[Plugin] Tailscale

[EDACerton]

8 minutes ago, Laov said:

How do you remove or change advertised subnets?

https://tailscale.com/kb/1080/cli#set

[john_smith]

On 12/30/2023 at 3:54 PM, EDACerton said:

I can’t do much with this information… it’s too vague for me to help. 
 

What are you trying to connect to? WebGUI? SMB? Docker containers?

 

Can you post plugin diagnostics? (See the pinned post.)

fair enough - it turns out my issue was actually just a general misunderstanding of how tailscale works. My setup was up and running correctly turns out, but i did not understand how to access the resource i wanted to access.

 

thanks for the reply

[ralop]

So what is the difference between EDACerton`s plugin and dsmith44`s plugin?

[biohazard32]

I was having a very similar problem to letum00 and adaughe2.  Can't access the Unraid web UI via the Tailscale FQDN.  I figured out that adding in the Tailscale TLD as the domain Unraid is running under (Settings > Management Access > Loacl TLD == my-domain.ts.net) fixed the issue.  I don't love this as it means I can't access via a PC not running Tailscale anymore.  No, I did not have any subnets setup.

 

Any idea why Unraid is binding specifically to the hostname specified in the settings page?  Is it doing some kind of hostname validation on the incoming HTTP request?

 

edit: I'm pretty sure I'm actually hitting this bug -

 

Edited January 2 by biohazard32
clarifying subnets

[sir_storealot]

1 minute ago, K1LLA_KING_KING said:

Im try to set up tailscale plugin as exit node. I have been able to get sunbets advertised but not exit node. What do i need to do in terminal or plugin settings?

 

 

Hi, here is what worked for me:

1. Go to your unraid, settings, tailscale
2. in the first tab, you will see your account name, and "viewing" next to it
3. click on the "viewing" and "sign in to confirm identity" (it could be that the client you are using needs to be connected to tailscale too, but I believe it's not necessary)
4. once you re-authentice, you will be taken to a new settings page, where you can change exit node and routing stuff

 

There is no need to go into the CLI at all, you can do it all from the GUI

 

Hope this helps!

[sir_storealot]

@EDACerton This plugin is simply amazing. Thank you so much, truly unbelievable how smooth everything works! 🤩

 

I have a suggestion though, it would be nice to have some quick tailnet status card on the unraid dashboard, showing connection status, exit node status, number of clients etc.. If course no idea how difficult that is, and it works perfectly without it, but my inner geek would really like this 😂

[EDACerton]

On 1/1/2024 at 10:16 AM, adaughe2 said:

I think I may be missing something here. I have the plugin installed. All works great except I can't talk to my VMs or access the web gui when using the plugin as an exit node. Also, I'm not able to talk to any docker containers in host mode.. bridge mode containers work find. Any suggestions are greatly appreciated!

Morty-tailscale-diag-20240101-101809.zip 204.63 kB · 1 download

 

On 1/1/2024 at 10:16 AM, letum00 said:

I am having a similar problem as the last poster. I can connect to my tailnet and access everything hosted on the server EXCEPT the webgui and any dockers in host mode. I notice when I look at my Interface Extra there's a route in the list for tailscale1 but it's specifically ipv6. Is this the intended behavior? Should there not be an ipv4 route?

Tower-tailscale-diag-20240101-100134.zip 224.87 kB · 1 download

I looked at both of these diagnostics, and I don't see anything immediately problematic, but I'm wondering if there is something weird related to having both of the following be true:

• Tailscale running as exit node
• Unraid Connect configured

What address are you trying to use to access your resources over Tailscale? The local IP / Tailscale IP / Tailscale name?

[EDACerton]

19 hours ago, biohazard32 said:

I was having a very similar problem to letum00 and adaughe2.  Can't access the Unraid web UI via the Tailscale FQDN.  I figured out that adding in the Tailscale TLD as the domain Unraid is running under (Settings > Management Access > Loacl TLD == my-domain.ts.net) fixed the issue.  I don't love this as it means I can't access via a PC not running Tailscale anymore.  No, I did not have any subnets setup.

