretical. Censys/SentinelOne documented an active criminal marketplace reselling hijacked AI compute — a practice called LLMjacking. Ollama has no authentication layer at all, so an exposed instance allows:
- Free inference (LLMjacking) — attackers spam
/api/generateand consume your GPU. One analysis estimated $46,000/day in compute abuse from a single high-spec exposed server. - Model exfiltration — pulling any fine-tuned models via the copy endpoints, exposing proprietary training data.
- Model poisoning — replacing a legitimate model with a backdoored variant via
/api/push. - Denial of service — maximum-length inference requests to exhaust GPU memory, or repeated large pulls to fill disk.
- Lateral movement — if tool-calling is enabled, crafted prompts can trigger outbound HTTP calls or shell commands, pivoting from Ollama into the wider network.
UpGuard identified six critical Ollama vulnerabilities, including CVE-2024-28224, which allowed unauthenticated callers to read files from the host filesystem on unpatched versions. Keeping Ollama updated and off the public internet (via Tailscale, as above) closes off all of this.
Using Tailscale Serve for HTTPS
If you want HTTPS access with a proper certificate (useful for browser-based tools that require it), Tailscale Serve can proxy your Ollama endpoint without changing Ollama’s bind address at all:
tailscale serve --bg http://localhost:11434
This exposes Ollama at https://your-server-name.tailnet-name.ts.net with an automatic TLS certificate. The URL is only accessible from within your Tailscale network.
Alternatives If Tailscale Isn’t an Option
Tailscale is the cleanest solution, but two alternatives exist if a mesh VPN doesn’t fit your setup:
Nginx reverse proxy with basic auth
For a shared endpoint that needs to be internet-facing (e.g. a small team without Tailscale), keep Ollama bound to 127.0.0.1 and put an authenticated nginx proxy in front:
server {
listen 443 ssl;
server_name ollama.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/ollama.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ollama.yourdomain.com/privkey.pem;
location / {
auth_basic "Ollama";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_pass http://127.0.0.1:11434;
proxy_set_header Host $host;
proxy_buffering off;
proxy_read_timeout 300s;
chunked_transfer_encoding on;
}
}
proxy_buffering off is required for Ollama’s streaming token output — with it on, responses hang or arrive all at once. Create the password file with sudo htpasswd -c /etc/nginx/.htpasswd your_username. Add rate limiting (limit_req_zone) on top of this if the endpoint is public, so a compromised credential can’t drain your GPU.
Cloudflare Tunnel
If you don’t want to run Tailscale and don’t have a domain for nginx TLS, Cloudflare Tunnel creates an outbound-only tunnel from your server to Cloudflare’s edge, with an optional Access policy requiring authentication. The trade-off versus Tailscale: traffic routes through Cloudflare’s infrastructure rather than peer-to-peer, so it’s fine for home-lab use but Tailscale is preferable for proprietary models or production use.
What This Unlocks
Once Ollama is accessible over Tailscale, you can:
- Use large models on your home GPU from a lightweight laptop when travelling
- Run Open WebUI or LibreChat on the server and access them from any device via browser
- Point AnythingLLM on your work machine at a home Ollama instance
- Use Ollama from mobile apps that support custom base URLs
- Build scripts and automations on remote machines that call your home server’s models
The combination of a capable home server and Tailscale effectively gives you a private AI API endpoint available everywhere — without the ongoing cost, privacy implications, or exposure risk of leaving Ollama open to the internet.
Related Guides
- What Is Ollama? A Beginner’s Guide to Local AI
- How to Run Qwen3 on Ollama: All Sizes and Thinking Mode
- How to Set Up Open WebUI with Ollama
- LibreChat + Ollama: Setup Guide
- How to Update Ollama and Its Models
- How to Build a Home Server






