[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Like

4 reactions

Go to this post
Laov Rookie

Laov

Posted
Posted

Hello,

 

I am having trouble with taildrop. It just randomly stops working. Restarting tailscale with the restart button in the plugin settings fixes the issue. Attached diagnostics after the restart and successfull taildrop (few minutes ago failed taildrops were attempted prior to restart). If you need ones before when I can't taildrop anything I will get back to you in a few days.

 

This feature would be so nice if it was stable :( There is always that time when I need to quickly get a picture out of my phone an taildrop is the quickest answer I found. Yet I usually need to 1st restart my servers tailscale for it to start working...

DataServer-tailscale-diag-20231213-175220.zip

Link to comment
  • Replies 729
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

Posted Images

Caldorian Rookie

Caldorian

Posted
Posted

Does this plugin implementation still cause issues when you have docker containers that run on br0 with their own IP address? On my server, I have several containers (swag, pihole, etc) that I run on br0 with their own IP address. Swag in particular will need to be able to connect with other docker containers running on a custom docker network.

 

The other interesting configuration I have with my server is I have a wireguard outbound vpn setup, with a couple dockers connected to that route through it. I'm also running it all on 6.11.5 still if that matters.

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
6 hours ago, Caldorian said:

Does this plugin implementation still cause issues when you have docker containers that run on br0 with their own IP address? On my server, I have several containers (swag, pihole, etc) that I run on br0 with their own IP address. Swag in particular will need to be able to connect with other docker containers running on a custom docker network.

 

The other interesting configuration I have with my server is I have a wireguard outbound vpn setup, with a couple dockers connected to that route through it. I'm also running it all on 6.11.5 still if that matters.

It won't cause issues with docker containers running on br0.... but in its default configuration, it also won't provide any access to those containers. There are generally two solutions to make containers with their own IP accessible via Tailscale:

  1. Configure the Tailscale instance running on Unraid (or another local device) to act as a subnet router, then use the local IPs, which will get routed over Tailscale; or
  2. Configure "sidecar" Tailscale containers for the containers that have their own IPs, and join each to the tailnet.

Most people choose to do #1. It's quick and generally works well. I don't run anything on br0 networks myself, but if I did I'd probably use technique #2... it's a little more complicated to set up but I prefer to avoid using subnet routers if I don't have to.

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
9 hours ago, Laov said:

Hello,

 

I am having trouble with taildrop. It just randomly stops working. Restarting tailscale with the restart button in the plugin settings fixes the issue. Attached diagnostics after the restart and successfull taildrop (few minutes ago failed taildrops were attempted prior to restart). If you need ones before when I can't taildrop anything I will get back to you in a few days.

 

This feature would be so nice if it was stable :( There is always that time when I need to quickly get a picture out of my phone an taildrop is the quickest answer I found. Yet I usually need to 1st restart my servers tailscale for it to start working...

DataServer-tailscale-diag-20231213-175220.zip 167.93 kB · 0 downloads

I took a look at the diagnostics and don't see anything that immediately stands out to me as the issue.

I'm curious if you're somehow losing the link to the Taildrop folder when you're having trouble. The next time it fails, can you open up the console, then run this command and send me the results?

  

ls -l /var/lib/tailscale

 

Link to comment
flammable Noob

flammable

Posted
Posted

Hi @EDACerton! Thank you so much for this plugin - it was a very big reason I went with Unraid for my home server's OS.

 

In Tailscale 1.56.0, which was released today, I see they called out that 'tailscale update' is now supported on Unraid:

 

https://tailscale.com/changelog#2023-12-13-client

 

Before I script something with cron, do you have any concerns about this? I'm hoping this change takes some of the pressure off of you to provide so many regular updates to this Unraid plugin, since a one-liner (/usr/local/sbin/tailscale update --yes) would make it easy to keep Tailscale up to date.

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
15 hours ago, flammable said:

Hi @EDACerton! Thank you so much for this plugin - it was a very big reason I went with Unraid for my home server's OS.

