[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Like

4 reactions

Go to this post
emrepolat7 Rookie

emrepolat7

Posted
Posted
On 7/7/2023 at 7:19 PM, SensibleSalmon said:

Is there any way to pass a login_server param to the underlying tailscale daemon? I'm trying to link my unraid host to my headscale instance. (Docs here). I didn't see anything in the plugin settings.

 

On 7/7/2023 at 8:30 PM, EDACerton said:

In concept, it’s possible to add that feature, but I can’t currently test that. Are you on Discord at all? If so, ping me there (@edacerton) and we can chat. 

 

I really like using your plugin with tailscale. Thanks very much for the plugin.

Since headscale is almost the self-hosted version of tailscale, I prefer to use headscale instead of tailscale.

Are you planning to add this feature?
if so, is there any progress for this feature?

Link to comment
  • Replies 726
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

Posted Images

bthoven Rookie

bthoven

Posted
Posted
3 hours ago, emrepolat7 said:

 

 

I really like using your plugin with tailscale. Thanks very much for the plugin.

Since headscale is almost the self-hosted version of tailscale, I prefer to use headscale instead of tailscale.

Are you planning to add this feature?
if so, is there any progress for this feature?

You can do it with the current tailscale version by 

0. install tailscale plugin on your unraid server

1. go into your unraid console and enter this command 

tailscale up --login-server=https://headscale.yourdomain.com --accept-dns=false

it will give you this result

To authenticate, visit:

 

     https://headscale.yourdomain.com/register/nodekey:5967f578ac……dc937a4757b6e164707a28f1c3a95ea0a

2. open the generated url link in your browser, it will generate a headscale command with key for you to register your unraid server with your headscale server

3. enter into your headscale docker console, copy and paste the generated headscale command in step 2 , but before pressing enter, change the username in the command to your own one then press enter, and you are done; your unraid tailscale node is now registered and connected with your headscale server. You may want to change some other settings in tailscale too.

  • Thanks 1
Link to comment
kmwoley Rookie

kmwoley

Posted
Posted

If it's helpful for folks, here's what it took for me to stop the WebGUI/nginx crashes and enabled tailnet access to my macvlan docker containers.

 

Background: I'm on unraid version 6.12.4. I had (and have) Wireguard working great. I could reach my local network, all of my Docker containers (those with host networks and those with macvlan), etc. etc.

 

In order to get the Tailscale plugin to work the same as Wireguard I had to make the following changes:

 

1) As advised in the release notes, I changed my macvlan network & Docker settings so that they use the eth0.X interfaces instead of the br0.X interfaces. To do this, you'll need to update your network configuration to disable bridging and update your Docker configuration to allow the host to access custom networks. This config will enable macvlan, but move the interface to eth0. I recommend stopping your array and making both changes at the same time; if you do that, it *should* automatically update all of your docker containers with the right config. I did it in two steps, which meant I had to go manually change the network config of all of my Docker containers to get them to restart.

 

2) As you'd expect, I needed to use the command line to advertise the routes I wanted my remotes to connect to: 

tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.10.0/24,192.168.20.0/24,192.168.60.0/24 --accept-dns=false

 

3) In the Tailscale Plugin settings, I needed to set "Enable IP Forwarding" and "Unraid services listen on Tailscale IP" to Yes.

 

4) On the Tailscale WebUI Admin, configure the server to allow the subnet routing.

 

The most important bit was step #1. Without it, I could not reach my Docker containers that were on their own IP addresses. And this change also appears to have solved the WebGUI crashing that others have reported. It's been stable now for 12 hours; I'll report back if I see a change.

 

HTH

  • Thanks 2
Link to comment
lory995 Noob

lory995

Posted
Posted (edited)
On 10/21/2023 at 5:13 AM, bthoven said:

Just install the plugin and I can no longer access the unraid webui. After safely reboot my unraid by a command line 

powerdown -r

, my dashboard was up, but the plugin somehow crashed the webui again later. Gave up and remove the plugin.

Unraid 6.12.4.

I have the same problem since i updated to last version 1.50. I neved had this kind of problem with any other version. I know i should post a diagnosis but i can't do that without the GUI...

On 10/21/2023 at 7:57 PM, PlanetDyna said:

Is it normal that I can only reach my Unraid server via Tailscale Plugin with the Tailscale IP 100.x.x.x?

