[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Like

4 reactions

Go to this post
  • Replies 726
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

Posted Images

bthoven Rookie

bthoven

Posted
Posted

Using tailscale on pfSense as an exit node is not reliable, most of the time other tailscale devices can't access internet when using pfSense as an exit node.
I have a debian vm on unraid for other purposes and also install tailscale as native app on it, turn it into an exit node and it works flawlessly.

Sent from my M2007J3SG using Tapatalk

Link to comment
mich2k Noob

mich2k

Posted
Posted (edited)

After further configuration and a full unraid reset the containers are not yet advertised through tailscale subnet router (I am using the custom network br0 in order to have a fixed/static ip for each container)

Now I only have tailscale installed as plugin (and community applications)

Eventually I am also full of warnings and errors from this plugin logs..

immagine.thumb.png.316b2e57b1ac28e04408f5ba6b605775.pngany help would be really appreciated thanks

 

edit:

as said before setting bridge as interface on the same ip of webgui works

 (see attached image) but i cant understand why only the webGUI and VMs get routed through tailscale and not container ips...

 

 

edit edit:

not that i know the problem I did manage to do a better job at googling and found this (

, i preivously did enable that setting and now is disabled, I cant believe the number of days I lost for that slider. Thank yall anyway and reporting this hoping someone else finds this quicker than me

HomeData-tailscale-diag-20240111-071928.zip

immagine.png

Edited by mich2k
Link to comment
Nexus Rookie

Nexus

Posted
Posted (edited)

Hey gang - how do I set my unraid server up as an exit node AND allow access over tailscale to my network? I installed the latest version of the plugin, and want to deprecate my Tailscale Docker container. 

 

Edit: I read earlier in this thread to click on VIEWIING in the settings and re-auth - but I don't have that option 

 

Edit 2: To troubleshoot, I sent to settings, Advanced view and reset tailscale. Signed in again, and nope. Still no way to re-auth. I can only view :(

Not sure if I just turn on "Use Tailscale Subnets" or not. But I want to be careful, I hosed my server on an early version of this plugin - but making another run at it since it's looks way more mature now (Great job)

Thanks 

Edited by Nexus
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
33 minutes ago, Nexus said:

Hey gang - how do I set my unraid server up as an exit node AND allow access over tailscale to my network? I installed the latest version of the plugin, and want to deprecate my Tailscale Docker container. 

 

Edit: I read earlier in this thread to click on VIEWIING in the settings and re-auth - but I don't have that option 

 

Edit 2: To troubleshoot, I sent to settings, Advanced view and reset tailscale. Signed in again, and nope. Still no way to re-auth. I can only view :(

Not sure if I just turn on "Use Tailscale Subnets" or not. But I want to be careful, I hosed my server on an early version of this plugin - but making another run at it since it's looks way more mature now (Great job)

Thanks 

I actually got stuck at the "Viewing" part when I was testing. It ended up being an issue with Tailscale on my laptop (not on Unraid), and what I had to do was re-authenticate my laptop, and then I was able to switch to the editing mode.

 

"Use Tailscale Subnets" won't do what you want... that controls outbound connections from Unraid and has nothing to do with using Unraid as a subnet router. (I've actually hidden this setting in "Advanced Mode" in the latest version of the plugin with a warning, because it can be confusing -- people think they need it [but don't] and then end up with other problems because it's turned on :( )

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted (edited)
17 minutes ago, Nexus said:

Thanks @EDACerton - I reauthenticated on my laptop, and still no joy. I tried Safari, Edge and FF (on my Mac) - I can't get past VIEWING.  I am completely stumped. 

 

Unfortunately, that side of the interface lives completely inside Tailscale, so there's not much that I can do to directly help.

 

What should happen is this:

  1. Go to Tailscale settings in Unraid.
  2. Click Viewing -> Sign In
  3. A new tab will open connected directly to your Tailscale IP.
  4. Click Viewing -> Sign In
  5. Sign in to Tailscale
  6. Editing mode becomes active

If you're not getting the new tab in step 3, you might need to check ad blockers, etc. to see if your browser is blocking it.

 

If you're getting stuck at step 4, you can try opening the Javascript console on your browser (press F12) after the new tab loads, then see if any new messages appear in the console when you try clicking the "Sign in" button.

 

You can also always use the CLI commands to set Tailscale settings from SSH or the console inside the Unraid WebGUI.

Edited by EDACerton
Link to comment
Todo88 Noob

Todo88

Posted
Posted

I was having issues with accessing the Unraid GUI. I had installed the Docker Version of Tailscale, and then removed the image and switched over to the Plugin version. I finally got it working after a bunch of tinkering so hopefully this will help others out having the same issue.

Here are my steps that got it going again:
Deleted the Tailscale Plugin

Deleted the `appdata/tailscale` folder
Rebooted server
Reinstalled Tailscale Plugin

Erased the Tailscale Configuration `Settings -> Reset Tailscale`
Removed unraid machine from the Tailscale Admin Console
Kept Tailscale settings at default (except enabled SSH)
Reauthorized unraid machine on tailscale (No exit nodes, no subnet routes, all default)

Everything's working again on my end, I can access the Unraid GUI via the Tailscale IP address and docker containers via their ports.  Not sure if this is all necessary or not but it worked for me. Hope this helps some others who are banging their head against the wall on this one.

Link to comment
Nexus Rookie

Nexus

Posted
Posted

I think you are right...as I was staring to think that the Tailscale docker I had running for so many months (it's off now) did something to my network settings on the Unraid side that may be blocking the Plugin from working. 

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
2 minutes ago, Todo88 said:

I was having issues with accessing the Unraid GUI. I had installed the Docker Version of Tailscale, and then removed the image and switched over to the Plugin version. I finally got it working after a bunch of tinkering so hopefully this will help others out having the same issue.

Here are my steps that got it going again:
Deleted the Tailscale Plugin

Deleted the `appdata/tailscale` folder
Rebooted server
Reinstalled Tailscale Plugin

Erased the Tailscale Configuration `Settings -> Reset Tailscale`
Removed unraid machine from the Tailscale Admin Console
Kept Tailscale settings at default (except enabled SSH)
Reauthorized unraid machine on tailscale (No exit nodes, no subnet routes, all default)

Everything's working again on my end, I can access the Unraid GUI via the Tailscale IP address and docker containers via their ports.  Not sure if this is all necessary or not but it worked for me. Hope this helps some others who are banging their head against the wall on this one.

Thanks for this info! Hopefully it will be of use to folks :)

Link to comment
Nexus Rookie

Nexus

Posted
Posted (edited)

Following up: I did what you did @Todo88 - and it still did not work. I even left the docker service off to ensure nothing was happening there. 

 

@EDACerton should I see entries for your plug in the Unraid network routing table? I see one for Tailscale, but not sure if that's from my docker install (that is completely removed now)

 

 

 

Update: Ok, did a complete reboot of my laptop as well, fired up Tailscale and then I saw the option to reauth. Thank you @Todo88 for the pointer and @EDACerton for your help and the plugin. 
 

Edited by Nexus
  • Like 1
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted

@oxyg3n @VampyreVK @bmpreston @letum00 @adaughe2

 

I promise that I didn't forget about all of you, it's just been a busy week for me :)

 

I looked through all of the logs, and there's nothing that immediately stands out to me as being a problem -- services are listening on the correct interfaces, etc. From everything I can see in the config files / logs, it seems like things should be working, but aren't.

 

You could try following the steps that @Todo88 mentioned a few posts ago, that seems like a good start.

 

If that doesn't work, I'm wondering if there might be some kind of routing problem that's manifesting in your setups. I noticed that all of the diagnostics show either (or both) of these things configured:

  • "Use Tailscale Subnets" set to "Yes"
  • Wireguard tunnels created with a default route

For "Use Tailscale Subnets": this setting is very rarely required, but can be a bit confusing. "Use Tailscale Subnets" tells Unraid to follow routes advertised by other devices in the tailnet. It has no effect on advertising routes from Unraid. Unless you have some need for Unraid to initiate connections to other tailnet devices (e.g., backing up files to a remote server connected via Tailscale), you're better off turning this setting off.

 

The other thing that might be useful is if someone could give me the output from this command in the Unraid console:

  

ip route show table all

 

That's not something that I currently collect in diagnostics, but might be helpful for figuring out what's happening (I will probably add this to the diagnostics in an upcoming update too).

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
5 minutes ago, Nexus said:

Following up: I did what you did @Todo88 - and it still did not work. I even left the docker service off to ensure nothing was happening there. 

 

@EDACerton should I see entries for your plug in the Unraid network routing table? I see one for Tailscale, but not sure if that's from my docker install (that is completely removed now)

The routing entries for Tailscale don't appear in the route table that is shown in the WebGUI, they're in a separate table that you can view by running this in the CLI: 

ip route show table 52

 

However, in your case I don't think that's going to have the information that you're looking for. Your questions have been about advertising your Unraid server as an exit node / subnet router. You can do that by running this in the CLI: 

tailscale set --advertise-exit-node --advertise-routes=your.network.address.here/size

The results of that won't show up in the local routing tables, but you should see the advertisements in your Tailscale admin console to approve.

  • Thanks 1
Link to comment
jquery Noob

jquery

Posted
Posted (edited)
7 hours ago, EDACerton said:

https://tailscale.com/kb/1080/cli#set

I get this error too and I don't know what to do about it. I have never used the tailscale docker container and I also don't know how the "set" command can help here.

 

If I access "tailscaleip:5252" the web interface works as expected. 

 

Thanks for implementing the option to change the port, by the way!

tailscale-diag-20240114-133830.zip

Edited by jquery
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted (edited)
4 hours ago, jquery said:

I get this error too and I don't know what to do about it. I have never used the tailscale docker container and I also don't know how the "set" command can help here.

 

If I access "tailscaleip:5252" the web interface works as expected. 

 

Thanks for implementing the option to change the port, by the way!

tailscale-diag-20240114-133830.zip 127.87 kB · 0 downloads

The tailscale web interfaces (the pages with the "Viewing" button, etc.) are entirely contained within Tailscale, so if the "Viewing" button doesn't work right I can offer advice to help understand what's happening, but ultimately can't do much to fix it. You could try checking your Javascript console when you are loading the interface in Unraid to see if anything interesting shows up. I don't have a way to collect those logs since they're actually browser logs, not Unraid logs.

 

If you can get to tailscaleip:5252 and that works, though, I probably wouldn't spend too much time worrying about it if I were you.

Edited by EDACerton
Link to comment
HHUBS Apprentice

HHUBS

Posted
Posted (edited)

I installed pfsense on a vm for testing and also install and enable tailscale on pfsense while tailscale plugin in unraid was also enable. Now the status in tailscale unraid is "Viewing Cannot access this device's Tailscale IP. Make sure you are connected to your tailnet, and that your policy file allows access". The subnet routes in tailscale unraid has been remove and can't even bring them back even if I disable tailscale in pfsense. I tried to re install tailscale plugin in unraid, re-authenticate and still not able to modify settings. How to fix this?

 

EDIT:

I fixed it by disabling subnet route of pfsense in tailscale web admin console. Then I re-authenticate again in tailscale unraid and I can finally able to change settings.

Edited by HHUBS
ADD FIXED
Link to comment
plantsandbinary Contributor

plantsandbinary

Posted
Posted
On 1/7/2024 at 5:21 PM, EDACerton said:

The most useful thing to provide is diagnostics from inside the plugin. To answer your specific questions:

  • You do not need to do the "go" fix from that other thread, that is only for users running the docker container. The plugin handles service restarts / extra interfaces / etc. for you.
  • The missing IPv4 address is normal. Linux has policy routing, and most Tailscale routes don't show up in the one shown by the WebGUI.

One quick thing to check -- make certain that NetBIOS is turned off in your SMB settings on Unraid. If NetBIOS is turned on, SMB won't work over Tailscale.

 

NETBIOS was on as it is by default. Could you please add to the Plugin info page (unless I missed it) that this needs to be OFF. To help save other people the major headache I've had to deal with.

 

Thanks <3

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
12 hours ago, plantsandbinary said:

 

NETBIOS was on as it is by default. Could you please add to the Plugin info page (unless I missed it) that this needs to be OFF. To help save other people the major headache I've had to deal with.

