This guide explains how to spawn multiple instances of tailscaled on a single system using a systemd.service(5) template and, optionally, customized configurations.
By setting "netfilterMode": "off" in all configurations (or by manually configuring them using tailscale up --netfilter-mode off), you can connect to multiple Tailnets simultaneously without resorting to SOCKS proxy–based userspace networking, while preserving functionalities like Magic DNS integration with systemd-resolved (i.e. you can simutaneously have direct access to other machines in BOTH tailnets via their hostnames).
DISCLAIMER: This method completely disables Tailscale’s automatic (
iptables/nftables)netfilterfirewall rule creation and management. As firewall rules from an earlier tailscaled instance would be wiped out by a new one, potentially locking you out.