Jump to content

[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Thanks
  • Like

6 reactions

Go to this post
cinereus Enthusiast

cinereus

Posted
Posted
11 hours ago, EDACerton said:

You have to approve it in the Tailscale admin console.

 

https://login.tailscale.com/

 

The expiration piece was probably just related to the server being unable to contact Tailscale; that seems to confuse the Tailscale client in some cases. Unfortunately, there's not much that I can do to resolve that part with the plugin -- I can only report back what the client tells me. :(

I know. There is no option I can find anywhere in admin console. Where exactly? 

Link to comment
  • Replies 941
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

EDACerton
EDACerton

2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

Goonie Noob

Goonie

Posted
Posted
22 hours ago, EDACerton said:

Thanks. I think I misunderstood your original post, but looking at it again with the diagnostics I think I understand better now.

 

Using TailscaleAddress:Port only works for containers that are running on the Unraid server's IP (bridge networking). In your case, you are using ipvlan networking for your containers so that they get independent IPs.

 

For containers that have their own IPs, there are generally two approaches to connecting via Tailscale:

  1. Subnet routing, which you already have configured; or
  2. Running a Tailscale container to provide the networking for the service (which results in the container having its own Tailscale IP as well, it wouldn't share the host Tailscale IP).

If the local IPs are working for you via Tailscale, then you've already done what you need to connect remotely.

 

One other thing which has nothing to do with Tailscale -- I noticed that two of your Docker networks are ipvlan, but there's one macvlan network in the logs: 

Unraid1 rc.docker: created network macvlan eth0 with subnets: 10.x.1.0/24;

If this is deliberate, ignore me :), but I figured I'd mention it since macvlan has a history of causing issues, and that might have been something that you meant to either remove/switch and forgot.

thanks for your help, its appreciated. I will setup the tailscale-docker container and go down that path. Are there any hurdles that i need to be aware? Cheers 

  

Link to comment
kungfugripper Noob

kungfugripper

Posted
Posted

Hello,

 

I am having trouble connecting to docker containers via tailscale. I have tailscale1 configured in the network settings, and I am able to log in to the GUI just fine with my designated tailscale tower IP address and my phone can connect to my plex media through the mobile app, but when I try to use towerTailscaleIP:dockerPort, I get an error. I couldn't find many other people having issues with this with the plugin, so I am at a lost on what to try next. I have attached my diagnostics from my Tailscale Plugin if anybody can help. 

T-tailscale-diag-20240708-121408.zip

Link to comment
ngreenwood6 Noob

ngreenwood6

Posted
Posted

I am trying to get my local computer setup to access devices on the tailscale network by their tailscale ip (100.*) without being connected to tailscale. I believe this should be possible but i am no quite sure how to do it and was hoping someone here could help.

 

I am running pfsense and I added an outbound nat rule to send traffic from the lan interface with a destination to 100.* (tailscale ip) to the ip address of my unraid server. Since that is connected via this plugin I thought it might just direct the traffic but it did not work.

 

Any ideas on what I might be missing?

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
On 7/8/2024 at 3:26 PM, kungfugripper said:

Hello,

 

I am having trouble connecting to docker containers via tailscale. I have tailscale1 configured in the network settings, and I am able to log in to the GUI just fine with my designated tailscale tower IP address and my phone can connect to my plex media through the mobile app, but when I try to use towerTailscaleIP:dockerPort, I get an error. I couldn't find many other people having issues with this with the plugin, so I am at a lost on what to try next. I have attached my diagnostics from my Tailscale Plugin if anybody can help. 

T-tailscale-diag-20240708-121408.zip 172.71 kB · 1 download

What type of networks are your docker containers using (bridge, ipvlan, macvlan)?

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
1 hour ago, ngreenwood6 said:

I am trying to get my local computer setup to access devices on the tailscale network by their tailscale ip (100.*) without being connected to tailscale. I believe this should be possible but i am no quite sure how to do it and was hoping someone here could help.