 

In Tailscale 1.56.0, which was released today, I see they called out that 'tailscale update' is now supported on Unraid:

 

https://tailscale.com/changelog#2023-12-13-client

 

Before I script something with cron, do you have any concerns about this? I'm hoping this change takes some of the pressure off of you to provide so many regular updates to this Unraid plugin, since a one-liner (/usr/local/sbin/tailscale update --yes) would make it easy to keep Tailscale up to date.

“tailscale update” just runs the plugin updater. I still have to update the plugin before it will do anything (this is necessary because of how Unraid works). 

Link to comment
Laov Rookie

Laov

Posted
Posted
On 12/14/2023 at 3:33 AM, EDACerton said:

I took a look at the diagnostics and don't see anything that immediately stands out to me as the issue.

I'm curious if you're somehow losing the link to the Taildrop folder when you're having trouble. The next time it fails, can you open up the console, then run this command and send me the results?

  

ls -l /var/lib/tailscale

 

 

Correct me if I'm wrong but after server restart tailscale plugin would start prior to the array? It is quite natural that the taildrop folder is not accessible while unraid array is not running. And then restarting tailscale after the array is running would resolve this as the taildrop folder is now accessible? Most likely plugin does not check for taildrop folder after array stop/start. I will try in test this eventually as I find a time frame to restart my server.

Link to comment
jquery Noob

jquery

Posted
Posted (edited)

I have the tailscale plugin up and running and it works for the most part, but i can‘t access any IPs on the br0 interface.
 

I have a bunch of docker containers on the br0 interface. Accessing their IPs doesn’t work. I have already advertised the subnet and enabled it in the tailscale management interface.

 

I can access all VMs running on unraid and even the web interface of my router in my LAN. Only the IPs on the br0 interface don’t work.

 

any ideas?

 

update: I solved it myself by enabling "Host access to custom networks" in the docker settings in unraid. Is this a "dangerous" setting? The help text says that I should know what I am doing before enabling it. In which context could this setting be problematic? 

tailscale-diag-20231217-012807.zip

Edited by jquery
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
16 hours ago, jquery said:

I have the tailscale plugin up and running and it works for the most part, but i can‘t access any IPs on the br0 interface.
 

I have a bunch of docker containers on the br0 interface. Accessing their IPs doesn’t work. I have already advertised the subnet and enabled it in the tailscale management interface.

 

I can access all VMs running on unraid and even the web interface of my router in my LAN. Only the IPs on the br0 interface don’t work.

 

any ideas?

 

update: I solved it myself by enabling "Host access to custom networks" in the docker settings in unraid. Is this a "dangerous" setting? The help text says that I should know what I am doing before enabling it. In which context could this setting be problematic? 

tailscale-diag-20231217-012807.zip 129.68 kB · 0 downloads

That setting is fine, and makes sense with what you're doing 👍

Link to comment
chucktu Noob

chucktu

Posted
Posted

Hello, Tailscale newbie here - I am trying to use Tailscale to access a computer that will be in a remote location running Unraid and map a share from that machine to a Windows 11 computer at my house.  While they're both on my local network I can map the share using the local IP of the Unraid machine, but as soon as I connect to Tailscale and try to map with the Tailscale IP it no longer works.  I am able to access Plex running on the Unraid server with the Tailscale IP on it's default port but not the main Unraid page.  I know it's probably something simple but I've been trying to fix this for hours with no luck.  Can anybody help?

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
4 minutes ago, chucktu said:

Hello, Tailscale newbie here - I am trying to use Tailscale to access a computer that will be in a remote location running Unraid and map a share from that machine to a Windows 11 computer at my house.  While they're both on my local network I can map the share using the local IP of the Unraid machine, but as soon as I connect to Tailscale and try to map with the Tailscale IP it no longer works.  I am able to access Plex running on the Unraid server with the Tailscale IP on it's default port but not the main Unraid page.  I know it's probably something simple but I've been trying to fix this for hours with no luck.  Can anybody help?

Are you using the plugin or the docker version of Tailscale?