Mmmh i could say yes. I had the same exact behavior, but it never caused me a problem ( until the GUI crisis ) so i didn't cared at all. If you look around you are gonna find something to make it work again for sure

 

On 10/21/2023 at 5:48 AM, kmwoley said:

If it's helpful for folks, here's what it took for me to stop the WebGUI/nginx crashes and enabled tailnet access to my macvlan docker containers.

 

Background: I'm on unraid version 6.12.4. I had (and have) Wireguard working great. I could reach my local network, all of my Docker containers (those with host networks and those with macvlan), etc. etc.

 

In order to get the Tailscale plugin to work the same as Wireguard I had to make the following changes:

 

1) As advised in the release notes, I changed my macvlan network & Docker settings so that they use the eth0.X interfaces instead of the br0.X interfaces. To do this, you'll need to update your network configuration to disable bridging and update your Docker configuration to allow the host to access custom networks. This config will enable macvlan, but move the interface to eth0. I recommend stopping your array and making both changes at the same time; if you do that, it *should* automatically update all of your docker containers with the right config. I did it in two steps, which meant I had to go manually change the network config of all of my Docker containers to get them to restart.

 

2) As you'd expect, I needed to use the command line to advertise the routes I wanted my remotes to connect to: 

tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.10.0/24,192.168.20.0/24,192.168.60.0/24 --accept-dns=false

 

3) In the Tailscale Plugin settings, I needed to set "Enable IP Forwarding" and "Unraid services listen on Tailscale IP" to Yes.

 

4) On the Tailscale WebUI Admin, configure the server to allow the subnet routing.

 

The most important bit was step #1. Without it, I could not reach my Docker containers that were on their own IP addresses. And this change also appears to have solved the WebGUI crashing that others have reported. It's been stable now for 12 hours; I'll report back if I see a change.

 

HTH

Thank you very much, i'm gonna try sooner or later to make it work again. 

Edited by lory995
Link to comment
manolodf Explorer

manolodf

Posted
Posted (edited)

I am on Unraid 6.9.2 and began using the plugin, I followed the directions to advertise subnets (via Terminal ran: tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.0.0/24,192.168.1.0/24) , and everything seemed to be working just fine.  After leaving it alone and being satisfied with being able to access my local subnet (192.168.0.x) while remotely, and also being able to use my NAS as an exit node, I thought the job was done. 

What I was not expecting though is that few minutes later all of a sudden my unraid was without internet, i could not access any dockers GUI, access the Unraid GUI, and also my router seemed to not be seeing it online at all.  

I physically powered down the unraid, then I powered it back up thinking maybe it was an anomaly, sure enough it comes back up, my router sees my unraid, and few minutes later I am able to get into Unraid GUI, and the dockers and VMs come back up. 

 

This time a bit more nervous I just wait to see if everything is fine, and sure enough maybe 20 minutes later the same thing happens, the unraid loses all internet from the looks for things (I tried accessing it with hostname, my local IP, via tailscale IP, through tailscale, through local network, all to no avail) 

 

So now I am here asking for suggestions, help, or any tips of what could be causing it.    Here are my settings:

2035889306_Screenshot2023-10-24at4_15_15PM.thumb.png.f0c5fbdeed1e0b57166ac180183f56c0.png

 

Those were the settings when the issues repeatedly took place.  Since then I have just now turned off the exit node, and also set the top two to "No" t see if that changes anything.  I also turned off the subnets for now on Tailscale webGUI just in case. 

Is there anything that stands out that I may ned to change?  

 

I have not twaked any of these in a long long time but here are my unraid Network Settings

image.thumb.png.b710a018bfbb7308f06d9d58a424408f.png

 

TIA for any help!

Update1:
With above modifications, turning off the listen on tailscale ip, and forward ip, as well as exit node disabled, and subnets disabled I have about 50min uptime, that is far more than after my reboot.  I will try to make one modification per hour and see how I fare to see if I can pinpoint what is causing the crash/loss of internet issue. 


I also attached diagnostics.

Update2: 
I have advertised subnets back without an issue so I am now able to access my dockers with the local IPs when I am on tailscale.  So far the system has been stable.   About an hour up.  
Remaining to test is the exit node, as well as the Tailscale IP and Forward IP settings.  Those will come next, and I have a feeling it may be the exit node that was causing the system crash/offline issue. 