 

Any idea why Unraid is binding specifically to the hostname specified in the settings page?  Is it doing some kind of hostname validation on the incoming HTTP request?

 

edit: I'm pretty sure I'm actually hitting this bug -

 

You're not running into that bug, the plugin handles that configuration automatically.

 

Are you using HTTPS? If so, this is by design per the Unraid settings:

 

Quote

If Use SSL/TLS is set to Yes, you will be redirected to https://<server-ip-address> or https://<server-name>.<localTLD>

 

You should always be able to use an IP address, though.

[EDACerton]

14 hours ago, sir_storealot said:

@EDACerton This plugin is simply amazing. Thank you so much, truly unbelievable how smooth everything works! 🤩

 

I have a suggestion though, it would be nice to have some quick tailnet status card on the unraid dashboard, showing connection status, exit node status, number of clients etc.. If course no idea how difficult that is, and it works perfectly without it, but my inner geek would really like this 😂

I have this prototyped locally, it might not make the next update but will be soon

[EDACerton]

On 12/29/2023 at 9:03 AM, jquery said:

I understand! Thanks for all your work! 
 

the reason I need this functionality is because I have multiple tailscale clients that I want to forward ports to, so that they can all accept direct connections.

An option to change the port will be available in the next update.

[EDACerton]

On 1/1/2024 at 3:47 PM, ralop said:

So what is the difference between EDACerton`s plugin and dsmith44`s plugin?

The key difference is that this is a plugin that runs within the Unraid OS, while dsmith44's version is a docker container.

 

Since a plugin runs in the OS itself, it do things that the docker container can't, like:

• Run while the array is stopped
• Add a configuration section to the Unraid WebGUI
• Add the Tailscale interfaces as "listening" interfaces for WebGUI/SMB/etc.
• Restart Unraid services when needed (for example, when Tailscale connects / logs in)
• Send notifications via Unraid

For what it's worth, dsmith44 recommends that folks use the plugin unless there's a specific need to run in a docker container (this can be relevant for complex docker networking scenarios).

[letum00]

9 hours ago, EDACerton said:

 

I looked at both of these diagnostics, and I don't see anything immediately problematic, but I'm wondering if there is something weird related to having both of the following be true:

• Tailscale running as exit node
• Unraid Connect configured

What address are you trying to use to access your resources over Tailscale? The local IP / Tailscale IP / Tailscale name?

 

Thank you, I appreciate you looking into it.

 

I tried removing connect first with no change.  I have the same result whether exit node is enabled or not, as well. Also, no matter what way I try connecting, via local IP, Tailscale IP, or dns name I still cannot connect to anything hosted on the server IP.

 

What's funny is I have the opposite problem with wireguard. I can't get out, only have access to internal resources which is the whole reason I'm trying Tailscale. 

[oxyg3n]

Hello dear friends,

 

So, my problems are like this : installed the plugin, i can see the device in admin page and windows client, but that's about all i can do. No GUI access, no SMB. Don't care so much for now to access docker, only GUI and shares.

 

Tried the default installation and the subnet and exit server commands, same thing, nothing changed. 

 

tailscale status returns : 100.xxx.xx.xx   wltd    oxyg3n@   linux   idle; offers exit node

 

Even with default installation, or the subnet + exit node, i can still access the GUI with the usual website, pointed at my servers public IP.

WLTD-tailscale-diag-20240104-213659.zip

[VampyreVK]

I am having the same issue as letum00, adaughe2, and biohazard32. I am switching from the docker container to the plugin, and I am able to access everything on my local subnet, such as other devices from within Tailscale, but not the main Unraid server GUI whichever way I go about it(the local IP:192.168.0.6, the Tailscale IP, the hostname, or the Unraid connect url). I cannot access anything running as a port under that main IP either (192.168.0.6:8989 etc.). VM's or other devices on the network with a different assigned IP work just fine, but anything under that 0.6 ip address is unable to connect from Tailscale.

VivNAS-tailscale-diag-20240103-191059.zip

[plantsandbinary]

I cannot  for the life of me get Tailscale to give me access to my Samba share outside of my network.

 

1. I have Tailscale installed on both my laptop and my Unraid server.

2. I have normal samba shares on my Unraid

3. I have set these to Export > Yes, with a username and password

4. When trying to map the network drive, using IP address or DNS I am always getting the below error

5. I have not been able to make this work via the Tailscale Docker app or now using the Tailscale Unraid Plugin

 

The error I get is either the below one or "Windows requires a share to publish to". It has never worked even once.

 

Can someone please help me get this working?

[plantsandbinary]

Here's some more screenshots of the setup. Am I missing some settings or something somewhere?

[plantsandbinary]

Sorry for triple posting but I just noticed that in this case tailscale1 seems to be given an IPv6 address but no IPv4 address. I am obviously trying to connect via "\\IPv4\sharename" and I don't even have IPv6 enabled on my router. I'm not at home and can't shut down docker (without losing access) but I see in network it says IPv4 + IPv6. I'll change it to IPv4 only and report back, I hope it is as simple as that, otherwise I still need help.

 

EDIT: I disabled IPv6 and chose only IPv4 and it's still listing an IPv6 route in the table at the bottom image... So I still need help.

 

 

Can someone also please confirm if we need to do this really ugly 'go' fix too?

 

Edited January 5 by plantsandbinary

[bmpreston]

On 12/31/2023 at 3:46 PM, EDACerton said:

Please provide plugin diagnostics. 

Please see attached.

 

Thank you!

Plexxer-tailscale-diag-20240106-114108.zip

[EDACerton]

On 1/5/2024 at 6:12 AM, plantsandbinary said:

Sorry for triple posting but I just noticed that in this case tailscale1 seems to be given an IPv6 address but no IPv4 address. I am obviously trying to connect via "\\IPv4\sharename" and I don't even have IPv6 enabled on my router. I'm not at home and can't shut down docker (without losing access) but I see in network it says IPv4 + IPv6. I'll change it to IPv4 only and report back, I hope it is as simple as that, otherwise I still need help.

 

EDIT: I disabled IPv6 and chose only IPv4 and it's still listing an IPv6 route in the table at the bottom image... So I still need help.

 

 

Can someone also please confirm if we need to do this really ugly 'go' fix too?

 

The most useful thing to provide is diagnostics from inside the plugin. To answer your specific questions:

• You do not need to do the "go" fix from that other thread, that is only for users running the docker container. The plugin handles service restarts / extra interfaces / etc. for you.
• The missing IPv4 address is normal. Linux has policy routing, and most Tailscale routes don't show up in the one shown by the WebGUI.

One quick thing to check -- make certain that NetBIOS is turned off in your SMB settings on Unraid. If NetBIOS is turned on, SMB won't work over Tailscale.

[EDACerton]

18 hours ago, bmpreston said:

Please see attached.

 

Thank you!

Plexxer-tailscale-diag-20240106-114108.zip 194.67 kB · 1 download

I noticed two things from this:

1. You still have the code for the docker container in your Go file... you'll probably want to remove that at some point, but I don't think it's a big deal.
2. I looked at your Tailscale log, and I don't see any inbound traffic to either port 80 or 444 (where your WebGUI is). This would suggest to me that the problem is either with the device trying to make the connection, or with your Tailscale policy.

[EDACerton]

On 1/4/2024 at 10:31 PM, VampyreVK said:

I am having the same issue as letum00, adaughe2, and biohazard32. I am switching from the docker container to the plugin, and I am able to access everything on my local subnet, such as other devices from within Tailscale, but not the main Unraid server GUI whichever way I go about it(the local IP:192.168.0.6, the Tailscale IP, the hostname, or the Unraid connect url). I cannot access anything running as a port under that main IP either (192.168.0.6:8989 etc.). VM's or other devices on the network with a different assigned IP work just fine, but anything under that 0.6 ip address is unable to connect from Tailscale.

VivNAS-tailscale-diag-20240103-191059.zip 235.82 kB · 0 downloads

• You're advertising 0.0.0.0/24 as a route, which is weird. You're also advertising as an exit node (0.0.0.0/0), which is more normal. I'd remove that 0.0.0.0/24, it won't do anything good and could only cause problems.
• Unless you have a good reason to have "Use Tailscale Subnets" turned on in the plugin settings, I'd turn that off -- it generally causes more problems than it solves for Unraid installs.

[tmchow]

I've had tailscale running on my unraid server for awhile now, but have been using some script method I found way back. 

 

#!/bin/bash
set -x

# check latest version against what's installed
VER=$(curl -sL https://api.github.com/repos/tailscale/tailscale/releases/latest |  jq -r ".tag_name" | cut -c 2-)
if [ "$VER" = "$(tailscale version | head -n1)" ]; then
    echo "$VER already installed, exiting..."
    exit 0
fi

# download latest version, restart daemon
echo "New version $VER available. Grabbing..."
curl -fsSL -o /boot/config/tailscale/tailscale_static.tgz "https://pkgs.tailscale.com/stable/tailscale_${VER}_amd64.tgz"
if [ $? -eq 0 ]; then
    pkill tailscaled
    sleep 1
    /usr/sbin/tailscaled -cleanup
    bash /boot/config/tailscale/install.sh
    bash /boot/config/tailscale/start.sh
fi

 

 

I just noticed this plugin.. is this the recommended way to go vs rolling my own thing with this script? I cannot remember for the life of me why that script was recommended...perhaps before a plugin was created?

Edited January 7 by tmchow

[EDACerton]

2 hours ago, tmchow said:

I've had tailscale running on my unraid server for awhile now, but have been using some script method I found way back. 

 

#!/bin/bash
set -x

# check latest version against what's installed
VER=$(curl -sL https://api.github.com/repos/tailscale/tailscale/releases/latest |  jq -r ".tag_name" | cut -c 2-)
if [ "$VER" = "$(tailscale version | head -n1)" ]; then
    echo "$VER already installed, exiting..."
    exit 0
fi

# download latest version, restart daemon
echo "New version $VER available. Grabbing..."
curl -fsSL -o /boot/config/tailscale/tailscale_static.tgz "https://pkgs.tailscale.com/stable/tailscale_${VER}_amd64.tgz"
if [ $? -eq 0 ]; then
    pkill tailscaled
    sleep 1
    /usr/sbin/tailscaled -cleanup
    bash /boot/config/tailscale/install.sh
    bash /boot/config/tailscale/start.sh
fi

 

 

I just noticed this plugin.. is this the recommended way to go vs rolling my own thing with this script? I cannot remember for the life of me why that script was recommended...perhaps before a plugin was created?

The script was created before the plugin.

 

You would be better off using the plugin now; that script is out of date and won’t work with newer Unraid versions. (You can make it work with extra steps, but the plugin solves all of that for you, and will solve future problems too  )

[oxyg3n]

On 1/4/2024 at 9:51 PM, oxyg3n said:

Hello dear friends,

 

So, my problems are like this : installed the plugin, i can see the device in admin page and windows client, but that's about all i can do. No GUI access, no SMB. Don't care so much for now to access docker, only GUI and shares.

 

Tried the default installation and the subnet and exit server commands, same thing, nothing changed. 

 

tailscale status returns : 100.xxx.xx.xx   wltd    oxyg3n@   linux   idle; offers exit node

 

Even with default installation, or the subnet + exit node, i can still access the GUI with the usual website, pointed at my servers public IP.

WLTD-tailscale-diag-20240104-213659.zip 111.95 kB · 0 downloads

 

Can you take a look?

 

Thank you.

[mich2k]

Hello

I ve been using this plugin for 2-3 weeks now and everything worked great

now (due to my isp rules) i had to switch my lan from 10.0.5.0/24 to 192.168.1.0/24 and now the subnet router (with the --advised-routes changed & everything) is working only for host & vms meanwhile all containers (in br0) are not reachable

I was reading that this IS expected behavior (and wondering how did work before actually..)

Is actually how should be? Containers are not included?

Thanks