Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

5 minutes ago, EDACerton said:

The docker settings are unrelated to the plugin, please make a post in the Tailscale forum for support with that. 

I thought this was the tailscale forum

  • Replies 1.7k
  • Views 375.5k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

28 minutes ago, RoboCanvas said:

I thought this was the tailscale forum

 

This is a Tailscale plugin thread. It used to be in the Plugins sub-forum.

 

So now it looks like there's a new Tailscale-specific sub-forum where this thread lives.

 

Which means new threads for Tailscale-specific issues (not necessarily plugin-related) can be started at the top of the sub-forum:  https://forums.unraid.net/forum/111-tailscale/

 

 

 

 

 

 

Edited by Espressomatic

Great the exit node feature is yet again working.

 

I have one question: I would like 2 containers not to use the exit node (Plex and SABnzbd). Is this possible to exclude these two dockers being routed through the Exit node? Or is it all or nothing with the plugin?

Can I disconnect my Tailscale account and connect a different one? (I decided I should separate business and personal Tailscale accounts)

  • Author
1 hour ago, D2934 said:

Can I disconnect my Tailscale account and connect a different one? (I decided I should separate business and personal Tailscale accounts)

Yes, I would just do an "Erase Configuration" (might need to toggle advanced settings), then wait 30 seconds and reload the page.

  • Author
9 hours ago, steve1977 said:

Great the exit node feature is yet again working.

 

I have one question: I would like 2 containers not to use the exit node (Plex and SABnzbd). Is this possible to exclude these two dockers being routed through the Exit node? Or is it all or nothing with the plugin?

No.... if you've enabled an exit node at host level, everything will be routed through the exit node. I don't know of any way to exempt traffic.

1 hour ago, EDACerton said:

No.... if you've enabled an exit node at host level, everything will be routed through the exit node. I don't know of any way to exempt traffic.

Thanks. Could i exempt one docker from tailscale and would this exempt also the traffic?

  • Author
2 minutes ago, steve1977 said:

Thanks. Could i exempt one docker from tailscale and would this exempt also the traffic?

You could put it on br0 so it gets its own IP. If it's on bridge/host, you can't exempt it.

On 1/27/2025 at 11:13 AM, steve1977 said:

Great the exit node feature is yet again working.

 

I have one question: I would like 2 containers not to use the exit node (Plex and SABnzbd). Is this possible to exclude these two dockers being routed through the Exit node? Or is it all or nothing with the plugin?

I was able to get the Mullvad exit node working using the plugin fix here: https://github.com/tailscale/tailscale/issues/14372

However, when I activate the exit node, the devices on my network can't load Jellyfin. Can anyone tell me what I'm missing?

Edited by jessejericho

Thanks. I am starting to realize that I will need both the plugin and the docker-based implementation. And putting some dockers on br0 is probably what I need to do to accomplish this.

 

1) Console and some dockers - on bridge, plugin-based TS, plug-in based exit node

 

2) Other dockers - br0, docker-based TS, no exit node

 

3) Other dockers - br0 docker-based TS, docker-based exit node

 

Ideally, I can still access all dockers from the Unraid GUI when remote. Would this work? I would need to include and exclude some IPs from subnet?

 

I am posting in parallel in the docker-related thread how to get the br0 implementation work (seems complex).

On 1/26/2025 at 3:50 PM, EDACerton said:

The plugin is still needed on 7 for the host Tailscale installation. That allows Tailscale to update without needing an OS release every time. 

Thank you! The plugin has been fantastic, super stable and issue-free, so I hope I can continue using it without Lime breaking anything with their TS integration.

2 hours ago, sir_storealot said:

so I hope I can continue using it without Lime breaking anything with their TS integration

If you don't use the Unraid Tailscale Docker Integration nothing would break in therms of the plugin, even if you use it in one or more containers nothing should break.

 

Please note that the Unraid Tailscale Docker Integration is optional and you don't have to use it at all (this was always the main intention and they are both independent from each other), if you don't use it then nothing changes. :)

Am I the only one that this just does not work for?

I finally updated to 7 today to integrate TS via the SI1 vid and I'm getting stuck at basic steps. Since this isn't a docker I'm having a hard time figuring out what to do. Per the video I should be able to, on an Unraid 7 system, install TS plugin, register, authenticate my device, then navigate to the TS assigned IP and see the unraid webgui. This does not function whatsoever. Further, the only way to manage routes is apparently on the server via the TS plugin menu. However, I'm not able to enter any routes in the plugin at all as it only says 'Add devices to your tailnet without installing TS . Learn more →'. In the SI1 video, he clicks the viewing button then 'sign in to confirm identity', only mine doesn't have a sign in button, just 'Cannot access this device’s Tailscale IP. Make sure you are connected to your tailnet, and that your policy file allows access. Learn more →'.

I can see my server and my other devices in my tailnet so it's for sure authenticated.

I mean all I've done is add my server to my tailnet and nothing else as per the video and I can't keep going as I can't even configure the basics yet. What am I missing here?

Edited by alicecantsleep

is the resolv config overwrite a issue within the plugin or unriad 7?

as noted here:


and is there a fix other then manual rewriting the resolv config and docker resolv config mount replacement...

looks like ther was a update and patch.. Testing atm. Have all scripts off and all docker auto start off so plain 7 and run thing and check and fix the resolv.conf as we go...

Hopefully they fixed this...

 

so after the lattest update. Before I run my script to setup tailscal as a node:

Step 1 nothing runnign yet system is up...

root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf
# Generated by rc.inet1
nameserver 192.168.2.3
nameserver 192.168.2.1
nameserver 8.8.8.8
root@Docker:~# 


this is what the host resolv.conf is...
image.png.499e63eedd47fccfd7b0533432c7a199.png


step 2 run my ensre route scirpt wil will start tailscale and allog the tailscal vpn to conect to my lan though my unriad system via the route...

I would normaly wait 1 min for full system boot and run this to start tailscale!

sleep 60
tailscale up --accept-routes --accept-dns=true --advertise-routes=192.168.2.0/24


As I want docker fully started and working first then tailscale then edit the docker network settings to flush and change the ip which enacts a rcnet restart.... (during this restart step is when tailscale breaks the resolve config...)

ran command wants the settings and resolv.conf say:
 

root@Docker:~# tailscale up --accept-routes --accept-dns=true --advertise-routes=192.168.2.0/24
Warning: UDP GRO forwarding is suboptimally configured on shim-br0, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro
root@Docker:~# 

image.png.8ff56ab90812affa5911c8fc1ac267cc.png

so now tailscale vpn is working (as I want it!)...so what does resolv.conf say...

So nope still a broken resolv.conf...

 

root@Docker:~# cat /etc/resolv.
resolv.conf                       resolv.conf.head                  resolv.conf.tail                  resolv.pre-tailscale-backup.conf
root@Docker:~# cat /etc/resolv.conf
# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN

nameserver ###Tailscale IP####
search MyTailscaleNetwork.ts.net
root@Docker:~# cat /etc/resolv.pre-tailscale-backup.conf


so now that this is reporduceable ... This is now on teh maintainer! they need to not break the host unraid v7 resolv.conf at the host level!!!

so the plugin maintainers will need to make a backup of there setting (or NOT REPLACE TO THE DAM /etc/resolv.conf) to have there data but to keep and maintain Unraids data to maintain and keep dns and other stuff working!!!!

So lets run a script to backup there curent Fup in and run similar to make there setting and then combine the 2! AS IT SHOULD BE!...
IF they just write the Tailscale stuff to /etc/resolv.conf.tail it be fine!
 

#!/bin/bash

# Define file paths
RESOLV_CONF="/etc/resolv.conf"
BACKUP_CONF="/etc/resolv.tailscalesettingbackup.conf"
PRE_TAILSCALE_CONF="/etc/resolv.pre-tailscale-backup.conf"

# Check if the original resolv.conf exists and back it up
if [ -f "$RESOLV_CONF" ]; then
    echo "Backing up current $RESOLV_CONF to $BACKUP_CONF..."
    cp "$RESOLV_CONF" "$BACKUP_CONF"
else
    echo "Error: $RESOLV_CONF does not exist. Exiting."
    exit 1
fi

# Remove the original resolv.conf
echo "Removing $RESOLV_CONF..."
rm -f "$RESOLV_CONF"

# Check if both required files for merge exist
if [ -f "$PRE_TAILSCALE_CONF" ] && [ -f "$BACKUP_CONF" ]; then
    echo "Merging $PRE_TAILSCALE_CONF and $BACKUP_CONF into $RESOLV_CONF..."
    cat "$PRE_TAILSCALE_CONF" "$BACKUP_CONF" > "$RESOLV_CONF"
    echo "Merge complete. New $RESOLV_CONF created."
else
    echo "Error: One or both of the required files ($PRE_TAILSCALE_CONF, $BACKUP_CONF) do not exist."
    exit 1
fi

# Final confirmation message
echo "Backup and restore process completed successfully."



FIX THIS!

