[Plugin] Tailscale

Raptor · March 7

Recently I have problem with some of my unraids with tailscale plugin - cant access to webUI, shares but SSH works

Some unRaids & Tailscale Plugin works fine, other stop working (except SSH) some time ago.

BK-tailscale-diag-20240307-210412.zip Lokia-tailscale-diag-20240307-205456.zip

forlorn-daughter-in-law4915 · March 8

I installed the plugin today and things are working... for the most part.
I have pihole and ngnix proxy manager set up for local dns, and my unraid dashboard runs on port 180. Ngnix dashboard runs on unraids default dashboard port 80. Pihole ip is set up as primary dns server on my router.

If i connect via tailscale through my phone i can access all my services either via ip:port or my dns entries e.g sonarr.home, except for the unraid dashboard. It works using unraid.home but not by ip:180 directly. tailscale-ip:180 does not work either.
Trying to resolve the issue as it would be nice to be able to access unraid remotely in the case where docker service is not running.

Does anyone have an idea whats wrong with my setup here? Likely its some misconfiguration on my part with nginx 🙃

Unraid-tailscale-diag-20240308-213458.zip

Edited March 9 by forlorn-daughter-in-law4915

betweenchaosandshape · March 9

Thank you for doing this. I installed the Tailscale plugin, but I can't access my Unraid server for some reason. I have my phone, my laptop, and my Unraid server logged into my Tailscale account. All three are connected and showing connected in the web console. I can ping my phone from my computer, and vice versa. But I can't ping or get to the web UI for Unraid from either device. I tried to leave all of the settings on the defaults. Not using an exit node or any subnet routes. I only want devices connected to Tailscale to be able to communicate with each other. Do you see anything obvious in the diagnostic logs that gives you an idea what I'm doing wrong?

SERENITY-tailscale-diag-20240309-072301.zip

jfr07 · March 10

On 2/4/2024 at 9:58 PM, EDACerton said:

Have you rebooted since you removed the Docker plugin? Some folks have had weird issues when switching that only cleared up after rebooting.

I've tried re-installing the plugin and rebooting, but still the following message appears:

"Viewing: Cannot access this device’s Tailscale IP. Make sure you are connected to your tailnet, and that your policy file allows access."

So far I've only successfully advertised my Unraid as Exit Node, but that's it.

Also, when I try to open [TailScale IP]:5252 in my Unraid's Firefox, it only shows 3 loading / animation dots. Is it a sign of misconfiguration?

Vault-tailscale-diag-20240310-175701.zip

CrispyFrizzles · March 14

I am losing my mind with this. I was running the docker img which stopped working a bit ago. I then saw that there was no longer support for it and that it was recommended to install the plugin, which I've done (and uninstalled the img). Now, despite advertising my unraid server as an exit-node as well as adding my subnet routes, I cannot access my local network from any other device running tailscale.

I've tried uninstalling and reinstalling the plugin several times now as well as reconfiguring each time, still nothing.

For what it's worth, here's how I configured in command line: tailscale up --accept-dns=false --advertise-exit-node --advertise-routes=10.10.30.0/24 --accept-routes=true

--------UPDATE FIXED--------

Alright, I went for broke and fixed it. In case anyone else has a similar issue, here's what I did:

Erased the plugin via the plugin's settings
Deleted the plugin
Rebooted Unraid (this honestly may have been the real fix as I did not do this after deleting the docker img i had originally been using due to the sheer inconvience of rebooting)
Reinstalled the plugin, connected to my tailscale account and disabled key expirary via the tailscale admin panel
CLI:
- ```
tailscale set --advertise-exit-node
```
  - accepted the exit node via admin panel
- ```
tailscale set --exit-node-allow-lan-access
```
  - at this point I tested it, still couldn't connect with local IP, however Tailscale IP worked to access Unraid GUI.
- ```
tailscale set --advertise-routes=10.10.30.0/24 (my subnet)
```
  - enabled the subnet route via the admin panel.
- Boom. It works.

I imagine you could probably do it all in one shot by typing

tailscale set --advertise-exit-node --exit-node-allow-lan-access --advertise-routes=[your subnet]

Hopefully this will prove of use to somone else!

Edited March 14 by CrispyFrizzles

exwebjunkie · March 15

Sorry for the newbie question.

My network is running on the 192.168.0.X network.

I have Unraid set to 192.168.0.74 (with the web UI to port 84)

All my dockers (well, most) are set with the br0 network and with dedicated IPs like 192.168.0.145 (for Sonarr for example).

I have installed this plugin - and I can connect to unraid vs the "new" IP.

I ran this command tailscale set --advertise-routes=192.168.0.0/24 and I can see in tailscale web gui that this has been accepted.

BUT - I can't see any of my dockers that are on the br0 network - I thought they would be found due to being on the subnet that I setup.

Any ideas what I need to change to make them appear so I can grab their IPs etc and connect to them?

Thank you!

CrispyFrizzles · March 15

54 minutes ago, exwebjunkie said:

Sorry for the newbie question.

My network is running on the 192.168.0.X network.

I have Unraid set to 192.168.0.74 (with the web UI to port 84)

All my dockers (well, most) are set with the br0 network and with dedicated IPs like 192.168.0.145 (for Sonarr for example).

I have installed this plugin - and I can connect to unraid vs the "new" IP.

I ran this command tailscale set --advertise-routes=192.168.0.0/24 and I can see in tailscale web gui that this has been accepted.

BUT - I can't see any of my dockers that are on the br0 network - I thought they would be found due to being on the subnet that I setup.

Any ideas what I need to change to make them appear so I can grab their IPs etc and connect to them?

Thank you!

Try using the CLI commands I posted (the post before yours). It might work. It sounds like a similar instance where you're just trying to access things on your local network through the tailscale tunnel, using the local subnet IPs.

MrCravon · March 17

On 3/14/2024 at 7:57 PM, CrispyFrizzles said:
I am losing my mind with this. I was running the docker img which stopped working a bit ago. I then saw that there was no longer support for it and that it was recommended to install the plugin, which I've done (and uninstalled the img). Now, despite advertising my unraid server as an exit-node as well as adding my subnet routes, I cannot access my local network from any other device running tailscale.

I've tried uninstalling and reinstalling the plugin several times now as well as reconfiguring each time, still nothing.

For what it's worth, here's how I configured in command line: tailscale up --accept-dns=false --advertise-exit-node --advertise-routes=10.10.30.0/24 --accept-routes=true

--------UPDATE FIXED--------

Alright, I went for broke and fixed it. In case anyone else has a similar issue, here's what I did:
Erased the plugin via the plugin's settings

Deleted the plugin

Rebooted Unraid (this honestly may have been the real fix as I did not do this after deleting the docker img i had originally been using due to the sheer inconvience of rebooting)

Reinstalled the plugin, connected to my tailscale account and disabled key expirary via the tailscale admin panel
CLI:
tailscale set --advertise-exit-node
accepted the exit node via admin panel
tailscale set --exit-node-allow-lan-access
at this point I tested it, still couldn't connect with local IP, however Tailscale IP worked to access Unraid GUI.
tailscale set --advertise-routes=10.10.30.0/24 (my subnet)
enabled the subnet route via the admin panel.
Boom. It works.
I imagine you could probably do it all in one shot by typing
tailscale set --advertise-exit-node --exit-node-allow-lan-access --advertise-routes=[your subnet]
Hopefully this will prove of use to somone else!

This helped a lot. Thanks!

I did this and it still didn't work:

tailscale set --advertise-exit-node --exit-node-allow-lan-access --advertise-routes=[your subnet]

But in the end it was a reboot that was needed to get it working.

exwebjunkie · March 17

On 3/15/2024 at 9:45 PM, CrispyFrizzles said:

Try using the CLI commands I posted (the post before yours). It might work. It sounds like a similar instance where you're just trying to access things on your local network through the tailscale tunnel, using the local subnet IPs.

So when you did this, did the IP's / "machines" for each docker show up in the machines section of tailscale - assume I would need this to be able to get their tailscape IPs?

I followed all the advice but I only see my main NAS show up - nothing else - can connect to it via the tailscale IP but can't connect to anything else or see anything else..

CrispyFrizzles · March 19

On 3/17/2024 at 12:55 PM, exwebjunkie said:

So when you did this, did the IP's / "machines" for each docker show up in the machines section of tailscale - assume I would need this to be able to get their tailscape IPs?

I followed all the advice but I only see my main NAS show up - nothing else - can connect to it via the tailscale IP but can't connect to anything else or see anything else..

No, the individual docker instances will not show up in tailscale. The only instances that will actually show up in your Tailscale admin panel are the actual devices that have Tailscale installed. You cannot have a tailscale instance on each one of your docker images, at least not that I'm aware of. Instead, the goal you are trying to acheive is for your Unraid server to act as, more or less, a "pass-through". Meaning everything goes through the Tailscale plugin, which is why you want to set it as an "exit-node".

I do not think there is any way to have each docker image have a Tailscale IP. You would only be able to access them via the local IP you have assigned to them. Think of it like this. You're on your laptop at like a coffee shop or something. You connect to their wifi, which obviously means you have no access to your local network. You turn Tailscale on, on your laptop. Now, if it's setup the way I demonstrated, all you would have to do is enter the local IP of the docker image you are trying to access, and it will work.

I believe you will also need to make sure, if each of your docker images are being bridged and are on different subnets, that each of the subnets are being passed through Tailscale with the "tailscale set --advertise-routes= [subnet/bits]". I personally do not use multiple subnets for locally accessed docker images, only those with remote access, which are completely unaffected by Tailscale.

Masterwishx · March 20

@EDACerton when you think you can release new version ?

EDACerton · March 21

On 3/20/2024 at 7:24 AM, Masterwishx said:

@EDACerton when you think you can release new version ?

If you want the latest update as soon as Tailscale releases it, install the preview version of the plugin from CA (you don't have to uninstall the existing plugin, it will replace it on install). I released a preview update the same day that Tailscale released the last update.

I'll probably be pushing that version to the main plugin tonight.

For everyone else: I promise, I haven't forgotten you, I've just been very busy lately, I'm going to try to catch up this evening.

EDACerton · March 22

On 3/7/2024 at 3:08 PM, Raptor said:

Recently I have problem with some of my unraids with tailscale plugin - cant access to webUI, shares but SSH works

Some unRaids & Tailscale Plugin works fine, other stop working (except SSH) some time ago.

BK-tailscale-diag-20240307-210412.zip 161.33 kB · 0 downloads Lokia-tailscale-diag-20240307-205456.zip 147.46 kB · 0 downloads

You need to turn NetBIOS off in SMB settings.
Do you access the WebGUI via mobile device (phone/tablet)? I see some errors in the log that remind me of problems that occur when mobile devices have WebGUI tabs open for long periods of time.
It seems like Tailscale DNS is enabled on both servers... I recommend that folks turn that off because it's not usually needed on servers.

EDACerton · March 22

On 3/8/2024 at 4:04 PM, forlorn-daughter-in-law4915 said:

I installed the plugin today and things are working... for the most part.
I have pihole and ngnix proxy manager set up for local dns, and my unraid dashboard runs on port 180. Ngnix dashboard runs on unraids default dashboard port 80. Pihole ip is set up as primary dns server on my router.

If i connect via tailscale through my phone i can access all my services either via ip:port or my dns entries e.g sonarr.home, except for the unraid dashboard. It works using unraid.home but not by ip:180 directly. tailscale-ip:180 does not work either.
Trying to resolve the issue as it would be nice to be able to access unraid remotely in the case where docker service is not running.

Does anyone have an idea whats wrong with my setup here? Likely its some misconfiguration on my part with nginx 🙃

Unraid-tailscale-diag-20240308-213458.zip 189 kB · 0 downloads

From the Tailscale side, everything looks fine.

If you've been accessing the WebGUI from your phone, you might be accidentally crashing the WebGUI. There's been a known issue with the WebGUI and mobile devices (in particular Android devices)... essentially, if a tab with the WebGUI gets left open (even in the background), it eventually causes problems for the server.