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
Just now, chucktu said:

Actually it's the docker version, I guess maybe I'm in the wrong forum for that...just saw this linked in another Tailscale thread and missed the "plugin" portion

You should uninstall the docker version and install the plugin instead… it will work much easier (even the author of the docker recommends it)

Link to comment
chucktu Noob

chucktu

Posted
Posted
4 minutes ago, EDACerton said:

You should uninstall the docker version and install the plugin instead… it will work much easier (even the author of the docker recommends it)

Thanks for the suggestion...I just did that and the issue is the same...can access Plex using Tailscale IP but can't login to Unraid using Tailscale IP or map folders

Link to comment
chucktu Noob

chucktu

Posted
Posted
9 minutes ago, Houmi said:

@chucktu

 

I believe you have to advertise routes so you can see your unraid machine.

 

Google : Unraid --advertise-routes=192.168.1.0/24

 

once you do that, then you can access anything on your unraid by using the private IP of that machine and whatever ports things are running.

Thanks, I googled that and saw it mentioned in a reddit thread...but where would I specify this with the plugin?  I am no longer using the docker version at all

Link to comment
Houmi Noob

Houmi

Posted
Posted (edited)

@chucktu

 

I don't have the plugin nor docker, but I assume once you install it on your system it should have some options or some ways to add parameters.

 

Then you go to the admin client and enable it on their website. I only tested Tailscale a while ago on a router.

 

What happens if you open a terminal on unraid (it's one of the icones on top right of your screen in Unraid), then type tailscale, maybe it installs it and it will be in the path.

 

The command would be something like this:

  

tailscale up --accept-routes --advertise-routes=192.168.1.0/24

i.e. whatever the IP of your system... like 192.168.50.x would be 192.168.50.0/24

 

Once that's done, go to the Admin client on tailscale's website, go to the settings of Unraid and make sure the routes are enabled for that particular machine.

 

Once they are enabled, you should be able to access your unraid by it's private IP from an iPhone for example if it has Tailscale enabled.

 

Edit: I am sorry I think I just described Subnet Router in this example, It's been a while since I used Tailscale.

Edited by Houmi
Link to comment
Laov Rookie

Laov

Posted
Posted (edited)
On 12/14/2023 at 3:33 AM, EDACerton said:

I took a look at the diagnostics and don't see anything that immediately stands out to me as the issue.

I'm curious if you're somehow losing the link to the Taildrop folder when you're having trouble. The next time it fails, can you open up the console, then run this command and send me the results?

  

ls -l /var/lib/tailscale

 

 

After array stop and then start Taildrop no longer works. Prior to stop taildrop was working.

Command output while not working: 

root@DataServer:~# ls -l /var/lib/tailscale
total 4
lrwxrwxrwx 1 root root  19 Dec 13 18:03 Taildrop -> /mnt/user/Exchange//
-rw------- 1 root root 209 Dec 10 23:52 tailscaled.log.conf
-rw------- 1 root root   0 Dec 19 18:32 tailscaled.log1.txt
-rw------- 1 root root   0 Dec 19 18:32 tailscaled.log2.txt
root@DataServer:~#

 

And diagnostics.

DataServer-tailscale-diag-20231219-183438.zip

 

Confirms my suspicion that once taildrop looses its share it no longer works...

 

Restarting tailscale after the array was back online got taildrop running.

 

Maybe it is somehow possible to restart tailscale each time array starts? User scripts?

Edited by Laov
Link to comment
Laov Rookie

Laov

Posted
Posted
21 hours ago, chucktu said:

Thanks for the suggestion...I just did that and the issue is the same...can access Plex using Tailscale IP but can't login to Unraid using Tailscale IP or map folders

Try changing SMB settings:

image.thumb.png.c99a27ab967bc03b1dd2c8469abaeb52.png

 

I somehow got shares to work using tailscale DNS.

 

Also make sure to enable magicdns in tailscale admin console and allow local network access in tailscale client.
image.png.24234f20e92340ee524a1588e8ec7702.png

image.png.da2d47f8f7921970941d0d9141b9e4e2.png

 

Honestly... This requires WAAAAAY more effort than it should... Considering local shares reliably work without all this hassle... And advertising your local network ip via tailscale also works.... While trying to use tailscale IP or DNS is a f-ing nightmare...