 

I am running pfsense and I added an outbound nat rule to send traffic from the lan interface with a destination to 100.* (tailscale ip) to the ip address of my unraid server. Since that is connected via this plugin I thought it might just direct the traffic but it did not work.

 

Any ideas on what I might be missing?

I've never seen this done, and trying to configure this is out of scope for the plugin. You could try asking over in somewhere like r/Tailscale to see if folks have successfully done what you're trying to.

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
On 7/7/2024 at 9:28 PM, Goonie said:

thanks for your help, its appreciated. I will setup the tailscale-docker container and go down that path. Are there any hurdles that i need to be aware? Cheers 

  

Tailscale has a blog post that talks more about the setup:

 

https://tailscale.com/blog/docker-tailscale-guide

 

There are two important things to know when using a sidecar container like this:

  1. If you want to be able to establish local connections, you need to set up the ports on the Tailscale container, not on the connected one.
  2. When connecting via Tailscale, you will always use the "internal" ports on the connected container. (Often, the internal and external ports are the same, but this isn't always the case.)
Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
2 hours ago, kungfugripper said:

My arrs,qbittorrent, and Plex is on br0, and I have firefox and krusader on bridge. 

For containers running on br0, UnraidTailscaleIP:Port will not work. For that, you either need to do subnet routing or run Tailscale as a sidecar for each container that you want to expose via Tailscale. See my comment here for more info on that:

 

Link to comment
kungfugripper Noob

kungfugripper

Posted
Posted
19 hours ago, EDACerton said:

For containers running on br0, UnraidTailscaleIP:Port will not work. For that, you either need to do subnet routing or run Tailscale as a sidecar for each container that you want to expose via Tailscale. See my comment here for more info on that:

 

That is most likely the answer, but I am a little confused. Before I accidently blew up my docker containers' cache pool and had to reinstall all my containers from scratch, the Tailscale plugin worked just fine allowing me to connect to the containers remotely without any additional configurations with UnraidTailscaleIP:Port even with the networks settings being on br0 (can't remember for bridge). 

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
14 hours ago, blitzio said:

Sure I just did that, here's the newly generated one after restarting from within the plugin settings itself.

tailscale-diag-20240711-202912.zip 203.26 kB · 1 download

Looking at your Tailscale logs, here's the command that's being used to start tailscaled:

  

/usr/local/sbin/tailscaled -statedir /boot/config/plugins/tailscale/state -tun tailscale1

 

This is expected behavior based on the plugin settings (if the port is left at the default, the plugin doesn't force it), but from this situation I realize that this might not be the ideal setup. I'm going to look at changing that behavior in an upcoming update.

 

In the meantime, you could try setting your wireguard port to something like 41642... this will let you force Tailscale onto that specific port.

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
4 hours ago, kungfugripper said:

That is most likely the answer, but I am a little confused. Before I accidently blew up my docker containers' cache pool and had to reinstall all my containers from scratch, the Tailscale plugin worked just fine allowing me to connect to the containers remotely without any additional configurations with UnraidTailscaleIP:Port even with the networks settings being on br0 (can't remember for bridge). 

I don't have any great insights for you here... all I could guess would be that you did something that you've since forgotten to get things to work that way :) .

Link to comment
Goonie Noob

Goonie

Posted
Posted
On 7/10/2024 at 11:06 AM, EDACerton said:

Tailscale has a blog post that talks more about the setup:

 

https://tailscale.com/blog/docker-tailscale-guide

 

There are two important things to know when using a sidecar container like this:

  1. If you want to be able to establish local connections, you need to set up the ports on the Tailscale container, not on the connected one.
  2. When connecting via Tailscale, you will always use the "internal" ports on the connected container. (Often, the internal and external ports are the same, but this isn't always the case.)

Thanks for the help, not sure why I cant get this to work I must be overlooking something. even with tailscale-docker setup i cant access the other containers. I have tried  changing the network types etc. the only way i have been able to access them is to change the network type in the container to host which allows the tailscale plugin to route the traffic to the containers via the exposed port 

Link to comment
blitzio Noob

blitzio

Posted
Posted
7 hours ago, EDACerton said:

Looking at your Tailscale logs, here's the command that's being used to start tailscaled:

  

/usr/local/sbin/tailscaled -statedir /boot/config/plugins/tailscale/state -tun tailscale1

 

This is expected behavior based on the plugin settings (if the port is left at the default, the plugin doesn't force it), but from this situation I realize that this might not be the ideal setup. I'm going to look at changing that behavior in an upcoming update.

