Enabling SOCKS5 Proxy on Windows Tailscale

Introduction

Tailscale can connect multiple devices into a private network with little setup. By default, it may take over some or all system traffic, for example when using Exit Nodes. Sometimes you only want specific apps, such as browsers or command-line tools, to use the Tailscale network without affecting the whole system.

Tailscale provides Userspace Networking mode with a built-in SOCKS5 proxy server. After enabling it, you can use Tailscale as a local proxy service and let apps connect only when needed.

Core Principles

To enable SOCKS5 proxy, we need to modify the startup parameters of the Tailscale Windows service by adding the following two key parameters:

1. -tun=userspace-networking: This parameter transfers Tailscale’s network processing from kernel space (TUN driver) to user space. This is a prerequisite for enabling the built-in proxy functionality.
2. -socks5-server="127.0.0.1:<port>": This parameter starts a SOCKS5 proxy server listening on the specified local port. Common ports include 1080, 10800, etc. You can choose according to your needs, just ensure the port is not occupied.

Operation Steps

There are several methods to modify Windows service startup parameters. Here we introduce several commonly used approaches.

Method 1: Using Registry Editor (Recommended)

This is the most direct method that doesn’t require additional tools.

1. Open Registry Editor: Press Win + R, type regedit and press Enter.

2. Navigate to Tailscale service entry: Paste and navigate to the following path in the address bar:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tailscale

3. Modify ImagePath value: In the right panel, find the string value named ImagePath and double-click to open it. Its default value is usually:

   "C:\Program Files\Tailscale\tailscaled.exe"

4. Add startup parameters: At the end of the original value, outside the quotes, add the parameters we need. For example, using port 1080:

   "C:\Program Files\Tailscale\tailscaled.exe" -tun=userspace-networking -socks5-server=127.0.0.1:1080

   Note: Please ensure your Tailscale installation path matches the path in ImagePath.

5. Save and close: Click “OK” to save the changes, then close Registry Editor.

Method 2: Using Command Line (Advanced)

For users familiar with command line, you can use the sc (Service Control) command to quickly complete the configuration.

1. Open Command Prompt or PowerShell as administrator.

2. Execute the following command:

   sc.exe config Tailscale binPath= "\"C:\Program Files\Tailscale\tailscaled.exe\" -tun=userspace-networking -socks5-server=127.0.0.1:1080"

   Important Note: There must be a space after binPath=. The entire path and parameters need to be wrapped in double quotes, and the executable file path itself also needs to be wrapped in escaped double quotes \" to handle spaces in the path.

Method 3: Using Third-party Service Management Tools

If you’re accustomed to using graphical tools to manage services, you can use third-party tools like srvman. The operation logic is consistent with the previous two methods: find the Tailscale service and edit its “executable file path” or “startup parameters” field.

Restart Service and Verify

After completing the configuration modification, you must restart the Tailscale service for the new parameters to take effect.

1. Press Win + R, type services.msc and press Enter to open Service Manager.
2. Find Tailscale in the service list.
3. Right-click on it and select “Restart”.

Notes and Advanced Tips

The performance of userspace networking is usually slightly lower than kernel mode because network packets need to be copied between kernel and user space. For most daily applications (web browsing, code synchronization), this difference is almost imperceptible, but it may have an impact in high-throughput scenarios.

References

• Tailscale KB: Userspace networking