Quote

Mar 8 20:59:11 Unraid nginx: 2024/03/08 20:59:11 [alert] 9049#9049: worker process 16775 exited on signal 6
Mar 8 21:00:45 Unraid nginx: 2024/03/08 21:00:45 [alert] 9049#9049: worker process 21513 exited on signal 6
Mar 8 21:00:47 Unraid nginx: 2024/03/08 21:00:47 [alert] 9049#9049: worker process 26056 exited on signal 6
Mar 8 21:00:47 Unraid nginx: 2024/03/08 21:00:47 [alert] 9049#9049: worker process 26107 exited on signal 6
Mar 8 21:02:21 Unraid nginx: 2024/03/08 21:02:21 [alert] 9049#9049: worker process 26112 exited on signal 6
Mar 8 21:02:23 Unraid nginx: 2024/03/08 21:02:23 [alert] 9049#9049: worker process 30348 exited on signal 6
Mar 8 21:03:57 Unraid nginx: 2024/03/08 21:03:57 [alert] 9049#9049: worker process 30384 exited on signal 6
Mar 8 21:03:59 Unraid nginx: 2024/03/08 21:03:59 [alert] 9049#9049: worker process 2003 exited on signal 6
Mar 8 21:05:31 Unraid nginx: 2024/03/08 21:05:31 [alert] 9049#9049: worker process 2057 exited on signal 6
Mar 8 21:05:33 Unraid nginx: 2024/03/08 21:05:33 [alert] 9049#9049: worker process 6588 exited on signal 6
Mar 8 21:05:35 Unraid nginx: 2024/03/08 21:05:35 [alert] 9049#9049: worker process 6687 exited on signal 6
Mar 8 21:05:35 Unraid nginx: 2024/03/08 21:05:35 [alert] 9049#9049: worker process 6725 exited on signal 6
Mar 8 21:05:37 Unraid nginx: 2024/03/08 21:05:37 [alert] 9049#9049: worker process 6727 exited on signal 6
Mar 8 21:05:39 Unraid nginx: 2024/03/08 21:05:39 [alert] 9049#9049: worker process 6874 exited on signal 6
Mar 8 21:05:39 Unraid nginx: 2024/03/08 21:05:39 [alert] 9049#9049: worker process 6974 exited on signal 6
Mar 8 21:07:13 Unraid nginx: 2024/03/08 21:07:13 [alert] 9049#9049: worker process 6976 exited on signal 6
Mar 8 21:07:15 Unraid nginx: 2024/03/08 21:07:15 [alert] 9049#9049: worker process 11399 exited on signal 6
Mar 8 21:08:49 Unraid nginx: 2024/03/08 21:08:49 [alert] 9049#9049: worker process 11621 exited on signal 6

EDACerton · March 22

On 3/9/2024 at 10:36 AM, betweenchaosandshape said:

Thank you for doing this. I installed the Tailscale plugin, but I can't access my Unraid server for some reason. I have my phone, my laptop, and my Unraid server logged into my Tailscale account. All three are connected and showing connected in the web console. I can ping my phone from my computer, and vice versa. But I can't ping or get to the web UI for Unraid from either device. I tried to leave all of the settings on the defaults. Not using an exit node or any subnet routes. I only want devices connected to Tailscale to be able to communicate with each other. Do you see anything obvious in the diagnostic logs that gives you an idea what I'm doing wrong?

SERENITY-tailscale-diag-20240309-072301.zip 160.8 kB · 0 downloads

I can see incoming pings and WebGUI traffic in the Tailscale log.

I'd probably have to see Tailscale logs from your clients to see if there's anything interesting there. It might just be easier to reset the config on your server, though. Here's what I'd recommend if you want to try that:

Delete the Unraid server from the Tailscale admin console.
Erase the plugin configuration (there’s a button in the plugin settings, I think it’s in advanced mode.)
Reboot your Unraid server.
Log back in to Tailscale via the plugin.

EDACerton · March 22

On 3/10/2024 at 7:03 AM, jfr07 said:

I've tried re-installing the plugin and rebooting, but still the following message appears:

"Viewing: Cannot access this device’s Tailscale IP. Make sure you are connected to your tailnet, and that your policy file allows access."

So far I've only successfully advertised my Unraid as Exit Node, but that's it.

Also, when I try to open [TailScale IP]:5252 in my Unraid's Firefox, it only shows 3 loading / animation dots. Is it a sign of misconfiguration?

Vault-tailscale-diag-20240310-175701.zip 118.93 kB · 0 downloads

Your Tailscale state appears to be corrupt.

Delete the server from the Tailscale admin console.
Erase the plugin configuration (there’s a button in the plugin settings, I think it’s in advanced mode.)
Log back in to Tailscale via the plugin.

EDACerton · March 22

On 3/17/2024 at 12:55 PM, exwebjunkie said:

So when you did this, did the IP's / "machines" for each docker show up in the machines section of tailscale - assume I would need this to be able to get their tailscape IPs?

I followed all the advice but I only see my main NAS show up - nothing else - can connect to it via the tailscale IP but can't connect to anything else or see anything else..

This is normal. Docker containers don't show up independently in the Tailscale console; they're just treated as a part of the server.

If you're using a bridge Docker network (the usual default), you can just connect to tailscaleIP:dockerPort just like you would with the local IP.

If you're using br0/etc. networks in Docker (so that your containers get a separate IP address on your LAN), you'll have to do extra work to make them available via Tailscale. There are generally two ways to do this:

Use a subnet router to make the LAN IPs accessible over Tailscale (this is what basically everyone in that situation does), or
Configure Tailscale "sidecars" for each of your br0 containers.

Masterwishx · March 22

19 hours ago, EDACerton said:

install the preview version of the plugin from CA

Thanks , got it , sorry for missed it ...

Edited March 22 by Masterwishx

rama3124 · March 27

Hi

Do I still need to add tailscale0 to listening interfaces under network settings and modify the go file? Or has this since been resolved in a more recently release? TIA

aeryk · March 27

Hi, how do I refresh the auth token? It says "The Tailscale key will expire in 24 days on Sat, 20 Apr 2024 21:20:48 GMT."

But other than the "Erase" button, I don't see a Re-auth button or something. I'd prefer not to lose settings and risk subnet issues (sometimes it doesn't pick up on those on Tailscale side to approve)

Edited March 27 by aeryk

EDACerton · March 27

16 hours ago, rama3124 said:

Hi

Do I still need to add tailscale0 to listening interfaces under network settings and modify the go file? Or has this since been resolved in a more recently release? TIA

This has never been required with the plugin.

EDACerton · March 28

8 hours ago, aeryk said:

Hi, how do I refresh the auth token? It says "The Tailscale key will expire in 24 days on Sat, 20 Apr 2024 21:20:48 GMT."

But other than the "Erase" button, I don't see a Re-auth button or something. I'd prefer not to lose settings and risk subnet issues (sometimes it doesn't pick up on those on Tailscale side to approve)

There used to be a button in the Tailscale web interface to do the reauth, but it looks like that is gone. I'll have to get in touch with the Tailscale folks on that one.

In the meantime, you could disable key expiration via the Tailscale admin console, or use the CLI to do a reauth:

tailscale up --force-reauth

rama3124 · March 28

6 hours ago, EDACerton said:

This has never been required with the plugin.

Correct you are. I'm running the docker container so posted this in the wrong forum. I'll move the post, thanks

rama3124 · March 31

It seems like the general consensus is to use the plugin now rather than the docker container. I currently don't have local access to my server, is it still possible to change to the plugin while maintaining tailscale connection?

I'm assuming the answer is no since it seems I have to delete the docker container first (losing tailscale connection) before adding the plugin but I thought I'd check

EDACerton · March 31

Just now, rama3124 said:

It seems like the general consensus is to use the plugin now rather than the docker container. I currently don't have local access to my server, is it still possible to change to the plugin while maintaining tailscale connection?

I'm assuming the answer is no since it seems I have to delete the docker container first (losing tailscale connection) before adding the plugin but I thought I'd check

You are correct, switching from the docker to the plugin will require disconnecting Tailscale... the two fight each other if they are running at the same time.

If you *really* wanted to try to do it remotely (not that I would recommend it), it might be possible if you get creative with the Tailscale admin console:

Turn on device approval for your tailnet (Settings -> Device Management).
Install the plugin and log in, but don't approve it yet.
Stop the docker container (this will drop your connection to the server, but you should get it back in the next step)
Approve the plugin connection in the Tailscale console.

The catch to this being (of course) that if anything goes wrong you've just lost your remote connection until you have local access again. Managing remote connections in-band is always a fun process

[Plugin] Tailscale

Recommended Posts

Link to comment

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton

EDACerton

EDACerton

Posted Images

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Join the conversation