[Plugin] Tailscale

[hovee]

On 2/4/2024 at 9:50 AM, EDACerton said:

 

Have either of you tried restarting your server? I think this is related to a problem I've been chasing related to when Tailscale is initially logged in, but if that's the case a reboot should fix it.

I had not rebooted. I just rebooted and everything now works perfectly. I am able to access the Unraid UI from the Tailscale IP while connected from my phone on cellular. Thank you again!

[zAch523]

I don’t have a lot of great insight on this one… there’s a lot going on there. 
 
Tailscale does watch for changes to network adapters, so it’s possible that something weird is happening if you have one that resets every night. If that’s the case, the simplest fix might be to use user scripts to restart Tailscale after the nightly reconnect:
 
/usr/local/emhttp/plugins/tailscale/restart.sh

Thanks, this seemed to have fixed my issues!

[bendeguzbagi]

Hello everyone! I just started using unraid with tailscale. Just installed the plugin and it works perfectly, but i want to access my whole network with tailscale. Can anyone help me with it? I tried back ago with the docker container, i need to do something with subnets? Can anyone explain me where/what exactly i need to do? Sorry im a bit new with this.

[concerned-contour2481]

Hey there, just installed this plugin but I'm having difficulty in my somewhat complex setup. 

 

I have a unifi setup with VLANS for my devices and docker containers. Unraid is on the 192.168.0.0 VLAN and I have my containers in separate VLANs (10.10.0.0/24 is one of that I use for docker containers)

 

I have configured VLANs within unraid and within the docker settings and all works fine locally. However, using tailscale on unraid and setting it up as an exit node with the subnet routes 10.10.0.0/24 (and others) doesn't work as expected. I can access unraid via its tailscale IP, but I can't access the containers using their 10.10.0.0/24 IP. I can however access 10.10.0.1 (which is the gateway ip) - this takes me to the unifi udm login page for my router. 

 

I wonder if this is a docker configuration step that I'm missing? My understanding is that since the unraid server has access to these VLANs, as long as I expose them as a subnet route they should work, but that hasn't been my experience.

 

Any ideas appreciated!

 

P.S - I wonder if installing tailscale on my UDM Pro is maybe the better thing to do, but that's a separate issue altogether!

[EDACerton]

6 hours ago, concerned-contour2481 said:

Hey there, just installed this plugin but I'm having difficulty in my somewhat complex setup. 

 

I have a unifi setup with VLANS for my devices and docker containers. Unraid is on the 192.168.0.0 VLAN and I have my containers in separate VLANs (10.10.0.0/24 is one of that I use for docker containers)

 

I have configured VLANs within unraid and within the docker settings and all works fine locally. However, using tailscale on unraid and setting it up as an exit node with the subnet routes 10.10.0.0/24 (and others) doesn't work as expected. I can access unraid via its tailscale IP, but I can't access the containers using their 10.10.0.0/24 IP. I can however access 10.10.0.1 (which is the gateway ip) - this takes me to the unifi udm login page for my router. 

 

I wonder if this is a docker configuration step that I'm missing? My understanding is that since the unraid server has access to these VLANs, as long as I expose them as a subnet route they should work, but that hasn't been my experience.

 

Any ideas appreciated!

 

P.S - I wonder if installing tailscale on my UDM Pro is maybe the better thing to do, but that's a separate issue altogether!

Have you turned on "Host access to custom networks" in Docker settings?

[concerned-contour2481]

35 minutes ago, EDACerton said:

Have you turned on "Host access to custom networks" in Docker settings?

I tried this, didn't work - I think it's because I'm using an IPVLAN docker driver. I think I've exhausted things to consider...

[TBT]

On 2/7/2024 at 9:46 AM, bendeguzbagi said:

Hello everyone! I just started using unraid with tailscale. Just installed the plugin and it works perfectly, but i want to access my whole network with tailscale. Can anyone help me with it? I tried back ago with the docker container, i need to do something with subnets? Can anyone explain me where/what exactly i need to do? Sorry im a bit new with this.

This is the support thread for the Tailscale Unraid Plugin, not some general thread. Read the excellent Tailscale documentation https://tailscale.com/kb/1019/subnets and/or go to the Tailscale Subreddit for this. 

[christophesimon]

I set everything up. Restarted the whole array and... same s...t ! Unable to ping or connect by any means. Got the green dot though....

[BORG]

Hi, I was able to get the plugin installed and everything is showing up in tailscale. I can connect via my mac and use unraid as an exit point with no problems, however I cannot access the unraid gui utilizing the ip address assinged by tailscale.  Any thoughts on what is going on?  Attached my log for reference.  Thanks!

