Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

11 hours ago, EDACerton said:

You have to approve it in the Tailscale admin console.

 

https://login.tailscale.com/

 

The expiration piece was probably just related to the server being unable to contact Tailscale; that seems to confuse the Tailscale client in some cases. Unfortunately, there's not much that I can do to resolve that part with the plugin -- I can only report back what the client tells me. :(

I know. There is no option I can find anywhere in admin console. Where exactly? 

  • Replies 1.7k
  • Views 377.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

22 hours ago, EDACerton said:

Thanks. I think I misunderstood your original post, but looking at it again with the diagnostics I think I understand better now.

 

Using TailscaleAddress:Port only works for containers that are running on the Unraid server's IP (bridge networking). In your case, you are using ipvlan networking for your containers so that they get independent IPs.

 

For containers that have their own IPs, there are generally two approaches to connecting via Tailscale:

  1. Subnet routing, which you already have configured; or
  2. Running a Tailscale container to provide the networking for the service (which results in the container having its own Tailscale IP as well, it wouldn't share the host Tailscale IP).

If the local IPs are working for you via Tailscale, then you've already done what you need to connect remotely.

 

One other thing which has nothing to do with Tailscale -- I noticed that two of your Docker networks are ipvlan, but there's one macvlan network in the logs:

Unraid1 rc.docker: created network macvlan eth0 with subnets: 10.x.1.0/24; 

If this is deliberate, ignore me :), but I figured I'd mention it since macvlan has a history of causing issues, and that might have been something that you meant to either remove/switch and forgot.

thanks for your help, its appreciated. I will setup the tailscale-docker container and go down that path. Are there any hurdles that i need to be aware? Cheers 

  

Hello,

 

I am having trouble connecting to docker containers via tailscale. I have tailscale1 configured in the network settings, and I am able to log in to the GUI just fine with my designated tailscale tower IP address and my phone can connect to my plex media through the mobile app, but when I try to use towerTailscaleIP:dockerPort, I get an error. I couldn't find many other people having issues with this with the plugin, so I am at a lost on what to try next. I have attached my diagnostics from my Tailscale Plugin if anybody can help. 

T-tailscale-diag-20240708-121408.zip

I am noticing a bunch of glyphs in my log, any idea why that is happening... �R�i��3��?,}fu�Y�t�^o�C�

I am trying to get my local computer setup to access devices on the tailscale network by their tailscale ip (100.*) without being connected to tailscale. I believe this should be possible but i am no quite sure how to do it and was hoping someone here could help.

 

I am running pfsense and I added an outbound nat rule to send traffic from the lan interface with a destination to 100.* (tailscale ip) to the ip address of my unraid server. Since that is connected via this plugin I thought it might just direct the traffic but it did not work.

 

Any ideas on what I might be missing?

  • Author
On 7/8/2024 at 3:26 PM, kungfugripper said:

Hello,

 

I am having trouble connecting to docker containers via tailscale. I have tailscale1 configured in the network settings, and I am able to log in to the GUI just fine with my designated tailscale tower IP address and my phone can connect to my plex media through the mobile app, but when I try to use towerTailscaleIP:dockerPort, I get an error. I couldn't find many other people having issues with this with the plugin, so I am at a lost on what to try next. I have attached my diagnostics from my Tailscale Plugin if anybody can help. 

T-tailscale-diag-20240708-121408.zip 172.71 kB · 1 download

What type of networks are your docker containers using (bridge, ipvlan, macvlan)?

  • Author
1 hour ago, ngreenwood6 said:

I am trying to get my local computer setup to access devices on the tailscale network by their tailscale ip (100.*) without being connected to tailscale. I believe this should be possible but i am no quite sure how to do it and was hoping someone here could help.

 

I am running pfsense and I added an outbound nat rule to send traffic from the lan interface with a destination to 100.* (tailscale ip) to the ip address of my unraid server. Since that is connected via this plugin I thought it might just direct the traffic but it did not work.

 

Any ideas on what I might be missing?

I've never seen this done, and trying to configure this is out of scope for the plugin. You could try asking over in somewhere like r/Tailscale to see if folks have successfully done what you're trying to.

  • Author
7 hours ago, sdballer said:

I am noticing a bunch of glyphs in my log, any idea why that is happening... �R�i��3��?,}fu�Y�t�^o�C�

I'd check to make certain that /var/log isn't full.

  • Author
On 7/7/2024 at 9:28 PM, Goonie said:

thanks for your help, its appreciated. I will setup the tailscale-docker container and go down that path. Are there any hurdles that i need to be aware? Cheers 

  

Tailscale has a blog post that talks more about the setup:

 

https://tailscale.com/blog/docker-tailscale-guide

 

There are two important things to know when using a sidecar container like this:

  1. If you want to be able to establish local connections, you need to set up the ports on the Tailscale container, not on the connected one.
  2. When connecting via Tailscale, you will always use the "internal" ports on the connected container. (Often, the internal and external ports are the same, but this isn't always the case.)
21 hours ago, EDACerton said:

What type of networks are your docker containers using (bridge, ipvlan, macvlan)?

My arrs,qbittorrent, and Plex is on br0, and I have firefox and krusader on bridge. 

Edited by kungfugripper

  • Author
2 hours ago, kungfugripper said:

My arrs,qbittorrent, and Plex is on br0, and I have firefox and krusader on bridge. 

For containers running on br0, UnraidTailscaleIP:Port will not work. For that, you either need to do subnet routing or run Tailscale as a sidecar for each container that you want to expose via Tailscale. See my comment here for more info on that:

 

On 7/10/2024 at 10:57 AM, EDACerton said:

It looks like the log files don't have the information that shows when Tailscale was last restarted. Can you restart Tailscale from within the plugin settings, then after a few minutes generate another diagnostics pack?

Sure I just did that, here's the newly generated one after restarting from within the plugin settings itself.

tailscale-diag-20240711-202912.zip

19 hours ago, EDACerton said:

For containers running on br0, UnraidTailscaleIP:Port will not work. For that, you either need to do subnet routing or run Tailscale as a sidecar for each container that you want to expose via Tailscale. See my comment here for more info on that:

 

That is most likely the answer, but I am a little confused. Before I accidently blew up my docker containers' cache pool and had to reinstall all my containers from scratch, the Tailscale plugin worked just fine allowing me to connect to the containers remotely without any additional configurations with UnraidTailscaleIP:Port even with the networks settings being on br0 (can't remember for bridge). 

  • Author
14 hours ago, blitzio said:

Sure I just did that, here's the newly generated one after restarting from within the plugin settings itself.

tailscale-diag-20240711-202912.zip 203.26 kB · 1 download

Looking at your Tailscale logs, here's the command that's being used to start tailscaled:

 

/usr/local/sbin/tailscaled -statedir /boot/config/plugins/tailscale/state -tun tailscale1 

 

This is expected behavior based on the plugin settings (if the port is left at the default, the plugin doesn't force it), but from this situation I realize that this might not be the ideal setup. I'm going to look at changing that behavior in an upcoming update.

 

In the meantime, you could try setting your wireguard port to something like 41642... this will let you force Tailscale onto that specific port.

  • Author
4 hours ago, kungfugripper said:

That is most likely the answer, but I am a little confused. Before I accidently blew up my docker containers' cache pool and had to reinstall all my containers from scratch, the Tailscale plugin worked just fine allowing me to connect to the containers remotely without any additional configurations with UnraidTailscaleIP:Port even with the networks settings being on br0 (can't remember for bridge). 

I don't have any great insights for you here... all I could guess would be that you did something that you've since forgotten to get things to work that way :) .

On 7/10/2024 at 11:06 AM, EDACerton said:

Tailscale has a blog post that talks more about the setup:

 

https://tailscale.com/blog/docker-tailscale-guide

 

There are two important things to know when using a sidecar container like this:

  1. If you want to be able to establish local connections, you need to set up the ports on the Tailscale container, not on the connected one.
  2. When connecting via Tailscale, you will always use the "internal" ports on the connected container. (Often, the internal and external ports are the same, but this isn't always the case.)

Thanks for the help, not sure why I cant get this to work I must be overlooking something. even with tailscale-docker setup i cant access the other containers. I have tried  changing the network types etc. the only way i have been able to access them is to change the network type in the container to host which allows the tailscale plugin to route the traffic to the containers via the exposed port 

7 hours ago, EDACerton said:

Looking at your Tailscale logs, here's the command that's being used to start tailscaled:

 

/usr/local/sbin/tailscaled -statedir /boot/config/plugins/tailscale/state -tun tailscale1 

 

This is expected behavior based on the plugin settings (if the port is left at the default, the plugin doesn't force it), but from this situation I realize that this might not be the ideal setup. I'm going to look at changing that behavior in an upcoming update.

 

In the meantime, you could try setting your wireguard port to something like 41642... this will let you force Tailscale onto that specific port.

 

Wow thank you, I think we have finally resolved the issue here.

 

I changed the wireguard port in the plugin advanced settings to 41642 as you said. And then I forwarded that port on my router (UDM SE) and now it seems I am getting a direct connection after running some tests!

Hello!

 

I am having some issues and I am lost. 

 

I cannot access my unRAID server over Tailscale. It gives me a message saying "host refused to connect" using the Tailscale IP. 

 

I am a total newbie to Tailscale, so go easy on me please.

 

I want to be able to access every service on my unRAID server remotely. 

 

Thanks! 

 

EDIT: add diagnostics

GIBSON-tailscale-diag-20240719-171710.zip

 

EDIT2: I still have "vanilla" wireguard running. Should I disable it? Both Tailscale and WireGuard are on different ports. 

 

EDIT3: WE ARE FIXED! Just had to restart the daemon for Tailscale! RESOLVED! 

Edited by urbanracer34

I've been using Unraid for several months now on 2 of my machines and it’s been working great. I've recently started using Tailscale and it's Unraid Plugin and wanted to start using it with my Docker containers I have running on my Unraid servers. Is there a good resource explaining how to go about using Tailscale with Docker containers so I can offer them up as Tailscale "Machines"? can this be done using the standard Unraid interface for docker? I’d like to be able to specify the hostname for the machine for my tailnet and use tailnet serve to do the reverse proxy.  How do I do this?

Hello! Uninitiated unraid user here!

I installed the plugin and configured it using ibracorp's tutorial(for the docker version).  My issue is that whenever I activate the tailscale client, I do have acces to my local network over VPN but when I want to acces the internet, I get an error from the browser saying "ERR_NAME_NOT_RESOLVED". As far as I could comprehend there is a issue with the DNS. I tried setting up google/cloudflare DNS and disabling MAGIC DNS but nothing worked.

 

Thank you for developing this amazing plugin!

On 7/6/2024 at 3:28 PM, cinereus said:

Okay I fixed it. The reason the button wasn't working was because no internet access. It should open a popup to tailscale dash but didn't and no error message.

 

Please consider this a bug report for that.

I have this issue again but the button popup isn't working at all now.

 

I can click the reauthenticate button 100 times but nothing happens and in the meantime lots of things on my server are broken.

 

image.png.c6071c11975ad0d2e769ca67e4f416f6.png

 

How else can I reauthenticate other than by this broken button?

21 hours ago, Radu816 said:

Hello! Uninitiated unraid user here!

I installed the plugin and configured it using ibracorp's tutorial(for the docker version).  My issue is that whenever I activate the tailscale client, I do have acces to my local network over VPN but when I want to acces the internet, I get an error from the browser saying "ERR_NAME_NOT_RESOLVED". As far as I could comprehend there is a issue with the DNS. I tried setting up google/cloudflare DNS and disabling MAGIC DNS but nothing worked.

 

Thank you for developing this amazing plugin!

I solved my issue by going to plugin settings > advanced view > Use Tailscale DNS settings > YES and setting up DNS in tailscale admin console; override local dns > cloudflare dns + enabling magic DNS.

As a side note, my docker containers run on a different network fron br0 (i heard there is a problem here).

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.