 

Tower-tailscale-diag-20231024-165630.zip

Edited by manolodf
Update2
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
On 10/21/2023 at 1:57 PM, PlanetDyna said:

Is it normal that I can only reach my Unraid server via Tailscale Plugin with the Tailscale IP 100.x.x.x?

This usually seems to be related to having the “Use tailscale subnets” setting turned on, especially if there’s another device that’s advertising the local network. 

Link to comment
manolodf Explorer

manolodf

Posted
Posted (edited)
3 hours ago, EDACerton said:
I’m glad that you’re making progress on figuring out what’s happening. It’s very unusual to see issues that long after Tailscale comes up… normally, connectivity problems are fairly immediate.  I’ll take a look at your diagnostics later on to see if I spot anything interesting. 


I had to leave the house so I couldn’t risk a tweak but I will continue when I get back. Do you recommend going for the exit node theory out the gate or try the toggles first?

I planned on the exit node first, waiting then enabling on webgui if simply enabling did not cause the issue. Then after enabling, having an active session giving each one time to fail.

If you have tips on the order I am all ears


Sent from my iPhone using Tapatalk

Edited by manolodf
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted

Related to the WebGUI crashes, a request:

 

If you’re seeing the WebGUI crashes and are comfortable with working in SSH, please send me a message. I would like to have folks who are having the problem run some commands manually so that I can hopefully figure out what’s going on. 
 

(I was going to add additional diagnostics to the next plugin update, but when I tested that, the WebGUI generated so much data that I’m concerned that it would cause problems for working installs.)

  • Like 2
Link to comment
manolodf Explorer

manolodf

Posted
Posted

One other thing I notice is in Unraid GUI, when I go to plugin settings, sometimes I see the nice presentation that shows your IP, email, like this:

1121537695_Screenshot2023-10-24at9_42_39PM.thumb.png.2f1fcfa2a74149eb1f05dc89cfa60adb.png

 

yet sometimes, I would say after a while or most of the time it shows it like this, so one does not have that Advertise as Exit Node Button, or logoff button:

1525143638_Screenshot2023-10-25at11_11_00AM.thumb.png.5172dd09c9f666ad4192e87e7dd527bc.png

 

Is that normal behavior?  Not sure if I can pinpoint when that got triggered, because I even have tailscale down currently.

image.thumb.png.3d4f949a30a6c6a1a0c7104b8362a213.png

Link to comment
kiwijunglist Rookie

kiwijunglist

Posted
Posted

Hi

 

I just installed tailscale plugin and I can no longer access the unraid gui (Unraid version 6.11.5)

I can still access all my local dockers and I can access the server via SSH.

The tailscale plugin breaks access to the unraid GUI via both the local url and the myunraid.net.

 

Is there an SSH command to disable tailscale plugin?

 

Do you want any particular logs for this problem.

 

(Of note I am using dynamic remote access for unraid connect)

 

Thanks

Link to comment
kiwijunglist Rookie

kiwijunglist

Posted
Posted
On 10/9/2023 at 3:12 AM, Laov said:

I had a similar issue as well when my internet connection went down. Could no longer access Unraid managment from my local network via: 

https://192-168-0-10.HASH.myunraid.net/

For now I disabled Use SSL/TLS: STRICT in hopes that I will be able to access it via local ip if internet goes down again...

Though I doubt it is specifically related to tailscale...

 

This might be my issue as well.

Link to comment
Tichael Noob

Tichael

Posted
Posted (edited)
On 10/15/2023 at 8:59 PM, EDACerton said:

If you can grab two things, that would be wonderful:

 

1. Diagnostics from inside the plugin settings (go to the help tab)

 

2. A copy of /etc/rc.d/rc.nginx

Hi, sorry for the delay, I was in vacation (and apparently, the forum doesn't send email notification? or it's just a setting on my account). Anyway, I collected the diagnostics you asked for before and after starting the array, so you can maybe see more easily what's going on.

 

I also want to say that I am using macvlan, although maybe I don't need to anymore, I would have to check to be sure. I did set it up as said in the 6.12.4 release notes, but it didn't fix the issue. My friend is also using macvlan.

 

EDIT: I switched to ipvlan instead and rebooted. When I start the array, I get the exact same issue where NGINX crashes. I created a new diagnostic file from Tailscale.

 

tailscale_diag_before-array-start.zip tailscale_diag_after-array-start.zip tailscale_diat_ipvlan.zip

Edited by Tichael
Switched to ipvlan to test if the problem still existed.
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing