Jump to content

[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Thanks
  • Like

6 reactions

Go to this post
  • Replies 994
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

EDACerton
EDACerton

2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

Posted Images

jarredh Noob

jarredh

Posted
Posted

Hey,

 

I have Tailscale installed and its working well as an exit node.

 

I want to also install my Mullvad VPN for some docker containers I use. When I import the tunnel into Unraids built in VPN manager and activate it, having it set using VPN tunneled access for docker, my Tailscale exit node will not work. 

 

Is there any way to get these to work simultaneously? Thanks

Link to comment
Elmojo Contributor

Elmojo

Posted
Posted
On 10/1/2024 at 9:46 AM, Elmojo said:

Ok, got a weird one...

TS is working great, except on 1 machine - My wife's desktop.  The only thing different about her machine is that it connects wirelessly to my home LAN.  Otherwise, it's a typical Windows 10 desktop PC.
Anyway, here's the deal...
She can browse the internet, and can see other devices on our LAN (including the server GUI, and VMs on the server), but cannot see shares on our unraid server if TS is enabled.

If I turn it off, then it will usually work.  I can even turn TS off, then back on, and it will often allow share access.

I did have to enable NetBIOS on the server (plugin) side, because it was killing the scan to file on my copier, but this doesn't seem to have affected any of the other devices in the home.

Can anyone think of a reason why her machine specifically would be having intermittent loss of shares access?  It's maddening.

 

Diags package attached, if it's helpful.

Tower-tailscale-diag-20241001-094150.zip 641.91 kB · 1 download

Any thoughts on this?  I think it may have gotten lost in the stack.

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
On 10/1/2024 at 9:46 AM, Elmojo said:

Ok, got a weird one...

TS is working great, except on 1 machine - My wife's desktop.  The only thing different about her machine is that it connects wirelessly to my home LAN.  Otherwise, it's a typical Windows 10 desktop PC.
Anyway, here's the deal...
She can browse the internet, and can see other devices on our LAN (including the server GUI, and VMs on the server), but cannot see shares on our unraid server if TS is enabled.

If I turn it off, then it will usually work.  I can even turn TS off, then back on, and it will often allow share access.

I did have to enable NetBIOS on the server (plugin) side, because it was killing the scan to file on my copier, but this doesn't seem to have affected any of the other devices in the home.

Can anyone think of a reason why her machine specifically would be having intermittent loss of shares access?  It's maddening.

 

Diags package attached, if it's helpful.

Tower-tailscale-diag-20241001-094150.zip 641.91 kB · 1 download

I can see that you're advertising a subnet route from your Unraid server.

 

Is the setting to use Tailscale subnets enabled on her desktop?

 

Otherwise, it's fairly difficult to read your log files... it seems like NAT-PMP on your router and Tailscale aren't playing well together, plus there's a lot of nginx messages in the syslog.

Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
9 hours ago, jarredh said:

Hey,

 

I have Tailscale installed and its working well as an exit node.

 

I want to also install my Mullvad VPN for some docker containers I use. When I import the tunnel into Unraids built in VPN manager and activate it, having it set using VPN tunneled access for docker, my Tailscale exit node will not work. 

 

Is there any way to get these to work simultaneously? Thanks

It sounds like you're effectively creating two different "exit nodes".... one with Wireguard and one with Tailscale.

 

If you want to use both, it might be better to connect the containers via WireGuard-Docker.

Link to comment
Elmojo Contributor

Elmojo

Posted
Posted (edited)
30 minutes ago, EDACerton said:

I can see that you're advertising a subnet route from your Unraid server.

 

Is the setting to use Tailscale subnets enabled on her desktop?

 

Otherwise, it's fairly difficult to read your log files... it seems like NAT-PMP on your router and Tailscale aren't playing well together, plus there's a lot of nginx messages in the syslog.

Yes, TS subnets are enable on her desktop.

How would I go about resolving NAT-PMP/TS collisions, or whatever you're seeing?
My router is pfsense, if that helps.
What sort of nginx messages?  Errors?  I have no idea how to read a log, so I'm relying on you for this one. :)

Edited by Elmojo
Link to comment
EDACerton Enthusiast

EDACerton

Posted
  • Author
Posted
12 hours ago, Elmojo said:

Yes, TS subnets are enable on her desktop.

How would I go about resolving NAT-PMP/TS collisions, or whatever you're seeing?
My router is pfsense, if that helps.
What sort of nginx messages?  Errors?  I have no idea how to read a log, so I'm relying on you for this one. :)

I'd try turning subnet routes off. For the NAT-PMP, you'd have to make certain that it is properly configured on pfSense:

https://docs.netgate.com/pfsense/en/latest/services/upnp.html

Link to comment
Espressomatic Explorer

Espressomatic

Posted
Posted (edited)
3 hours ago, Elmojo said:

It's a desktop PC, it's always on my LAN. lol

 

Are you're connecting TO it from the outside? Does it need to be on your tailnet?

 

The only "desktops" I have are all servers, so I keep them on the tailnet all the time, but it's not used for local addresses and that seems to work reliably. My phones and notebooks all activate and deactivate TS depending on whether or not they're at home. But I did just test forcing my Macbook to always be connected to TS and SMB connections all continue to work as expected.

 

Edited by Espressomatic
Link to comment
Elmojo Contributor

Elmojo

Posted
Posted
2 hours ago, EDACerton said:

I'd try turning subnet routes off. For the NAT-PMP, you'd have to make certain that it is properly configured on pfSense:

Thanks, I'll try disabling both and see if that helps.  I don't really have anything in the home that would require uPnP anyway, so let's see what happens with it off entirely in pfSense.

 

1 hour ago, Espressomatic said:

Are you're connecting TO it from the outside? Does it need to be on your tailnet?

Yes.  My wife connects to her home desktop from work, so she can have access to files on our home server.

Link to comment
raiderbert Noob

raiderbert

Posted
Posted (edited)

Hello, I have successfully installed and set up the Tailscale plugin, which allows me to remotely access my Unraid server and the individual Docker containers.
Since then, however, various Docker containers have been behaving strangely (network type: custom br0).

It looks like a connection to the internet is no longer possible.

Errors when the tailscale plugin is activated:
 

Jellyfish:

The plugin catalogue and meta data can no longer be loaded: 

[2024-10-04 12:05:15.192 +02:00] [ERR] [17] MediaBrowser.Providers.Movies.MovieMetadataService: Error in "The Open Movie Database"
System.Net.Http.HttpRequestException: Resource temporarily unavailable (www.omdbapi.com:443)
 ---> System.Net.Sockets.SocketException (11): Resource temporarily unavailable

 

SABnzbdVPN:

Restart of the container no longer possible (see

 

If I deactivate the tailscale plugin in the settings, all containers work as desired again after I restart them.

 

Settings:

image.thumb.png.ecc1f67512e6a44243a2fd428ce3dea0.png


(it makes no difference whether DNS settings are activated/deactivated)

 

Does anyone know a way to solve this error?

Or do I have to explicitly use my Unraid server as an ‘exit node’ in this case so that the Docker containers can continue to access the Internet? I haven't activated this function yet because I don't need it.

Edited by raiderbert
Link to comment
Espressomatic Explorer

Espressomatic

Posted
Posted (edited)

 

17 hours ago, raiderbert said:

Does anyone know a way to solve this error?

Or do I have to explicitly use my Unraid server as an ‘exit node

 

I have exactly the same Tailscale plugin settings in place as you do on each of 4 different systems, and I'm also using the br0 network on a number of containers on 3 of those systems. I don't have any issues going out to the net on any container that should have that capability - not that I know of yet.

 

My docker networking for br0 is MACvlan and I'm running Unraid 7.0.0.beta3 (just updated from bet2 which I'd been running since June).

 

Every system is advertising my subnet, but none of them are set to accept a subnet from elsewhere (they don't need it). No exit points set up on these systems or on other systems connected to the Tailnet.

 

Plex can go fetch data, Stremio can load sources, JDownloader can do direct downloads from anywhere, QBittorrent working, (those are all on unique ips with br0), and even pfSense (in a VM) can download plugins and make cloud backups, etc.

 

 

Edited by Espressomatic
Link to comment
Espressomatic Explorer

Espressomatic

Posted
Posted

Hey, @EDACerton, in the LXC thread you'd mentioned Unraid 7beta3 would include something new for Tailscale docker access. Can you elaborate on that?

 

Just as a refresher, in the LXC thread I'd mentioned that I had installed TS and Nginx Proxy Manager into a Debian LXC to give NPM a direct connection to the tailnet making reverse proxy transparent and "just work" without any additional config or hoops to jump.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...