 

In the meantime, you could try setting your wireguard port to something like 41642... this will let you force Tailscale onto that specific port.

 

Wow thank you, I think we have finally resolved the issue here.

 

I changed the wireguard port in the plugin advanced settings to 41642 as you said. And then I forwarded that port on my router (UDM SE) and now it seems I am getting a direct connection after running some tests!

Link to comment
urbanracer34 Explorer

urbanracer34

Posted
Posted (edited)

Hello!

 

I am having some issues and I am lost. 

 

I cannot access my unRAID server over Tailscale. It gives me a message saying "host refused to connect" using the Tailscale IP. 

 

I am a total newbie to Tailscale, so go easy on me please.

 

I want to be able to access every service on my unRAID server remotely. 

 

Thanks! 

 

EDIT: add diagnostics

GIBSON-tailscale-diag-20240719-171710.zip

 

EDIT2: I still have "vanilla" wireguard running. Should I disable it? Both Tailscale and WireGuard are on different ports. 

 

EDIT3: WE ARE FIXED! Just had to restart the daemon for Tailscale! RESOLVED! 

Edited by urbanracer34
Link to comment
abstrakONE Noob

abstrakONE

Posted
Posted

I've been using Unraid for several months now on 2 of my machines and it’s been working great. I've recently started using Tailscale and it's Unraid Plugin and wanted to start using it with my Docker containers I have running on my Unraid servers. Is there a good resource explaining how to go about using Tailscale with Docker containers so I can offer them up as Tailscale "Machines"? can this be done using the standard Unraid interface for docker? I’d like to be able to specify the hostname for the machine for my tailnet and use tailnet serve to do the reverse proxy.  How do I do this?

Link to comment
Radu816 Noob

Radu816

Posted
Posted

Hello! Uninitiated unraid user here!

I installed the plugin and configured it using ibracorp's tutorial(for the docker version).  My issue is that whenever I activate the tailscale client, I do have acces to my local network over VPN but when I want to acces the internet, I get an error from the browser saying "ERR_NAME_NOT_RESOLVED". As far as I could comprehend there is a issue with the DNS. I tried setting up google/cloudflare DNS and disabling MAGIC DNS but nothing worked.

 

Thank you for developing this amazing plugin!

Link to comment
cinereus Enthusiast

cinereus

Posted
Posted
On 7/6/2024 at 3:28 PM, cinereus said:

Okay I fixed it. The reason the button wasn't working was because no internet access. It should open a popup to tailscale dash but didn't and no error message.

 

Please consider this a bug report for that.

I have this issue again but the button popup isn't working at all now.

 

I can click the reauthenticate button 100 times but nothing happens and in the meantime lots of things on my server are broken.

 

image.png.c6071c11975ad0d2e769ca67e4f416f6.png

 

How else can I reauthenticate other than by this broken button?

Link to comment
Radu816 Noob

Radu816

Posted
Posted
21 hours ago, Radu816 said:

Hello! Uninitiated unraid user here!

I installed the plugin and configured it using ibracorp's tutorial(for the docker version).  My issue is that whenever I activate the tailscale client, I do have acces to my local network over VPN but when I want to acces the internet, I get an error from the browser saying "ERR_NAME_NOT_RESOLVED". As far as I could comprehend there is a issue with the DNS. I tried setting up google/cloudflare DNS and disabling MAGIC DNS but nothing worked.

 

Thank you for developing this amazing plugin!

I solved my issue by going to plugin settings > advanced view > Use Tailscale DNS settings > YES and setting up DNS in tailscale admin console; override local dns > cloudflare dns + enabling magic DNS.

As a side note, my docker containers run on a different network fron br0 (i heard there is a problem here).

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...