[Plugin] Tailscale

[flammable]

Thanks! I just took care of that for my server.

 

I see the release notes include this:
 

Quote

Automatically generate certificates if HTTPS enabled for Tailnet.

 

Does that mean I no longer need to run the script that's on the Help page, under the Certificates section?

[EDACerton]

2 hours ago, flammable said:

Thanks! I just took care of that for my server.

 

I see the release notes include this:
 

 

Does that mean I no longer need to run the script that's on the Help page, under the Certificates section?

Soon

 

There's some more work to be done before it's automatic, this is just getting ready for it In the meantime, the script will work just fine.

[nerbonne]

Did something change in regards to SSH connections?  Under 6.12.11, I could connect via SSH from remote tailscale 100.xxx IPs, but after updating to 6.12.13, I'm getting connection refused for SSH although I can access the web GUI remotely from a web browwer.

[EDACerton]

7 hours ago, nerbonne said:

Did something change in regards to SSH connections?  Under 6.12.11, I could connect via SSH from remote tailscale 100.xxx IPs, but after updating to 6.12.13, I'm getting connection refused for SSH although I can access the web GUI remotely from a web browwer.

Nothing changed related to SSH.

 

Please post diagnostics from the Tailscale settings.

Edited September 2 by EDACerton

[Secluded]

Hi there,

 

I'm currently on Unraid 6.12.11 (rolled back from 6.12.13, since encountered some network issues in VM and docker) and Tailscale plugin 2024.08.28.

 

I found this today that I cannot access SMB via tailscale (but no problem to access the web GUI) after I reboot my Unraid server, and it can be reproduced (It happens every time I reboot unraid). I fixed this by manually going to the network setting of Unraid and reapply including "tailscale1" in the listening interfaces. Since I have seen this post recently, have you already applied this work around in the latest update?

 

I have attached my diagnosis file below if it helps. Thank you in advance!

Edited September 11 by Secluded
Removed diagnosis file

[nerbonne]

4 hours ago, EDACerton said:

Nothing changed related to SSH.

 

Please post diagnostics from the Tailscale settings.

I'll see if I can sanitize the logs later and post.  I looked at those logs yesterday and it contains my public IPs anywhere I have direct tailscale access, which is quite a few places.  Need a way to anonymize them if we are going to be posting them routinely.

[nerbonne]

59 minutes ago, Secluded said:

Hi there,

 

I'm currently on Unraid 6.12.11 (rolled back from 6.12.13, since encountered some network issues in VM and docker) and Tailscale plugin 2024.08.28.

 

I found this today that I cannot access SMB via tailscale (but no problem to access the web GUI) after I reboot my Unraid server, and it can be reproduced (It happens every time I reboot unraid). I fixed this by manually going to the network setting of Unraid and reapply including "tailscale1" in the listening interfaces. Since I have seen this post recently, have you already applied this work around in the latest update?

 

I have attached my diagnosis file below if it helps. Thank you in advance!

Arthur-Unraid-tailscale-diag-20240901-224001.zip 170.73 kB · 0 downloads

 

Disregard.  Removing "tailscale1" and entering it back and hitting apply did the trick.  SSH is working now.  

 

*Meant to edit my above post but didnt do it right.

Edited September 2 by nerbonne

[EDACerton]

18 hours ago, Secluded said:

Hi there,

 

I'm currently on Unraid 6.12.11 (rolled back from 6.12.13, since encountered some network issues in VM and docker) and Tailscale plugin 2024.08.28.

 

I found this today that I cannot access SMB via tailscale (but no problem to access the web GUI) after I reboot my Unraid server, and it can be reproduced (It happens every time I reboot unraid). I fixed this by manually going to the network setting of Unraid and reapply including "tailscale1" in the listening interfaces. Since I have seen this post recently, have you already applied this work around in the latest update?

 

I have attached my diagnosis file below if it helps. Thank you in advance!