 

Also SHEER AMOUNT of weirdness I encountered while TRYING to get this to work... For example: I got assked for a certificate from trying to connect to my SMB share... This is the 1st time I ever saw a network share asking for a certificate... And I was trying to connect to a PUBLIC non password protected share... The same share that any 1 can access from my local network... I had a few issues that unraid asks for user and password for a public share but a certificate? Damn... I clicked cancel on the certificate selection and then got promted for user and password... Well OK I typed my shares details... Invalid password... I checked my password, used it in another PC to check if it is the right for this share user... Everything works... Yet TAILSCALE manages to surprise me... I gave up. Went to restart tailscale for above taildrop tests switched SMB Multi channel to Yes. And it worked... Why? I have no idea... It might be related to using my phones internet via hotspot for a more accurate test then running tailscale on my local network which already has stable and working SMB access to my server... All in all... Proceed at your own risk... I still plan to advertise my local network for printers and a backup access but that is just due to Tailscale failing to be stable...

Link to comment
Sett-home Noob

Sett-home

Posted
Posted
15 hours ago, Laov said:

Try changing SMB settings:

image.thumb.png.c99a27ab967bc03b1dd2c8469abaeb52.png

 

I somehow got shares to work using tailscale DNS.

 

Also make sure to enable magicdns in tailscale admin console and allow local network access in tailscale client.
image.png.24234f20e92340ee524a1588e8ec7702.png

image.png.da2d47f8f7921970941d0d9141b9e4e2.png

 

Honestly... This requires WAAAAAY more effort than it should... Considering local shares reliably work without all this hassle... And advertising your local network ip via tailscale also works.... While trying to use tailscale IP or DNS is a f-ing nightmare...

 

Also SHEER AMOUNT of weirdness I encountered while TRYING to get this to work... For example: I got assked for a certificate from trying to connect to my SMB share... This is the 1st time I ever saw a network share asking for a certificate... And I was trying to connect to a PUBLIC non password protected share... The same share that any 1 can access from my local network... I had a few issues that unraid asks for user and password for a public share but a certificate? Damn... I clicked cancel on the certificate selection and then got promted for user and password... Well OK I typed my shares details... Invalid password... I checked my password, used it in another PC to check if it is the right for this share user... Everything works... Yet TAILSCALE manages to surprise me... I gave up. Went to restart tailscale for above taildrop tests switched SMB Multi channel to Yes. And it worked... Why? I have no idea... It might be related to using my phones internet via hotspot for a more accurate test then running tailscale on my local network which already has stable and working SMB access to my server... All in all... Proceed at your own risk... I still plan to advertise my local network for printers and a backup access but that is just due to Tailscale failing to be stable...

It sounds like you unfortunately had a way worse time than you needed to with this.

431e34bd9da5d97dc2960f583a3b292d.png

These were really the only settings you had to tinker with, the rest was in the Unraid command line, atleast for me, to tell tailscale what subnet ip ranges it needed to look for on the network the unraid device is on. In my case for example most of the devices I needed access to were on 192.168.1.0/24. If I wanted say, my network switch it might want to be 10.28.50.0/24 as well. And then log into my admin console in Tailscale to tell it to route those ips to everything in the tailnet. Granted I also use it as an exit node, so maybe it was a bit easier for me. But it was largely plug and play for me.

Link to comment
Laov Rookie

Laov

Posted
Posted
8 hours ago, Sett-home said:

It sounds like you unfortunately had a way worse time than you needed to with this.

431e34bd9da5d97dc2960f583a3b292d.png

These were really the only settings you had to tinker with, the rest was in the Unraid command line, atleast for me, to tell tailscale what subnet ip ranges it needed to look for on the network the unraid device is on. In my case for example most of the devices I needed access to were on 192.168.1.0/24. If I wanted say, my network switch it might want to be 10.28.50.0/24 as well. And then log into my admin console in Tailscale to tell it to route those ips to everything in the tailnet. Granted I also use it as an exit node, so maybe it was a bit easier for me. But it was largely plug and play for me.

I doubt you read my post to the end... I said advertising subnet works without any issues. Then you will be able to access your shares on the advertised subnet IP. Eg 192.168.1.XX. This works without ANY issue. However I wanted to use DNS. Eg: \\DataServer\Share instead of \\192.168.1.XX\Share. That was the whole point. Some weird magic happens with tailscale DNS naming x IP. Pings go through but for some reason SMB does not.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing