What is Tailscale Mcp Echo

tailscale-mcp-echo is an identity-aware MCP server example that operates within a private Tailscale network (Tailnet). It utilizes identity headers to provide applications with access to user-specific information, enabling secure interactions with internal APIs or services.

Use cases

Use cases for tailscale-mcp-echo include secure application development, user-specific service interactions, and scenarios where applications need to authenticate users and access internal resources on their behalf.

How to use

To use tailscale-mcp-echo, first set up a Tailnet and create an API auth key. Save the key in a ‘.env’ file. Then, with Docker installed, run ‘docker compose up’ to start the server. Connect to the server using an MCP Client that supports Streaming HTTP MCP servers by pointing it to the appropriate URL.

Key features

Key features of tailscale-mcp-echo include identity awareness, access to user email, secure internal API interactions, and the ability to run within a private Tailscale network.

Where to use

tailscale-mcp-echo can be used in environments that require secure access to internal services, such as enterprise applications, development environments, and any scenario where user identity needs to be considered for API access.

Identity Aware MCP Server for Tailscale

Create an identiy aware MCP server that runs inside your private Tailscale network (Tailnet). This example leverages identity headers that are passed through to applications running behind tailscale serve.

Using this as starting point you can create MCP servers that are identity aware (with access to the logged in user’s email) and can access internal APIs or services on thier behalf.

Instructions

Starting the Server

1. If you don’t already have a Tailnet setup you’ll need to signup for one.
2. Create an API auth key and save it into a .env file in the root of this project with the following format: TS_AUTHKEY=tskey-auth-...
3. With Docker already installed, run docker compose up to start the server.

This will spin up two containers. The MCP server and a Tailscale container running tailscale serve as a proxy to your tailnet.

Using the Server

If you have an MCP Client that supports direct access to Streaming HTTP MCP servers, then you should be able to connect to the server by pointing it to https://ts-mcp-echo.yourtailnetname.ts.net/mcp.

Claude Desktop

Claude desktop does not currently support remote MCP servers (only stdio), but you can use the mcp-remote tool (or any other proxy) to connect to it.

1. Install mcp-remote with npm install -g mcp-remote

2. Add the following configuration to your claude_desktop_config.json file:

   {
     "mcpServers": {
       "tailscale-remote-echo-example": {
         "command": "npx",
         "args": [
           "mcp-remote",
           "https://ts-mcp-echo.yourtailnetname.ts.net/mcp"
         ]
       }
     }
   }
   

   You can find your tailnet name by visiting the Tailscale admin console DNS page.

3. Restart Claude Desktop.

4. You should now see a new MCP server called tailscale-remote-echo-example with a greet tool.

5. Ask Claude Who am I logged into my tailnet as? allow the tool, and wait for the response!