Montu-tailscale-diag-20240209-131217.zip

[EDACerton]

Everything on the Unraid side seems fine. The version of the plugin that you have checks to see if the WebGUI has applied the configuration correctly, and it has:

 

2024/02/09 12:23:45 tailscale-watcher.php: WebGUI listening on 100.x.y.121:5000

 

I do see a bunch of messages in your Tailscale log that make me think there's something going on with your Mac, possibly that it can't connect to the Tailscale relay servers (this is just a sample, there's a *lot* of these):

 

2024/02/09 12:26:52 [unexpected] magicsock: derp-2 does not know about peer [P7Vj3], removing route
2024/02/09 12:26:57 [unexpected] magicsock: derp-2 does not know about peer [P7Vj3], removing route
2024/02/09 12:27:02 [unexpected] magicsock: derp-2 does not know about peer [P7Vj3], removing route
2024/02/09 12:27:08 [unexpected] magicsock: derp-2 does not know about peer [P7Vj3], removing route
2024/02/09 12:27:14 [unexpected] magicsock: derp-2 does not know about peer [P7Vj3], removing route

 

I would recommend checking the logs on your Mac to see if that gives any hints. You could also try posting in r/Tailscale over on Reddit if you can't figure anything out there.

[Ilias]

On 1/29/2024 at 3:19 PM, Ilias said:

At least yours works.
I can't get samba shares to work for the life of me.
I tried putting unraid in exit node mode, of course turning off netbios, various combinations of settings, but it simply does not work.

What am I doing wrong?

PatisoNAS-tailscale-diag-20240129-151621.zip 134.24 kB · 0 downloads

Solved it, Ι had to go in unraid to:

Settings/SMB/SMB Extras/Samba extra configuration

and change it to yes:

ntlm auth = Yes

[msalad]

Hey, I just installed the plugin - I was able to access the webgui of my dockers via tailscale on my phone no problem but I couldn't access Unraid's webgui at all. I restarted my server and that fixed it.

 

I read a page or two earlier that you were trying to chase down a bug related to not being able to access the Unraid webgui after first installing the tailscale plugin. I wonder if i just experienced that bug?

[EDACerton]

19 hours ago, msalad said:

Hey, I just installed the plugin - I was able to access the webgui of my dockers via tailscale on my phone no problem but I couldn't access Unraid's webgui at all. I restarted my server and that fixed it.

 

I read a page or two earlier that you were trying to chase down a bug related to not being able to access the Unraid webgui after first installing the tailscale plugin. I wonder if i just experienced that bug?

It sounds like you did encounter that, now that you're logged in you shouldn't see that again.

[EDACerton]

2024.02.15 (Preview)

• Update Tailscale to 1.60.0

[elijahbegood]

Just updated a few applications and plugins, but now seeing this plugin marked with "this plugin template has been blacklisted". See attached screenshot. What does this mean?

[EDACerton]

16 minutes ago, elijahbegood said:

Just updated a few applications and plugins, but now seeing this plugin marked with "this plugin template has been blacklisted". See attached screenshot. What does this mean?

@Squid  ??

 

Edit: it looks like Squid is working on something weird with Community Applications, I'd assume that this is related to that, it will hopefully be fixed soon.

Edited February 18 by EDACerton

[andrew444]

If I'm only interested in using tailscale to access my unraid server from outside my lan, should I be entering:

tailscale up --advertise-exit-node --reset

in the cli of my server then add my server and other devices to my tailscale account? (Trying to read up on this thread and other sources but I keep finding info on the docker image which isn't valid for the plugin most of the time.)

[EDACerton]

5 minutes ago, andrew444 said:

If I'm only interested in using tailscale to access my unraid server from outside my lan, should I be entering:

tailscale up --advertise-exit-node --reset

in the cli of my server then add my server and other devices to my tailscale account? (Trying to read up on this thread and other sources but I keep finding info on the docker image which isn't valid for the plugin most of the time.)

You don’t need to do anything except log in on the settings page. After you log in, use the Tailscale IP for the server to access it. 

[lgr]

I just got the plugin installed and while running exit node I've been banging my head against the wall trying to get it to work - I'm not able to access the webGUI or anything else using the tailscale IP's. Any idea what could be wrong here?

Tower-tailscale-diag-20240219-134806.zip

[EDACerton]

35 minutes ago, lgr said:

I just got the plugin installed and while running exit node I've been banging my head against the wall trying to get it to work - I'm not able to access the webGUI or anything else using the tailscale IP's. Any idea what could be wrong here?

Tower-tailscale-diag-20240219-134806.zip 148.11 kB · 1 download

This seems like you're running into the same bug that others have. There are a few ideas I can recommend (pick one, any will work if this is right):

1. Reboot your server
2. Switch to the preview branch of the plugin
3. Wait for a few days, when I push the next update to the main branch it will have the fix for this issue.

[lgr]

4 hours ago, EDACerton said:

This seems like you're running into the same bug that others have. There are a few ideas I can recommend (pick one, any will work if this is right):

1. Reboot your server
2. Switch to the preview branch of the plugin
3. Wait for a few days, when I push the next update to the main branch it will have the fix for this issue.

I tried 1 & 2 and neither seemed to do the trick! Updated logs attached to help see if something else is going on?

Tower-tailscale-diag-20240219-182810.zip

Edited February 20 by lgr

[EDACerton]

1 hour ago, lgr said:

I tried 1 & 2 and neither seemed to do the trick! Updated logs attached to help see if something else is going on?

