[[Support] Tailscale Support Thread]

On 5/23/2020 at 5:41 AM, dsmith44 said:

Re: host vs bridge mode

 

Having thought this through I feel host is the correct mode for this to operate in.

 

Host means the networking is part of the base host networking so if the host can see the port tailscale will be able to as well.

However that relies on the mapped ports listening on all addresses, which if I check my unraid server they do. 

root@unraid:~# ss -ltu
Netid              State               Recv-Q              Send-Q                                                   Local Address:Port                                     Peer Address:Port              Process
..
tcp                LISTEN              0                   128                                                                  *:8200                                                *:*
..

 

 

However the only IP address that you'll be able to access through tailscale will be the tailscale ip address itself, trying to use a LAN address, a docker bridge network address or any other address is going to fail as we aren't doing subnet forwarding.

 

I am not currently keen on even trying to add subnet forwarding to this container as it was never my intention to create a VPN gateway, just to allow access to Unraid services from tailscale.

 

I am also not sure if this is even necessarily possible without additional steps outside of the container itself; if I look in the Apps list OpenVPN server is available as a plugin but not as a container. So building a plugin is likely a better route for someone to look at, but not something I'm going to get into.

 

I would suggest using the built in wireshark support if you want to get a VPN connection to the whole network.

 

Latest version appears to be working as expected now. I appreciate the work this. Thank you!

[[Support] Tailscale Support Thread]

23 hours ago, dsmith44 said:

Version 1.10.1 has been released and container updated.

  

23 hours ago, dsmith44 said:

Version 1.10.1 has been released and container updated.

Does anyone have issues with this release (1.10.1) stopping 5-10 seconds after starting? I tried removing everything and starting fresh with the same result.

 

Log shows a couple of errors:

health("dns"): error: rename /etc/resolv.conf /etc/resolv.pre-tailscale-backup.conf: device or resource busy

 

Received error: PollNetMap: EOF

 

peerapi listen("fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b") error: listen tcp6 [fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b]:0: bind: cannot assign requested address

[[Support] Tailscale Support Thread]

6 hours ago, fserb said:

Hey. I can also confirm that 0.98.1 works. (as in, it connects and is part of the mesh, etc). But I'm still having some unraid specific issues...

 

Right now, with this docker running, I'm able to, for example, ssh to unraid using the Tailscale IP.

I'm also able to access ports that are being served from other docker containers that have network set to "host".

 

My problem right now is: all the other dockers that I have that are using "bridge" network, those ports are not currently available over the tailscale IP.

I'm not sure if this is Working As Intended (i.e., I need to move all my containers out of "bridge" and into "host"), if I messed up some "docker bridge" configuration (to not bind to a particular IP?), or if I need to do anything extra on the Tailscale docker.

 

Help?

 

I was running in to this issue last night and just as a test I decided to switch the Tailscale docker to "bridge" and that solved my connectivity issues. So far I can access both bridge, host, and because I'm forwarding, all of my internal IPs as well.

[[Support] Tailscale Support Thread]

On 5/12/2020 at 12:37 PM, dsmith44 said:

Version 0.98.1 is now available which contains the upstream fix for the issues in 0.98

 

:latest will contain this fix, 0.98.1 will contain this fix.

 

Can confirm that works for me now. Thanks!

[[Support] Tailscale Support Thread]

19 hours ago, dsmith44 said:

My apologies, I shouldn't have pushed this as hadn't tested myself, thinking just a simple point update.

This is broken currently and I don't know why.

 

The STUN process isn't working in 0.98 in this docker container, I am going to build using their official Dockerfile and test outside of Unraid.

 

If it doesn't work there either will submit a bug report, if it does then at least I can start narrowing down the cause.

 

For now please use deasmi/unraid-tailscale:0.97

 

Update: I have recreated the issue on stand alone Ubuntu server and submitted issue to tailscale

https://github.com/tailscale/tailscale/issues/368

Awesome! Thank you for the response and update!

[[Support] Tailscale Support Thread]

I just updated to 0.98 and it won't start up. I tried deleting everything and starting fresh and still can't get it to start. The error in the log I see is:

"Failed to connect to connect to tailscaled. (safesocket.Connect: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory)"

 

Is anyone else getting this?

[[Support] Tailscale Support Thread]

7 hours ago, dubbly said:

I am curious. What causes a double NAT in your situation?

My ISP, which is a local WISP, has a single public IP for the whole service. The IP coming in to my network from the ISP is an assigned private/internal IP address. Because of that, I cannot get an inbound connection to my network because it's blocked by the ISP; I have no control over ports.

[[Support] Tailscale Support Thread]

6 hours ago, dubbly said:

Why use this as opposed to just the basic wireguard install?

For my use case, it was ease of which I could get through a double NAT to access my home network. After I worked out the harder part of this docker image in my posts above, it was basically installing the client, clicking a link, authenticating, then doing the same on my other devices.

[[Support] Tailscale Support Thread]

Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set to "bridge". I went in to the console for the Tailscale docker container and ran the following (my home network is 192.168.1.0/24 - change this to match your network):

tailscale up --advertise-routes=192.168.1.0/24

 

After running this, I logged in to the Tailscale admin portal at https://login.tailscale.com/admin/machines and for my unraid box clicked the ... on the menu on the far right and click "Enable subnet routes"

 

Back in the docker console I ran: vi /etc/sysctl.d/00-alpine.conf

I added a line: net.ipv4.ip_forward=1 then saved the file.

 

I ran the command: echo 0 | tee /proc/sys/net/ipv4/conf/tailscale0/rp_filter

 

I ran the command: iptables -t nat -A POSTROUTING -j MASQUERADE

 

I could then hit my internal IPs from an iPhone on LTE e.g. http://192.168.1.145 let me hit my IP cams web interface

 

I rebooted and the settings persisted, so it seems to be a permanent setup now.

 

[[Support] Tailscale Support Thread]

Man I feel like an idiot, but which log am I supposed to be checking? I didn't see any URL in the syslog. I didn't see any log in the appdata folder either. Any direction you can provide to help me find it would be helpful!

 

 

Update:

I figured it out.  I never did find anything in the logs. What I had to do was to go in to Docker > click on the TailScale icon > go to Console > When the console opens type "tailscale up". This will print out the URL you are supposed to use to register unraid. > Go to the URL, create an account or login and you should be set. Mine now shows up in my console under Machines as "unraid".