Networking with Tailscale
All machines must be on the same Tailscale tailnet. This gives every machine a stable 100.x IP address that works across NATs, firewalls, and different networks.
Why Tailscale?
- No port forwarding — machines find each other regardless of NAT
- Stable IPs — each machine gets a persistent
100.x.y.zaddress - Encrypted — WireGuard-based, traffic is encrypted end-to-end
- Simple — one command to join the network
Install + connect
On every machine (server + all workers):
Ubuntu/Debian:
curl -fsSL https://tailscale.com/install.sh | sh
sudo tailscale upmacOS:
Install Tailscale from the Mac App Store or via Homebrew:
brew install tailscale
sudo tailscale upGet your Tailscale IP
tailscale ip -4This prints your machine’s 100.x.y.z address. The server’s IP is what workers and the CLI client will use.
Verify connectivity
From a worker machine, ping the server:
ping <server-tailscale-ip>Or test the FastAPI endpoint directly:
curl http://<server-tailscale-ip>:8000/docsThis should return the FastAPI auto-generated docs page.
Configuration for the PoC
Server
Start the coordinator bound to all interfaces so Tailscale traffic is accepted:
python -m server.main --host 0.0.0.0 --port 8000Workers
Point each worker at the server’s Tailscale IP:
python -m worker.main --server http://<server-tailscale-ip>:8000CLI client
Same pattern for the CLI:
python -m client.submit_job --server http://<server-tailscale-ip>:8000 statusTroubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
Connection refused on port 8000 | Server not running or bound to 127.0.0.1 | Start server with --host 0.0.0.0 |
No route to host | Machine not on tailnet | Run sudo tailscale up and verify with tailscale status |
| Intermittent timeouts | Tailscale relay (DERP) instead of direct | Check tailscale status — direct connections are faster |