Hello All,

 

I try to setup Tailscale on my Unraid nas, but I encounter some problems unfortunately. I'm on Unraid 7.0.0 and use the Tailscale plugin. I follow the steps from the Spaceinvader One video on Youtube, but already I'm blocked at the start.

 

I installed the Tailscale plugin. After it was installed I went to Settings -> Tailscale. According to the Spaceinvader One tutorial I should see a button to reauthenticate. I don't see that. I see a button to login. When I click the login button, I directly get a notification that login fails. 

 

I already tried to:

 

* Refresh the browser.

* Shutdown and start the nas.

* Uninstall the plugin and reinstall it.

* Check the log.

* Find people online with the same issue. Can't find anything..

 

What am I doing wrong? I hope somebody can help me.

 

Thank you very much!

 

 

 

 

 

 

Tailscale_login.png

tailscale-utils.log tailscale.log

Got the same error after the update

  • Author
2 hours ago, blackcuda said:

Hello All,

 

I try to setup Tailscale on my Unraid nas, but I encounter some problems unfortunately. I'm on Unraid 7.0.0 and use the Tailscale plugin. I follow the steps from the Spaceinvader One video on Youtube, but already I'm blocked at the start.

 

I installed the Tailscale plugin. After it was installed I went to Settings -> Tailscale. According to the Spaceinvader One tutorial I should see a button to reauthenticate. I don't see that. I see a button to login. When I click the login button, I directly get a notification that login fails. 

 

I already tried to:

 

* Refresh the browser.

* Shutdown and start the nas.

* Uninstall the plugin and reinstall it.

* Check the log.

* Find people online with the same issue. Can't find anything..

 

What am I doing wrong? I hope somebody can help me.

 

Thank you very much!

 

 

 

 

 

 

Tailscale_login.png

tailscale-utils.log 9.97 kB · 1 download tailscale.log 16.31 kB · 2 downloads

 

56 minutes ago, Alex.b said:

Got the same error after the update

This appears to be caused by a security fix that was added in Tailscale 1.80.0. It breaks the "Login" button when accessing the WebGUI over HTTP. I'm opening a case with Tailscale for that.

 

In the meantime, if you enable SSL/TLS for the WebGUI via "Management Settings", you should be able to complete the login. You can also open the CLI and run "tailscale up", then go to the link it gives you.

 

I've also rolled back the "main" plugin version to 1.78.1 while I work on getting a better fix for this. I will keep 1.80.0 on the "preview" branch for anyone that wants it (1.80.0 allows Unraid to use exit nodes again, so some folks might want that).

Edited by EDACerton

26 minutes ago, EDACerton said:

 

This appears to be caused by a security fix that was added in Tailscale 1.80.0. It breaks the "Login" button when accessing the WebGUI over HTTP. I'm opening a case with Tailscale for that.

 

In the meantime, if you enable SSL/TLS for the WebGUI via "Management Settings", you should be able to complete the login. You can also open the CLI and run "tailscale up", then go to the link it gives you.

 

I've also rolled back the "main" plugin version to 1.78.1 while I work on getting a better fix for this. I will keep 1.80.0 on the "preview" branch for anyone that wants it (1.80.0 allows Unraid to use exit nodes again, so some folks might want that).

Thanks for the quick response! Enabling SSL/TLS solves the problem! I am able to login to Tailscale now.

  • Author
3 hours ago, bmartino1 said:

looks like ther was a update and patch.. Testing atm. Have all scripts off and all docker auto start off so plain 7 and run thing and check and fix the resolv.conf as we go...

Hopefully they fixed this...