Arthur-Unraid-tailscale-diag-20240901-224001.zip 170.73 kB · 0 downloads

You can probably get a similar effect by restarting the plugin (there's a button in the settings).

 

The workaround that I posted will work in any version of the plugin. I won't make that automatic for the versions with the kernel bug because the kernel bug might not affect everyone, and automatically disabling Unraid services on the Tailscale IP would remove most of the reason folks use the plugin.

 

The thing that strikes me as odd in your diagnostics is that something is restarting the Tailscale services a lot. Do you have a user script or something that could be forcing restarts of either Tailscale or the array?

[Secluded]

On 9/2/2024 at 5:30 PM, EDACerton said:

You can probably get a similar effect by restarting the plugin (there's a button in the settings).

 

The workaround that I posted will work in any version of the plugin. I won't make that automatic for the versions with the kernel bug because the kernel bug might not affect everyone, and automatically disabling Unraid services on the Tailscale IP would remove most of the reason folks use the plugin.

 

The thing that strikes me as odd in your diagnostics is that something is restarting the Tailscale services a lot. Do you have a user script or something that could be forcing restarts of either Tailscale or the array?

Please don't mind those restarting info in the log. I forced restarts in order to test if the plugin will include "tailscale1" in the listening interfaces.

 

I'm pretty sure on version 2024.08.28, restarting tailscale will NOT automatically include "tailscale1" in the listening interfaces, although the "tailscale1" is listed in the network setting of web GUI. The obvious symptom is SMB won't work via Tailscale, and restarting Tailscale won't help. Manually add "tailscale1" in the listening interfaces can fix this. I only tested SMB via Tailscale magicDNS (which means access SMB using the Tailscale domain). Not very sure if accessing via Tailscale IP address works.

 

I also tried reset my Unraid network setting, but nothing changes. After several tests, I rolled back to version 2024.07.31. This old version has no problem. SMB works via Tailscale once the plugin started/restarted.

 

There seems something wrong with version 2024.08.28.

 

Update:

Version 2024.09.09 fixed this bug.

Edited September 11 by Secluded

[charliecx]

I've searched the thread but can't find the answer.

 

After following the instructions in the help, I got the SSL to work with my MagicDNS. However, it works only on the domain, but not the port. homelab.word-word.ts.net is OK, but homelab.word-word.ts.net:5001 gives ERR_CONNECTION_REFUSED or ERR_SSL_PROTOCOL_ERROR. I'm new to Tailscale and new-ish to Unraid, what am I doing wrong?

I have run the cert script via user scrips and I ran this tailscale up --exit-node=gb-mnc-wg-001.mullvad.ts.net --exit-node-allow-lan-access=true --reset

[Naidu]

I am running into an issue where split DNS doesn't work on unraid beta.

 

I have enabled magic DNS/ split DNS and override DNS settings turned on.

[ducato]

No access to docker containers when tailscale plugin with mullvad exit node is enabled.

 

The issue is very specific: Tailscale has a paid add-on feature of a Mullvad exit-node vpn for $5/month.  When it is enabled, the unraid server dashboard, shares etc. can still be accessed, but all access to the containers is lost whether through local ip 192.168.x.x or tailscale ip 100.x.x.x.

So far I have had no luck in troubleshooting and unfortunately my knowledge of unraid is limited since I am new to the system(although I like it quite a bit).  I am running unraid 7.0.0 beta2

Unfortunately, once the Mullvad exit node in the tailscale app is enabled(and access is lost to the containers) it cannot be undone without going into the unraid tailscale plugin, going to settings, clicking "advanced view" and then clicking "erase tailscale configuration".  At that point a whole new tailscale authorization must be enabled for the plugin, forcing a whole new tailscale ip on the tailscale machines page(basically starting from scratch all over again with tailscale).  All will work fine with unraid and the tailscale plugin at that point, even with full access to the containers, unless any mullvad exit node is re-enabled, causing loss of access to the containers locally and remotely.

I'm sure there is a configuration that can be changed, I unfortunately just don't know enough on how to do it 😞

[EDACerton]

2 hours ago, ducato said:

No access to docker containers when tailscale plugin with mullvad exit node is enabled.

 

The issue is very specific: Tailscale has a paid add-on feature of a Mullvad exit-node vpn for $5/month.  When it is enabled, the unraid server dashboard, shares etc. can still be accessed, but all access to the containers is lost whether through local ip 192.168.x.x or tailscale ip 100.x.x.x.

So far I have had no luck in troubleshooting and unfortunately my knowledge of unraid is limited since I am new to the system(although I like it quite a bit).  I am running unraid 7.0.0 beta2

Unfortunately, once the Mullvad exit node in the tailscale app is enabled(and access is lost to the containers) it cannot be undone without going into the unraid tailscale plugin, going to settings, clicking "advanced view" and then clicking "erase tailscale configuration".  At that point a whole new tailscale authorization must be enabled for the plugin, forcing a whole new tailscale ip on the tailscale machines page(basically starting from scratch all over again with tailscale).  All will work fine with unraid and the tailscale plugin at that point, even with full access to the containers, unless any mullvad exit node is re-enabled, causing loss of access to the containers locally and remotely.

I'm sure there is a configuration that can be changed, I unfortunately just don't know enough on how to do it 😞

This is by design when an exit node is in use -- all traffic is routed to the exit node. If you want to be able to access local resources (including Docker containers) when an exit node is in use, you also need to set this:

tailscale set --exit-node-allow-lan-access

 

[EDACerton]

4 hours ago, Naidu said:

I am running into an issue where split DNS doesn't work on unraid beta.

 

I have enabled magic DNS/ split DNS and override DNS settings turned on.

Please provide diagnostics from within the plugin settings.

[EDACerton]

On 9/3/2024 at 10:50 AM, charliecx said:

I've searched the thread but can't find the answer.

 

After following the instructions in the help, I got the SSL to work with my MagicDNS. However, it works only on the domain, but not the port. homelab.word-word.ts.net is OK, but homelab.word-word.ts.net:5001 gives ERR_CONNECTION_REFUSED or ERR_SSL_PROTOCOL_ERROR. I'm new to Tailscale and new-ish to Unraid, what am I doing wrong?

I have run the cert script via user scrips and I ran this tailscale up --exit-node=gb-mnc-wg-001.mullvad.ts.net --exit-node-allow-lan-access=true --reset

MagicDNS and SSL are two different things.

 

If you're getting an SSL protocol error on :5001, that likely means that whatever is running there is HTTP, not HTTPS.

[EDACerton]

On 9/3/2024 at 8:03 AM, Secluded said:

Please don't mind those restarting info in the log. I forced restarts in order to test if the plugin will include "tailscale1" in the listening interfaces.

 

I'm pretty sure on version 2024.08.28, restarting tailscale will NOT automatically include "tailscale1" in the listening interfaces, although the "tailscale1" is listed in the network setting of web GUI. The obvious symptom is SMB won't work via Tailscale, and restarting Tailscale won't help. Manually add "tailscale1" in the listening interfaces can fix this. I only tested SMB via Tailscale magicDNS (which means access SMB using the Tailscale domain). Not very sure if accessing via Tailscale IP address works.

 

I also tried reset my Unraid network setting, but nothing changes. After several tests, I rolled back to version 2024.07.31. This old version has no problem. SMB works via Tailscale once the plugin started/restarted.

 

There seems something wrong with version 2024.08.28.

Did you apply the "workaround" from that other post (disabling "Unraid services listen on Tailscale IP")? That would stop the plugin from adding tailscale1 to the listening interfaces.

[ducato]

9 hours ago, EDACerton said:

This is by design when an exit node is in use -- all traffic is routed to the exit node. If you want to be able to access local resources (including Docker containers) when an exit node is in use, you also need to set this:

tailscale set --exit-node-allow-lan-access

 

Thank you so so much!  Worked like a charm!  I appreciate you and your hard work!!!

[Laov]

Hello,

 

Today after tailscale updated i received an alert:

My log also looks weird:

 

Attached diagnostics. Unraid 6.12.9.

DataServer-tailscale-diag-20240907-190213.zip

[EDACerton]

1 minute ago, Laov said:

Hello,

 

Today after tailscale updated i received an alert:

My log also looks weird:

 

Attached diagnostics. Unraid 6.12.9.

DataServer-tailscale-diag-20240907-190213.zip 245.72 kB · 0 downloads

The log issue is just a cosmetic problem with the log page (it’s trying to display a compressed log because the current file is small). That will be fixed in the next release. 
 

For the alert, follow the instructions: deactivate flash backup, delete cloud backup, and reactivate the flash backup. The alert will trigger on each update until that is completed. 

[Laov]

3 minutes ago, EDACerton said:

The log issue is just a cosmetic problem with the log page (it’s trying to display a compressed log because the current file is small). That will be fixed in the next release. 
 

For the alert, follow the instructions: deactivate flash backup, delete cloud backup, and reactivate the flash backup. The alert will trigger on each update until that is completed. 

1st time I see this message after an update... Why did it happen?

[EDACerton]

3 minutes ago, Laov said:

1st time I see this message after an update... Why did it happen?

 

[Jozodr]

Hi All,

 

plugin works perfectly however my script to copy files periodically between my unraid systems stops working after some time:

 

root@nexttower:~# ssh 111.68.69.18

# Tailscale SSH requires an additional check.
# To authenticate, visit: https://login.tailscale.com/a/3323bc801la2b

 

I found the github issue that talks about this mentioning that I should set re-authentication check to 'accept' but I cannot for life of me figure out where should I configure this using the plugin on unraid. Little help please? 

 

Here is the github issue:

 

https://github.com/tailscale/tailscale/issues/5708

[Raul Perte]

I also seem to be having a bunch of problems. Previously, I could access the advertised routes directly on the local IP, but after a reboot I & update to the latest plugin version, I can only access them via the Tailscale IP. Any suggestions? 

I tried the following:
- removed tailscale1, apply, entered tailscale1, apply > no results. 
- ran tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.0.0/24,192.168.1.0/24 --accept-dns=false 


Thank you! 

LE: SOLVED

I deleted everything Tailscale (including the references/folders in /boot/config/plugins && plugins-removed), then I rebooted the server followed by a plugin re-install. Everything works after running the tailscale command referenced above. 
 

Edited September 9 by Raul Perte

[EDACerton]

19 minutes ago, Raul Perte said:

I also seem to be having a bunch of problems. Previously, I could access the advertised routes directly on the local IP, but after a reboot I & update to the latest plugin version, I can only access them via the Tailscale IP. Any suggestions? 

I tried the following:
- removed tailscale1, apply, entered tailscale1, apply > no results. 
- ran tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.0.0/24,192.168.1.0/24 --accept-dns=false 


Thank you! 
 

Turn off --accept-routes.

[EDACerton]

3 hours ago, Jozodr said:

Hi All,

 

plugin works perfectly however my script to copy files periodically between my unraid systems stops working after some time:

 

root@nexttower:~# ssh 111.68.69.18

# Tailscale SSH requires an additional check.
# To authenticate, visit: https://login.tailscale.com/a/3323bc801la2b

 

I found the github issue that talks about this mentioning that I should set re-authentication check to 'accept' but I cannot for life of me figure out where should I configure this using the plugin on unraid. Little help please? 

 

Here is the github issue:

 

https://github.com/tailscale/tailscale/issues/5708

Is there a particular reason that you're using Tailscale SSH instead of the SSH server included with Unraid?