Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

22 hours ago, Mattti1912 said:

Only different is that it has it´s own ip address, and that the container is set to br0.

 

That is the correct way to do it. I also run a lot of my docker services on br0 so they can have their own IP, including my AdGuard instance.

 

22 hours ago, Mattti1912 said:

im not sure what you mean?? english is not my first language :)  So do i have to change my global nameservers to the one from my adguard??

 

I found myself following a long thread the other day about something technical and just when I thought I was starting to comprehend the solution, I realized that it was all written in German and I don't read German. 🤣

 

For anyone interested in Tailscale ONLY, I apologize for the side-tracked post. But all these services and technologies tie together and it's difficult to get all the info in one place in a forum. This can easily be repeated in an NPM and/or AdGuard Home and/or Unbound/pfSense thread.

 

I swear this is going to dovetail with Tailscale in a minute...

 

AdGuard Home's primary purpose is to act as a DNS black hole, to help limit ads and tracking on devices where you can't install a browser-based ad-blocker like uBlock Origin. For it to work, it has to sit between your devices and any outside DNS servers. So typically, yes, you would set the AdGuard IP as the primary DNS in your router so that it will automatically be assigned to any device connecting to that router by DHCP. On the router you must not specify any other DNS servers, only AdGuard's IP.

 

In AdGuard's settings you then need to specify so-called UPSTREAM DNS server(s) - the upstream will be responsible for the next step in name resolution, which can include additional internal private domains (you use a local DNS resolver like Unbound for this), and eventually must include outside domains (so a public DNS resolver like Quad9, Cloudflare, OpenDNS, Google, etc.)

 

If you don't use a local resolver (Unbound), then you will set AdGuard's Upstream to one or more public DNS resolvers as mentioned above (9.9.9.9, 149.112.112.112, 1.1.1.1, etc.) If you do use Unbound, then you will set only the Unbound IP and then configure Unbound to use the public addresses after it finishes all local/private resolution. That's a big discussion on its own and for a much bigger big-picture thread.

 

In using Tailscale, you still want to use your AdGuard black hole, so you also set Tailscale's Global DNS to your AdGuard IP.

 

Alternatively, you can set Tailscale to use a device's local/default DNS and/or turn off Tailscale DNS entirely. The problem with this is, that if you use it on a mobile device, when you are outside your home, your device is going to use the DNS server assigned by your mobile operator - unless you override that manually with your AdGuard's IP I guess.

 

 

Edited by Espressomatic

  • Replies 1.7k
  • Views 376.7k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

I have Tailscale set up on my Unraid server and a tailnet to other devices that i own. So, now when I am outside the house, I can still access files on the server using Tailscale.

 

I have also set up the same thing on a remote location. So devices from that network can connect to their own server using their own Tailscale network.

 

Now I want to use rsync on my Unraid server to backup files over Tailscale to the server in the remote location. But both servers are already part of their own network. Is it possible to still somehow connect to the remote Tailscale network whilst retaining my own Tailscale network?

  • Author
2 minutes ago, lococola said:

I have Tailscale set up on my Unraid server and a tailnet to other devices that i own. So, now when I am outside the house, I can still access files on the server using Tailscale.

 

I have also set up the same thing on a remote location. So devices from that network can connect to their own server using their own Tailscale network.

 

Now I want to use rsync on my Unraid server to backup files over Tailscale to the server in the remote location. But both servers are already part of their own network. Is it possible to still somehow connect to the remote Tailscale network whilst retaining my own Tailscale network?

You can share devices between tailnets. 
 

https://tailscale.com/kb/1084/sharing

Thank you, that works perfectly! :)

IMG_20241207_225339.thumb.jpg.04a9737e22c221d9e2732286b76ed22a.jpg[7.0 rc1] Cannot establish p2p connection via ipv6

 

I installed the tailscale plugin in a fresh installed system. The only modification I did is to change the default network setting ipv4 to ipv4+ipv6. The system now has a public ipv6 address. However, the direct connection cannot be established from this system to another node with ipv6 address.

Did I miss something when set up this system?

 

Hey everyone I'm trying to get Plex to go over tailscale via a digital ocean exit node so that my users can access it without having to get the tailscale app. I feel like I have things set up correctly with my exit node. Or at least the tailscale dashboard makes me think so. and I have things set up in the unraid plugin dashboard. But when I try to tell it which exit node to use everything falls apart and I cant access unraid without removing it directly on the unraid server. (no more over network).

 

I've attached a few screengrabs showing that tailscale does see the exit node. And what my "this device" page in the plugin says. I feel like I'm supposed to be able to choose my exit node there. But maybe not?

 

 

Thanks

 

Screenshot_20241207_191841.png

Screenshot_20241207_191741.png

10 hours ago, EDACerton said:

There can be lots of reasons for that... firewalls, etc.

 

I'd recommend reading through Tailscale's documentation on firewalls to see if there's something there that would be helpful:

 

https://tailscale.com/kb/1181/firewalls

Thank you. Due to the lack of debug knowledge, I moved tailscale to upper level openwrt router with luci plugin lucky now. It is working as expected. I used Truenas Scale in the same PC before and it was fine either.

In my situation, the firewall for ipv6 is opened. However, the document said: 'Most of the time, Tailscale should work with your firewall out of the box'. Is it possible to capture the log of link establishing procedure?

7 hours ago, EDACerton said:

You're in the right place, you just need to switch to the editing mode, then you can select an exit node:

 

https://selfhosters.net/remote/tailscale/advanced/

 

Hmm well this might explain some things.

Is there something you need to predefine in the policy file that I might have missed?

 

Screenshot_20241208_113836.png

Well I was able to solve my previous problem. But I still am unable to access plex media at all when I have tailscale set up how I am led to believe it should be.

Hey all, following spaceinvader1 guide for the new tailscale integration in version 7 and the IP I'm assigned does not connect at all, I  just get "this site cannot be reached" seems I'm failing at the first hurdle. Any guidance on what I'm missing?

22 hours ago, helvete said:

the IP I'm assigned does not connect at all, I  just get "this site cannot be reached"

 

How and from where are you trying to access that IP? The inability to reach a Tailscale IP means you're not running Tailscale on the device you're connecting from. You can't access tailnet IPs if you're not connected to the tailnet.

 

 

Edited by Espressomatic

1 hour ago, Espressomatic said:

 

How and from where are you trying to access that IP? The inability to reach a Tailscale IP means you're not running Tailscale on the device you're connecting from. You can't access tailnet IPs if you're not connected to the tailnet.

 

 

So maybe I'm missing the point of this as I  wanted to be able to share a self hosted site with family so they would all need to have a tailscale account to reach that?

 

Let me install tailscale on my windows machine and see if that does it

EDIT: I've installed the winddows client and its connecting via the IP, but lost now as to how to give access to a container webui

Edited by helvete

19 hours ago, helvete said:

So maybe I'm missing the point of this as I  wanted to be able to share a self hosted site with family so they would all need to have a tailscale account to reach that?

 

Yes, 100%. If your self-hosted instance were able to be accessed without Tailscale, then there would be no point in having Tailscale deployed. It's a peer to peer VPN.

 

I've installed Tailscale on the devices of all family members in the house. Those are the only people who can access resources on my LAN from outside.

 

 

On 12/11/2024 at 3:43 PM, Espressomatic said:

 

Yes, 100%. If your self-hosted instance were able to be accessed without Tailscale, then there would be no point in having Tailscale deployed. It's a peer to peer VPN.

 

I've installed Tailscale on the devices of all family members in the house. Those are the only people who can access resources on my LAN from outside.

 

 

Yeah I  get that, I  was hoping that the funnels would be a solution for that but seems not, 

Every day seems to be a learning opportunity. This is more likely a solution or better workaround to someone else's requirements. It doesn't address needing to run Tailscale on all machines.

 

It looks like Tailscale does have built-in support to obtain a certificate from Let's Encrypt. And using its MagicDNS, it can serve this certificate to your browser so it doesn't complain when visiting the URL in the cert.

 

In other words, Tailscale already does encrypted VPN, but a browser needs a TLS cert. Use Tailscale for both:

 

https://tailscale.com/kb/1153/enabling-https

 

IMO, this is more work on the long-term than using a reverse proxy and isn't nearly as scaleable. Might be a good solution if you only need to do one or two domain names and don't care that you can't use your own custom FQDN (it uses the tailnet name).

 

 

Edited by Espressomatic

Is there are way to restrict the interfaces tailscale can use?

I just use it as Point to Point connection atm and on every bootup, its grabbing my wireguard site to site interface to establish a direct link and that breaks traffic, somewhat. A restart of the tunnel does fix it, but its still a tat annoying for having to deal with it

This may be trivial to some, running 7RC1 and Tailscale enabled. I have 2 networks on this server, 192.168.1.0/24 and 192.168.20.0/24. eth0 is on the 192.168.1.0/24 network and Tailscale works fine. The issue I am running into, I have several containers on the 192.168.20.0/24 network and I can't access by IP or FQDN using Tailscale, they show up in my TailNet and I approve and that as far as it goes. I have tried adding routes, restarting services, and several other efforts. I assume this is possible, what am I missing?

 

Thanks

I'm looking at dropping my published domain and switching to tailscale, but I'm not happy with the required use of an OAuth provider. I don't want any of my authentication tied to one of the big tech companies. 

I'm really trying to figure out the value of a solution that's supposed to provide a measure of privacy and security...that requires me to authenticate using companies that have time and again showed us they cannot be trusted.

I would be more accepting of using unraid.net as my authenticator, but regardless, I'm not happy about it.

I cannot enable unraid as an exit node. 

It seems to be an issue with that:
https://github.com/tailscale/tailscale/issues/14372

 

So is it at all possible to use unraid as an exit node?

 

I also cannot install tailscale into the docker-container of my Adguard. Would consider to use that as exit node instead.

Any Idea, why I cannot install it into the container? 
 

Here is the log:

 

Executing Unraid Docker Hook for Tailscale

Detecting Package Manager...
Detected Alpine Package Keeper!
Installing packages...
Please wait...
Packages installed!
Tailscale not found, downloading...
Please wait...
Download from Tailscale version 1.78.1 successful!
Installation Done!
Settings Tailscale state dir to: /config/.tailscale_state
Enabling userspace networking! Tailscale DNS not available
Setting host name to "AdGuard"
Starting tailscaled with log file location: /var/log/tailscaled
Starting tailscale

Edited by ulischultz

11 minutes ago, ulischultz said:

Any Idea, why I cannot install it into the container? 

How do you install it into the container?

What container are you using (Repository)?

1 minute ago, ulischultz said:

In the container setup of unraid I just activate tailscale.

The state directory is set not correctly, please go into the Docker template, open up the Advanced Tailscale settings and put this into the state directory:

grafik.png.3f0fb66eadf49d5998b3eee994d38eeb.png

 

Otherwise you would need to re-authenticate the container each time a update is pushed.

 

I just did a quick test and it shows up for me as exit node.

If I try to use unraid as my exit node with this command:

tailscale set --advertise-exit-node

 

I get this message:
Tailscale exit nodes cannot be used on unraid

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.