 

so after the lattest update. Before I run my script to setup tailscal as a node:

Step 1 nothing runnign yet system is up...

root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf
# Generated by rc.inet1
nameserver 192.168.2.3
nameserver 192.168.2.1
nameserver 8.8.8.8
root@Docker:~# 


this is what the host resolv.conf is...
image.png.499e63eedd47fccfd7b0533432c7a199.png


step 2 run my ensre route scirpt wil will start tailscale and allog the tailscal vpn to conect to my lan though my unriad system via the route...

I would normaly wait 1 min for full system boot and run this to start tailscale!

sleep 60
tailscale up --accept-routes --accept-dns=true --advertise-routes=192.168.2.0/24


As I want docker fully started and working first then tailscale then edit the docker network settings to flush and change the ip which enacts a rcnet restart.... (during this restart step is when tailscale breaks the resolve config...)

ran command wants the settings and resolv.conf say:
 

root@Docker:~# tailscale up --accept-routes --accept-dns=true --advertise-routes=192.168.2.0/24
Warning: UDP GRO forwarding is suboptimally configured on shim-br0, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro
root@Docker:~# 

image.png.8ff56ab90812affa5911c8fc1ac267cc.png

so now tailscale vpn is working (as I want it!)...so what does resolv.conf say...

So nope still a broken resolv.conf...

 

root@Docker:~# cat /etc/resolv.
resolv.conf                       resolv.conf.head                  resolv.conf.tail                  resolv.pre-tailscale-backup.conf
root@Docker:~# cat /etc/resolv.conf
# resolv.conf(5) file generated by tailscale
# For more info, see https://tailscale.com/s/resolvconf-overwrite
# DO NOT EDIT THIS FILE BY HAND -- CHANGES WILL BE OVERWRITTEN

nameserver ###Tailscale IP####
search MyTailscaleNetwork.ts.net
root@Docker:~# cat /etc/resolv.pre-tailscale-backup.conf


so now that this is reporduceable ... This is now on teh maintainer! they need to not break the host unraid v7 resolv.conf at the host level!!!

so the plugin maintainers will need to make a backup of there setting (or NOT REPLACE TO THE DAM /etc/resolv.conf) to have there data but to keep and maintain Unraids data to maintain and keep dns and other stuff working!!!!

So lets run a script to backup there curent Fup in and run similar to make there setting and then combine the 2! AS IT SHOULD BE!...
IF they just write the Tailscale stuff to /etc/resolv.conf.tail it be fine!
 

#!/bin/bash

# Define file paths
RESOLV_CONF="/etc/resolv.conf"
BACKUP_CONF="/etc/resolv.tailscalesettingbackup.conf"
PRE_TAILSCALE_CONF="/etc/resolv.pre-tailscale-backup.conf"

# Check if the original resolv.conf exists and back it up
if [ -f "$RESOLV_CONF" ]; then
    echo "Backing up current $RESOLV_CONF to $BACKUP_CONF..."
    cp "$RESOLV_CONF" "$BACKUP_CONF"
else
    echo "Error: $RESOLV_CONF does not exist. Exiting."
    exit 1
fi

# Remove the original resolv.conf
echo "Removing $RESOLV_CONF..."
rm -f "$RESOLV_CONF"

# Check if both required files for merge exist
if [ -f "$PRE_TAILSCALE_CONF" ] && [ -f "$BACKUP_CONF" ]; then
    echo "Merging $PRE_TAILSCALE_CONF and $BACKUP_CONF into $RESOLV_CONF..."
    cat "$PRE_TAILSCALE_CONF" "$BACKUP_CONF" > "$RESOLV_CONF"
    echo "Merge complete. New $RESOLV_CONF created."
else
    echo "Error: One or both of the required files ($PRE_TAILSCALE_CONF, $BACKUP_CONF) do not exist."
    exit 1
fi

# Final confirmation message
echo "Backup and restore process completed successfully."



FIX THIS!

Does your Unraid server really need `--accept-dns=true`? That's very rarely needed, and there's a reason that I keep the "Use Tailscale DNS" in the advanced plugin settings with a big warning message.

Advertising AND accepting routes is also puzzling on the same client.

 

I only accept DNS on machines that can't get my local DNS settings (advertised on my LAN via DHCP) - so that means only machines that are not on the LAN, like my Mobile or my Macbook or a cloud VPS.

 

BUT, I've also configured the advertised Global DNS setting in Tailscale Admin to be ONLY my LAN's DNS - exactly the same as my LAN's DHCP advertises.

 

If the Unraid machine sits on the LAN, there's no need to accept TS DNS nor routes (it's already on the LAN and using DHCP) - IMO, having those settings ON/active is generally a misconfiguration.

 

 

Edited by Espressomatic

for my testing yes. id be fine if at reboot the tailscale auto started and came up. even if dns is not set to true... sadly termail run witho ut the dns opton breaks my hostname over the vpn when using hostnames via the tailscale VPN. I will galdy retest with other settings as i'm pulling these form tailscale docs and just trying to get somethign up and working. I find it weird that even witht he tailscale overwrite that we are losing unriad rcnet1 generated and its not geting back to the sytem... 

this has more to do with both the vpn clinet and telling tailscle to use dns within its own sytm to maintain routes. (i'm trying to use hostanem controls form one lcoation to contolr anther over the internet via this... this server is the HA home that is controling the other site. so YES, in this example I require the dns option on.

While I can forgoe dns names. the issue is i run tailscale up in termainl (not the docer due to using a vm...) and the resolv config still get overwritten 

5 hours ago, EDACerton said:

Does your Unraid server really need `--accept-dns=true`? That's very rarely needed, and there's a reason that I keep the "Use Tailscale DNS" in the advanced plugin settings with a big warning message.


yes... issues for me... WHiel Host is fixed as tailscale data is never added... I lose dns ovef the vpn... so still the same...

 

image.thumb.png.33ef1a94dfbe2b8c6f0aa8fbc4f329e4.png


Before i run my scirpt to fix and setup my enviroment... at reboot...

run the comand lsoing the dns option:
 

tailscale up --accept-routes --advertise-routes=192.168.2.0/24

 

root@Docker:~# tailscale up --accept-routes --advertise-routes=192.168.2.0/24
Warning: UDP GRO forwarding is suboptimally configured on shim-br0, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro
Error: changing settings via 'tailscale up' requires mentioning all
non-default flags. To proceed, either re-run your command with --reset or
use the command below to explicitly mention the current value of
all non-default settings:

        tailscale up --accept-routes --advertise-routes=192.168.2.0/24 --accept-dns=false

root@Docker:~# tailscale up --accept-routes --advertise-routes=192.168.2.0/24 --accept-dns=false
Warning: UDP GRO forwarding is suboptimally configured on shim-br0, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro
root@Docker:~# cat /etc/resolv.conf
# Generated by rc.inet1
nameserver 192.168.2.3
nameserver 192.168.2.1
nameserver 8.8.8.8
root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf
resolv.conf       resolv.conf.head  resolv.conf.tail  
root@Docker:~# cat /etc/resolv.conf

 but now i lose my abilt to use dns and host name over the VPN...

 

Edited by bmartino1
Data - wrong screen shot

I'm going to suggest that you have some significant misconfiguration leading to the issues you're seeing. Hopefully EDA can sort you out.

 

Aside from Tailscale, my other question is why are you using/advertising local private and public DNS at the same time? 192 and 8.8.8.8?

 

 

Edited by Espressomatic

10 hours ago, Espressomatic said:

I'm going to suggest that you have some significant misconfiguration leading to the issues you're seeing. Hopefully EDA can sort you out.

 

Aside from Tailscale, my other question is why are you using/advertising local private and public DNS at the same time? 192 and 8.8.8.8?

 

 

all form the tailscale docs. I've been Very clear in what went wrong where and how to reproduce. The issue is trying to get fqdn / hostname and dns over the tailscale vpn. to do that you need the --accept-dns option ...

the 192 is my dns server, my gateway and a googles public dns IP. this is set in unraid web ui and made by rc.net ...

the issue is that when that setting is called and active the plugin is making a backup of the rc.1 resolv.conf and that unraid makes and this plugin kills the resolv.confg at the host level which cascade into issue as they deleted the host dns network data...

the plugin should not be writing into /etc/resolv.conf or at the very least be echoing back the data from the backup file into the resovl config to no lose host level dns...

the proper use of the resolv.conf should be writing that into the resolf.conf.tail to load at the end and not interfere with unraids resovl.conf AT ALL!

This is entiely the plugin issue...

Edited by bmartino1
typo

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.