Instructions source is https://nihalatwal.com/projects/tailscale-subnet-router-proxmox/ and updated for use with Debian 12 (Bookworm) and somewhat completed.

For personal reference and in case original source dies

Create a CT in Proxmox

Download the “debian-12-standard_amd64” container template
Deploy the above container template by clicking on “Create CT” on the top right of the Proxmox Web GUI (Keep the resources minmal)

Install dependencies

Once the container is created, update the container:

apt update -y && apt upgrade -y

Install packages

apt install curl vim htop

Append following lines to lxc config file in proxmox host

For example, if container ID is 101, then append the following lines to /etc/pve/lxc/101.conf:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

Install & Setup Tailscale

Add Tailscale’s package signing key and repository:

curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null

curl -fsSL https://pkgs.tailscale.com/stable/debian/bookworm.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list

Install Tailscale:

apt update
apt install tailscale

Connect your machine to your Tailscale network and authenticate in your browser:

tailscale up --advertise-routes=10.0.1.0/24

Enable IP forwarding on container

nano /etc/sysctl.conf

uncomment

net.ipv4.ip_forward = 1 and net.ipv6.conf.all.forwarding=1

restart sysctl

with sysctl -p

Tailscale Webinterface

Enable the Subnet Route in Tailscale interface
Go to the 3 dots on the right of the new machine
Click on “Edit route settings”
Toggle the subnet route for the new IP range that you introduced
Optionally, also disable key expiry