 

Thanks ❤️

I actually had already added an orange warning banner to the plugin settings if NetBIOS is enabled (even before your post :) ). It'll go out in the next update.

  • Like 1
Link to comment
nikoan Noob

nikoan

Posted
Posted
On 1/14/2024 at 6:03 AM, Todo88 said:

I was having issues with accessing the Unraid GUI. I had installed the Docker Version of Tailscale, and then removed the image and switched over to the Plugin version. I finally got it working after a bunch of tinkering so hopefully this will help others out having the same issue.

Here are my steps that got it going again:
Deleted the Tailscale Plugin

Deleted the `appdata/tailscale` folder
Rebooted server
Reinstalled Tailscale Plugin

Erased the Tailscale Configuration `Settings -> Reset Tailscale`
Removed unraid machine from the Tailscale Admin Console
Kept Tailscale settings at default (except enabled SSH)
Reauthorized unraid machine on tailscale (No exit nodes, no subnet routes, all default)

Everything's working again on my end, I can access the Unraid GUI via the Tailscale IP address and docker containers via their ports.  Not sure if this is all necessary or not but it worked for me. Hope this helps some others who are banging their head against the wall on this one.


 

Thank you very much for your guide. I just wanted to give feedback having just gone through your steps to fix this issue for me so that it might help others.  
 

I did all the steps you mentioned except for deleting the config and only restarted Unraid at the end. It didn’t work until I restarted Unraid, so this step seems to be required. 

  • Like 1
Link to comment
Cressio Noob

Cressio

Posted
Posted
On 1/13/2024 at 9:03 PM, Todo88 said:

I was having issues with accessing the Unraid GUI. I had installed the Docker Version of Tailscale, and then removed the image and switched over to the Plugin version. I finally got it working after a bunch of tinkering so hopefully this will help others out having the same issue.

Here are my steps that got it going again:
Deleted the Tailscale Plugin

Deleted the `appdata/tailscale` folder
Rebooted server
Reinstalled Tailscale Plugin

Erased the Tailscale Configuration `Settings -> Reset Tailscale`
Removed unraid machine from the Tailscale Admin Console
Kept Tailscale settings at default (except enabled SSH)
Reauthorized unraid machine on tailscale (No exit nodes, no subnet routes, all default)

Everything's working again on my end, I can access the Unraid GUI via the Tailscale IP address and docker containers via their ports.  Not sure if this is all necessary or not but it worked for me. Hope this helps some others who are banging their head against the wall on this one.

I *think* this worked for me. I'm a noob and have very little understanding of all of this so don't take my word for too much, it could've been dumb luck, but I had basically everything working except being able to access the Unraid GUI via subnet (I don't wanna use Tailscale IPs or device names, I want everything standardized so I can use 1 IP everywhere). Did this, and now it works. So, thanks!

  • Like 1
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted

Note: Tailscale has paused distribution of 1.58.0, so I'm pausing updates to plugin version 2024.01.18. The issue appears to be that some NAT-PMP/UPnP responses can crash tailscaled.

 

If you have already updated to that version, you don't need to do anything unless you're having issues with Tailscale crashing completely. If you have upgraded and encounter this problem, you should be able to roll back by uninstalling the Tailscale plugin and then reinstalling via community apps.

Link to comment
diste66 Noob

diste66

Posted
Posted (edited)

I just got Unraid so I suspect I'm missing something trivial but I'm unable to access it through the Tailscale IP. 

I can access unraid with the local url still but not via the tailscale one, diagnostics attached. 


The machine appears as connected in the Tailscale dashboard. 
Additionally, I have Tailscale running on the same network on a Synology NAS, in case that is somehow relevant. 

EDIT: Never mind it's working now, for reference, following the steps from Todo88's post worked for me as well. 

Tower Tailscale Diag 20240122.zip

Edited by diste66
  • Like 1
Link to comment
Myk3_ Noob

Myk3_

Posted
Posted

Not sure I am doing something right.. I can access the UnRaid server by the tailscale IP as well as the "normal" IP.. I would like to access other machines on the network, so I added the networks to the available subnets. I am still unable to access the other IPs even though they have been added and approved in the tailscale console..
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing