[Plugin] Tailscale

[EDACerton]

4 hours ago, ramjam824 said:

Hey @EDACerton,

 

I am having issues with switching from the docker -> plugin.

1. I feel like I have tried everything in this thread but I still cannot see my server in File Explorer (Network Tab)
2. I cannot add via 'Add Network Location' (\\servername\sharename or tailscaleIP\sharename)
3. I can view the Unraid web GUI and I can access my dockers via Tailscale IP:docker ID

I included the diag zip here.  Please let me know what else you may need to assist in resolving my issue  

RamJam-tailscale-diag-20240812-185801.zip 262.29 kB · 0 downloads

It looks like the configuration applied correctly, but for some reason Samba (the service that handles these file shares) didn't pick up the change. It's possible that there was something else going on at the time that prevented it from restarting (open files/file transfer/etc.).

 

You can try using the Restart button inside the plugin settings; that will restart the services and might be enough to get it to work. Otherwise, I'd try restarting the server.

[EDACerton]

11 hours ago, hanquo said:

Hello, I am trying to get my actual budget docker working with this plugin. I followed all the HTTPS setup instructions and I can access my webUI via my https://servername.tailscaledomain.ts.net address. However, I can't seem to figure out how to get any of my docker containers to work through HTTPS, they only work through HTTP. Is this intended They are all on the bridge subnet if that matters.

There are a number of different ways to do this.

 

By default, Tailscale just passes network traffic -- if the container is serving HTTP, HTTP is what you will get from other endpoints.

 

If you want HTTPS, there are a few different ways that you can do this:

1. Configure the containers to serve HTTPS instead of HTTP (if possible).
2. Use a reverse proxy like Traefik/SWAG/NPM to create an HTTPS endpoint.
3. Use the reverse proxy built into Tailscale ("tailscale serve").

[mmatzko]

I have what I hope is a dumb question.   I have setup the plugin yesterday and can ssh easily to my unraid server via the tailnet Ip.  No issues there.   However, I was expecting I could use this tailnet connection to run my docker containers services via it. For example, I would like to access Emby from my phone via tailnet.  I know there is a rather complicated implementation of putting tailnet inside a docker container on the Tailnet Youtube sub but was hoping the plugin could do the same. 

 

Is this a misconception on my part and they are completely separate requirements?

[EDACerton]

11 hours ago, mmatzko said:

I have what I hope is a dumb question.   I have setup the plugin yesterday and can ssh easily to my unraid server via the tailnet Ip.  No issues there.   However, I was expecting I could use this tailnet connection to run my docker containers services via it. For example, I would like to access Emby from my phone via tailnet.  I know there is a rather complicated implementation of putting tailnet inside a docker container on the Tailnet Youtube sub but was hoping the plugin could do the same. 

 

Is this a misconception on my part and they are completely separate requirements?

This depends on how your containers are configured.

 

If your containers are configured on bridge networks (i.e., you access them using the same IP that you access the Unraid WebGUI/SSH from), you can use the Tailscale plugin to connect to the containers in the same way (http://your.unraid.tailscale.ip:containerport/).

 

If your containers are on macvlan/ipvlan networks (e.g., br0) where they get a different IP, then you won't be able to connect to them via the server's Tailscale IP. There are several ways to connect via Tailscale:

1. Configure the Tailscale plugin to act as a subnet router.
2. For linuxserver.io containers, use the Tailscale docker mod to install Tailscale inside the container itself.
3. For other containers, use a separate Tailscale container, and use container networking to "sidecar" the Tailscale container to the service that you want to make accessible.

[mmatzko]

Thanks for the reply.   You are correct, I am using a vlan like br0 so each docker has its own ip - then use a reverse proxy for ssl.  So 1 is out.  I’ll definitely check out #2. Can you explain number 3 a bit more - how you “sidecar” a network - and how I do that while still running your plugin? If you know a link explaining it offhand, that works.  Not exactly sure what to search on.  

[mmatzko]

One more follow-up to give you all the info.   I did configure the plugin to act as a subnet router (with the internal subnet of my lan which is also the external IPs of the docker containers) but that did not have an effect.   Also, when the tailscale plugin is enabled, the App store no longer connects.  So I'm wondering if there is something wrong in my setup. 

Settings:

Tailscale Enabled: Yes

Unraid services listen etc.: Yes

Ip forwarding: no

Use Tailscale Subnets: Yes

Use Tailscale DNS: Yes (note - tailscale points to my internal pihole servers as DNS)

 

[Hydroponiker]

i cannot reauthenticate via webgui nor cli

 

any help diagnosing the problem?

Tower-tailscale-diag-20240819-215444.zip

[cinereus]

What is the cli command for authenticating? 

[BLKMGK]

Getting an odd error, is there an issue with the download site?

 

"plugin: installing: tailscale.plg Executing hook script: pre_plugin_checks plugin: downloading: tailscale.plg ... done plugin: downloading: unraid-tailscale-utils-1.12.0-noarch-1.txz ... plugin: unraid-tailscale-utils-1.12.0-noarch-1.txz download failure: Network failure Executing hook script: post_plugin_checks"

 

Server is up and running just fine and accessing the internet too.

[EDACerton]

12 minutes ago, BLKMGK said:

Getting an odd error, is there an issue with the download site?

 

"plugin: installing: tailscale.plg Executing hook script: pre_plugin_checks plugin: downloading: tailscale.plg ... done plugin: downloading: unraid-tailscale-utils-1.12.0-noarch-1.txz ... plugin: unraid-tailscale-utils-1.12.0-noarch-1.txz download failure: Network failure Executing hook script: post_plugin_checks"

 

Server is up and running just fine and accessing the internet too.

I just checked the Github side and it seems to be fine...

 

What happens if you run this from the CLI?

wget https://github.com/dkaser/unraid-tailscale-utils/releases/download/1.12.0/unraid-tailscale-utils-1.12.0-noarch-1.txz

 

[EDACerton]

On 8/20/2024 at 8:54 AM, cinereus said:

What is the cli command for authenticating? 

tailscale up

 

[EDACerton]

On 8/19/2024 at 3:58 PM, Hydroponiker said:

i cannot reauthenticate via webgui nor cli

 

any help diagnosing the problem?

Tower-tailscale-diag-20240819-215444.zip 213.08 kB · 0 downloads

It looks like your system is having trouble communicating with the Tailscale control plane:

 

Quote

2024/08/19 21:43:32 health(warnable=login-state): error: You are logged out. The last login error was: register request: Post "https://controlplane.tailscale.com/machine/register": connection attempts aborted by context: context deadline exceeded
2024/08/19 21:43:32 Received error: register request: Post "https://controlplane.tailscale.com/machine/register": connection attempts aborted by context: context deadline exceeded
2024/08/19 21:43:32 control: LoginInteractive -> regen=true
2024/08/19 21:43:32 control: doLogin(regen=true, hasUrl=false)
2024/08/19 21:43:32 control: Generating a new nodekey.
2024/08/19 21:43:32 control: RegisterReq: onode= node=[e4rPE] fup=false nks=false
2024/08/19 21:43:42 Received error: register request: Post "https://controlplane.tailscale.com/machine/register": connection attempts aborted by context: context deadline exceeded
2024/08/19 21:43:42 control: LoginInteractive -> regen=true
2024/08/19 21:43:42 control: doLogin(regen=true, hasUrl=false)
2024/08/19 21:43:42 control: Generating a new nodekey.
2024/08/19 21:43:42 control: RegisterReq: onode= node=[zowy1] fup=false nks=false
2024/08/19 21:43:50 EditPrefs: MaskedPrefs{RunWebClient=true}
2024/08/19 21:43:52 Received error: register request: Post "https://controlplane.tailscale.com/machine/register": connection attempts aborted by context: context deadline exceeded
2024/08/19 21:43:52 control: LoginInteractive -> regen=true
2024/08/19 21:43:52 control: doLogin(regen=true, hasUrl=false)
2024/08/19 21:43:52 control: Generating a new nodekey.
2024/08/19 21:43:52 control: RegisterReq: onode= node=[GV3u5] fup=false nks=false
2024/08/19 21:44:02 Received error: register request: Post "https://controlplane.tailscale.com/machine/register": connection attempts aborted by context: context deadline exceeded

 

[EDACerton]

On 8/18/2024 at 11:35 AM, mmatzko said:

One more follow-up to give you all the info.   I did configure the plugin to act as a subnet router (with the internal subnet of my lan which is also the external IPs of the docker containers) but that did not have an effect.   Also, when the tailscale plugin is enabled, the App store no longer connects.  So I'm wondering if there is something wrong in my setup. 

Settings:

Tailscale Enabled: Yes

Unraid services listen etc.: Yes

Ip forwarding: no

Use Tailscale Subnets: Yes

Use Tailscale DNS: Yes (note - tailscale points to my internal pihole servers as DNS)

 

I would start by turning off "Use Tailscale Subnets" and "Use Tailscale DNS". They are rarely required and can cause issues in some cases (e.g., I'd guess that DNS is your problem with the app store).

 

I would also have IP forwarding turned on if you're doing subnet routing (this isn't a super big deal -- Unraid turns on IPv4 forwarding by default anyways, so the setting is more relevant for IPv6/exit nodes -- but it's a good idea to have the Tailscale setting turned on in case Unraid ever changes the default).

[EDACerton]

On 8/18/2024 at 10:23 AM, mmatzko said:

Thanks for the reply.   You are correct, I am using a vlan like br0 so each docker has its own ip - then use a reverse proxy for ssl.  So 1 is out.  I’ll definitely check out #2. Can you explain number 3 a bit more - how you “sidecar” a network - and how I do that while still running your plugin? If you know a link explaining it offhand, that works.  Not exactly sure what to search on.  

Here is someone who did #3. You have to install a Tailscale docker container (this can be done in addition to the Tailscale plugin too if you're using the container from my repository):

 

 

[BLKMGK]

8 hours ago, EDACerton said:

I just checked the Github side and it seems to be fine...

 

What happens if you run this from the CLI?

wget https://github.com/dkaser/unraid-tailscale-utils/releases/download/1.12.0/unraid-tailscale-utils-1.12.0-noarch-1.txz

 

Ugh, server cannot resolve Github.com - WTH? Pings Google fine, resolves CNN,  but is having issues with others. I pull data in containers from many servers too. Something weird with DNS here, I'll investigate this evening - something tells me this isn't an Unraid issue! Hopefully I'll be loading your plugin tonight though

 

P.S. Seems this is JUST my Unraid server too <sigh>

Edited August 22 by BLKMGK

[Hydroponiker]

14 hours ago, EDACerton said:

It looks like your system is having trouble communicating with the Tailscale control plane:

 

 

how do i troubleshoot that?

[tbeaugelin]

Hi guys,

I’m having a little bit of trouble with using this plugin. I’m trying to map a specific share into my Mac/iPad/iPhone using smb://unraidserver.local/share wich works as long as I’m on the same network. When trying to map it on my iPhone using only 5G, it does not work and return an error Unconnected Socket.

It does works fine with smb://UNRAIDIP/share however.

I don’t want to use the IP solution, as things tend to break if the IP is attributed on foreign networks.

 

My config is:

Exit node set up on my Unraid Server

Subnet added as 192.168.1.0/24

Local split DNS from my router DNS for local domain.

 

I can access Unraid Web UI on 5G by typing my IP in my browser, access everything, my dockers and stuff, but can’t map the smb://server.local…

[EDACerton]

4 hours ago, tbeaugelin said:

Hi guys,

I’m having a little bit of trouble with using this plugin. I’m trying to map a specific share into my Mac/iPad/iPhone using smb://unraidserver.local/share wich works as long as I’m on the same network. When trying to map it on my iPhone using only 5G, it does not work and return an error Unconnected Socket.

It does works fine with smb://UNRAIDIP/share however.

I don’t want to use the IP solution, as things tend to break if the IP is attributed on foreign networks.

 

My config is:

Exit node set up on my Unraid Server

Subnet added as 192.168.1.0/24

Local split DNS from my router DNS for local domain.

 

I can access Unraid Web UI on 5G by typing my IP in my browser, access everything, my dockers and stuff, but can’t map the smb://server.local…

smb://server.local will only work on the local network.

 

My general approach is to just use the Tailscale IP / Tailnet DNS (server.tailnet.ts.net) for any connections. That makes sure that things will work whether I'm local or remote.

 

[tbeaugelin]

7 hours ago, EDACerton said:

smb://server.local will only work on the local network.

 

My general approach is to just use the Tailscale IP / Tailnet DNS (server.tailnet.ts.net) for any connections. That makes sure that things will work whether I'm local or remote.

 

Thanks for the quick answer, and indeed the solution to my problem. It’s working perfectly with smb://server.tailnet.ts.net!

[Al Asghar]

Hello

 

I have installed the plugin using SpaceInvaderOne Video and instruction;

I can access the Webgui  locally and  can access the main unraid box using my internal and external IP address, but remotely using a web browser or my phone  I either get "Not secure" or " Connection refused" or just a blank screen.

I suspect it  maybe something to with my network setup, and looking for the subject matter experts here for some help & assistance.

Any suggestions.

 

Thanks

Tower-tailscale-diag-20240827-174943.zip

[ProtoE04]

I have installed tailscale based on SpaceInvaderOne's video and it is working for the most part, I am able to access my server remotely.

However, when I try to transfer files to my shares via SMB (windows), only small files seem to be transferable. Larger files always fail.

 

Log errors seem to indicate something about a TUN device but I am new to unraid and linux so I have no clue what any of this even means. I tried to google it and found https://github.com/tailscale/tailscale/issues/13041 but I have no clue if this applies in my case... my knowledge is lacking

 

Any help would be appreciated

tailscale-diag-20240827-160149.zip

[EDACerton]

5 hours ago, ProtoE04 said:

I have installed tailscale based on SpaceInvaderOne's video and it is working for the most part, I am able to access my server remotely.

However, when I try to transfer files to my shares via SMB (windows), only small files seem to be transferable. Larger files always fail.

 

Log errors seem to indicate something about a TUN device but I am new to unraid and linux so I have no clue what any of this even means. I tried to google it and found https://github.com/tailscale/tailscale/issues/13041 but I have no clue if this applies in my case... my knowledge is lacking

 

Any help would be appreciated

tailscale-diag-20240827-160149.zip 154.53 kB · 0 downloads

I agree with your guess -- that kernel bug seems to be the issue.

 

The bug was introduced in kernel version 6.1.103 (used by Unraid 6.12.12) and is still in the kernel in Unraid 6.12.13.

 

If you roll back to 6.12.11, you shouldn't run into this. The Unraid 7 betas are also running an unaffected kernel version.

 

Edited August 28 by EDACerton

[EDACerton]

4 hours ago, Al Asghar said:

Hello

 

I have installed the plugin using SpaceInvaderOne Video and instruction;

I can access the Webgui  locally and  can access the main unraid box using my internal and external IP address, but remotely using a web browser or my phone  I either get "Not secure" or " Connection refused" or just a blank screen.

I suspect it  maybe something to with my network setup, and looking for the subject matter experts here for some help & assistance.

Any suggestions.

 

Thanks

Tower-tailscale-diag-20240827-174943.zip 23.67 kB · 0 downloads

I see that you have the "Use Tailscale Subnets" setting turned on in the Tailscale settings. I would turn that off; it's very rarely needed, and can cause weird connectivity problems in some networks.

 

Aside from that, the plugin itself is detecting that the WebGUI is listening on Tailscale as expected, and from the diagnostics it looks like everything applied correctly:

Quote

2024/08/27 17:44:50 tailscale-watcher.php: WebGUI listening on 100.x.x.118:80

 

[ProtoE04]

12 hours ago, EDACerton said:

I agree with your guess -- that kernel bug seems to be the issue.

 

The bug was introduced in kernel version 6.1.103 (used by Unraid 6.12.12) and is still in the kernel in Unraid 6.12.13.

 

If you roll back to 6.12.11, you shouldn't run into this. The Unraid 7 betas are also running an unaffected kernel version.

 

Upgrading to Unraid 7 solved the issue. Thanks!

[EDACerton]

2024.08.28

 

This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file. However, since Flash Backup is unencrypted, the state file should not be backed up.

 

This update prevents the state file from being backed up, but existing backups will not be automatically erased. To remove any previous backups of the state file, do the following after updating the Tailscale plugin to version 2024.08.28 or later:

1. On your Unraid server, go to Settings -> Management Access.

2. Under Unraid Connect, deactivate flash backup. In the popup, select the option to also delete cloud backup.

3. Reactivate flash backup.