Tower-tailscale-diag-20240219-182810.zip 173.29 kB · 0 downloads

You seem to have had a bunch of issues connecting to the control servers from Unraid. Some examples (there's more than this in the log, but you get the idea):

Quote

2024/02/19 18:00:33 control: bootstrapDNS("derp5c.tailscale.com", "43.245.48.50") for "controlplane.tailscale.com" error: Get "https://derp5c.tailscale.com/bootstrap-dns?q=controlplane.tailscale.com": context deadline exceeded
2024/02/19 18:00:33 control: trying bootstrapDNS("derp21b.tailscale.com", "2607:f740:50::1d1") for "controlplane.tailscale.com" ...
2024/02/19 18:00:33 control: bootstrapDNS("derp21b.tailscale.com", "2607:f740:50::1d1") for "controlplane.tailscale.com" error: Get "https://derp21b.tailscale.com/bootstrap-dns?q=controlplane.tailscale.com": dial tcp [2607:f740:50::1d1]:443: connect: network is unreachable
2024/02/19 18:00:33 control: trying bootstrapDNS("derp11c.tailscale.com", "148.163.220.134") for "controlplane.tailscale.com" ...
2024/02/19 18:00:36 control: bootstrapDNS("derp11c.tailscale.com", "148.163.220.134") for "controlplane.tailscale.com" error: Get "https://derp11c.tailscale.com/bootstrap-dns?q=controlplane.tailscale.com": context deadline exceeded
2024/02/19 18:00:36 control: trying bootstrapDNS("derp13b.tailscale.com", "2607:f740:16::640") for "controlplane.tailscale.com" ...
2024/02/19 18:00:36 control: bootstrapDNS("derp13b.tailscale.com", "2607:f740:16::640") for "controlplane.tailscale.com" error: Get "https://derp13b.tailscale.com/bootstrap-dns?q=controlplane.tailscale.com": dial tcp [2607:f740:16::640]:443: connect: network is unreachable
2024/02/19 18:00:36 control: trying bootstrapDNS("derp4g.tailscale.com", "185.40.234.113") for "controlplane.tailscale.com" ...
2024/02/19 18:00:36 [RATELIMIT] format("control: trying bootstrapDNS(%q, %q) for %q ...")
2024/02/19 18:00:39 control: bootstrapDNS("derp4g.tailscale.com", "185.40.234.113") for "controlplane.tailscale.com" error: Get "https://derp4g.tailscale.com/bootstrap-dns?q=controlplane.tailscale.com": context deadline exceeded

There's also what might be problems with your client:

Quote

2024/02/19 18:13:54 [unexpected] magicsock: derp-2 does not know about peer [DEVLh], removing route
2024/02/19 18:14:00 [unexpected] magicsock: derp-2 does not know about peer [DEVLh], removing route
2024/02/19 18:14:06 [unexpected] magicsock: derp-2 does not know about peer [DEVLh], removing route
2024/02/19 18:14:12 [unexpected] magicsock: derp-2 does not know about peer [DEVLh], removing route
2024/02/19 18:14:18 [unexpected] magicsock: derp-2 does not know about peer [DEVLh], removing route

Everything on the Unraid configuration seems to be OK, though.

[qiosas]

Hey @EDACerton, thanks for your work on this!

 

I am trying to use exit node configured to Mullvad VPN server - this works in the plugin, but then local network access is blocked. From Tailscale documentation below is the solution " --exit-node-allow-lan-access=true", but this doesn't seem to work in CLI for the plugin. Is this something not yet available or am I doing it wrong?

 

"Optionally, set --exit-node-allow-lan-access to true to allow direct access to your local network when traffic is routed via an exit node. If you do not configure this option you may need to configure DNS.

sudo tailscale up --exit-node=<exit-node-name-or-ip> --exit-node-allow-lan-access=true"

[EDACerton]

12 hours ago, qiosas said:

Hey @EDACerton, thanks for your work on this!

 

I am trying to use exit node configured to Mullvad VPN server - this works in the plugin, but then local network access is blocked. From Tailscale documentation below is the solution " --exit-node-allow-lan-access=true", but this doesn't seem to work in CLI for the plugin. Is this something not yet available or am I doing it wrong?

 

"Optionally, set --exit-node-allow-lan-access to true to allow direct access to your local network when traffic is routed via an exit node. If you do not configure this option you may need to configure DNS.

sudo tailscale up --exit-node=<exit-node-name-or-ip> --exit-node-allow-lan-access=true"

You should be able to run this from the Unraid CLI:

 

tailscale set --exit-node-allow-lan-access

 

I just tried that on one of my test instances, and it worked correctly.

[qiosas]

13 hours ago, EDACerton said:

You should be able to run this from the Unraid CLI:

 

tailscale set --exit-node-allow-lan-access

 

I just tried that on one of my test instances, and it worked correctly.

Thanks, it does work! probably my syntax was wrong or smth..