[Plugin] Tailscale

[EDACerton]

8 hours ago, Karmaa said:

Hello! I use Tailscale to access the WebGUl remotely on my unraid server. I access it by just connecting to the Tailscale server and typing in the address for my server that Tailscale shows to me. When I boot in the GUI OS mode this works fine and the dashboard comes up and l can manage my unraid server. When I boot in normal OS mode I am unable to connect to the GUI via tailscale. Tailscale shows that the server is connected and the port 80 is in use so I believe it’s running and everything I just cant connect to it. Any idea why? I have tailscaleO set in my addition interface thing btw. I am also able to ping the server just fine.

tailscale0 is from the Docker container, not from the plugin.

 

Do you have the plugin installed? If so, please provide diagnostics from within the plugin settings.

[Gex2501]

On 3/25/2023 at 10:51 AM, EDACerton said:

I can't access the WebGUI after logging in to Tailscale

• This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs.

• Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets".

I ran into this issue recently, thanks for having this post pinned at the top of the thread. Also thanks for all your work on providing this plugin! I'd like to understand why this problem occurs. While I don't need the subnets feature I would like to utilize them. Is there a way to get it to work?

[EDACerton]

8 hours ago, Gex2501 said:

I ran into this issue recently, thanks for having this post pinned at the top of the thread. Also thanks for all your work on providing this plugin! I'd like to understand why this problem occurs. While I don't need the subnets feature I would like to utilize them. Is there a way to get it to work?

The ways that "Use Tailscale Subnets" causes problems has to do with how other Tailscale devices are set up.

 

One important thing to understand -- "Use Tailscale Subnets" has nothing to do with setting your Unraid server up as a subnet router. If you want to advertise routes from your Unraid instance, go for it -- that works just fine (and lots of people do it).

 

"Use Tailscale Subnets" is relevant when *other* devices on your network are a subnet router (for instance, folks who use things like pfSense/opnsense/etc. for their firewall/router sometimes like to install Tailscale there and use it as the subnet router). In cases like this, you can run into some asymmetric routing issues because now you'll actually have two routes to your local network (directly connected and via the Tailscale subnet router)... and Tailscale will try to force the traffic to go over the subnet router*.

 

However, the router isn't expecting that traffic, and the client isn't expecting for the traffic to come back that way either, so this can result in various (and weird) connection issues.

 

In practice, there are very few scenarios which would require "Use Tailscale Subnets" to work. Without "Use Tailscale Subnets", you can still:

• Configure Unraid as a subnet router on Tailscale to make other devices on your network accessible via Tailscale.
• Connect to Unraid via its local IP from another device via a subnet router (e.g., connecting to 192.168.1.10 from your laptop, with Tailscale installed as a subnet router on your firewall).

What you cannot do is:

• Connect from Unraid to a device in a remote subnet (e.g., if you had a subnet router running at your friends house, and you wanted to transfer files from Unraid to a device there via the subnet router).

* This seems like a bad thing, but is actually a good feature that just has unfortunate implications in this scenario. Tailscale behaves this way because many private networks share IPs, and by forcing all traffic over the subnet router, it guarantees that when you enter (for example) 192.168.1.10 it connects to your server and not some device on another network that just happens to use 192.168.1.0/24.

[Gex2501]

17 hours ago, EDACerton said:

"Use Tailscale Subnets" is relevant when *other* devices on your network are a subnet router (for instance, folks who use things like pfSense/opnsense/etc. for their firewall/router sometimes like to install Tailscale there and use it as the subnet router). In cases like this, you can run into some asymmetric routing issues because now you'll actually have two routes to your local network (directly connected and via the Tailscale subnet router)... and Tailscale will try to force the traffic to go over the subnet router*.

This is almost exactly what I have going on. I have a pi running tailscale, on the same LAN as Unraid, advertising the subnet. What I find interesting is I also have an Ubuntu VM, running on Unraid, exposed to the LAN directly, using the --accept-routes and it's working just fine... Seems weird. 🤷‍♂️

 

UPDATE: So strike that, I actually can't ping or access the VM from it's LAN ip. So same issue I guess. I've just never actually tried to do that.

Edited Sunday at 08:12 PM by Gex2501
Info update

[jwillmer]

I used the `tailscale set` command to modify the configuration. Is this configuration changes persistent @EDACerton?

[EDACerton]

4 hours ago, jwillmer said:

I used the `tailscale set` command to modify the configuration. Is this configuration changes persistent @EDACerton?

Yes.