Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

14 hours ago, Rincewind said:

Hmmm, removing this plugin, does not - sadly - a virgin UNRAID implementation leave :(

 

Any luck with my diagnostics package?

Never mind, I used the settings page to disable the tailscale plugin and now it works as it did before - PEBKAC - and newbie to UNRAID, still finding my feet.

  • Replies 1.7k
  • Views 376.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

Hey,

 

I have Tailscale installed and its working well as an exit node.

 

I want to also install my Mullvad VPN for some docker containers I use. When I import the tunnel into Unraids built in VPN manager and activate it, having it set using VPN tunneled access for docker, my Tailscale exit node will not work. 

 

Is there any way to get these to work simultaneously? Thanks

On 10/1/2024 at 9:46 AM, Elmojo said:

Ok, got a weird one...

TS is working great, except on 1 machine - My wife's desktop.  The only thing different about her machine is that it connects wirelessly to my home LAN.  Otherwise, it's a typical Windows 10 desktop PC.
Anyway, here's the deal...
She can browse the internet, and can see other devices on our LAN (including the server GUI, and VMs on the server), but cannot see shares on our unraid server if TS is enabled.

If I turn it off, then it will usually work.  I can even turn TS off, then back on, and it will often allow share access.

I did have to enable NetBIOS on the server (plugin) side, because it was killing the scan to file on my copier, but this doesn't seem to have affected any of the other devices in the home.

Can anyone think of a reason why her machine specifically would be having intermittent loss of shares access?  It's maddening.

 

Diags package attached, if it's helpful.

Tower-tailscale-diag-20241001-094150.zip 641.91 kB · 1 download

Any thoughts on this?  I think it may have gotten lost in the stack.

  • Author
On 10/1/2024 at 9:46 AM, Elmojo said:

Ok, got a weird one...

TS is working great, except on 1 machine - My wife's desktop.  The only thing different about her machine is that it connects wirelessly to my home LAN.  Otherwise, it's a typical Windows 10 desktop PC.
Anyway, here's the deal...
She can browse the internet, and can see other devices on our LAN (including the server GUI, and VMs on the server), but cannot see shares on our unraid server if TS is enabled.

If I turn it off, then it will usually work.  I can even turn TS off, then back on, and it will often allow share access.

I did have to enable NetBIOS on the server (plugin) side, because it was killing the scan to file on my copier, but this doesn't seem to have affected any of the other devices in the home.

Can anyone think of a reason why her machine specifically would be having intermittent loss of shares access?  It's maddening.

 

Diags package attached, if it's helpful.

Tower-tailscale-diag-20241001-094150.zip 641.91 kB · 1 download

I can see that you're advertising a subnet route from your Unraid server.

 

Is the setting to use Tailscale subnets enabled on her desktop?

 

Otherwise, it's fairly difficult to read your log files... it seems like NAT-PMP on your router and Tailscale aren't playing well together, plus there's a lot of nginx messages in the syslog.

  • Author
9 hours ago, jarredh said:

Hey,

 

I have Tailscale installed and its working well as an exit node.

 

I want to also install my Mullvad VPN for some docker containers I use. When I import the tunnel into Unraids built in VPN manager and activate it, having it set using VPN tunneled access for docker, my Tailscale exit node will not work. 

 

Is there any way to get these to work simultaneously? Thanks

It sounds like you're effectively creating two different "exit nodes".... one with Wireguard and one with Tailscale.

 

If you want to use both, it might be better to connect the containers via WireGuard-Docker.

30 minutes ago, EDACerton said:

I can see that you're advertising a subnet route from your Unraid server.

 

Is the setting to use Tailscale subnets enabled on her desktop?

 

Otherwise, it's fairly difficult to read your log files... it seems like NAT-PMP on your router and Tailscale aren't playing well together, plus there's a lot of nginx messages in the syslog.

Yes, TS subnets are enable on her desktop.

How would I go about resolving NAT-PMP/TS collisions, or whatever you're seeing?
My router is pfsense, if that helps.
What sort of nginx messages?  Errors?  I have no idea how to read a log, so I'm relying on you for this one. :)

Edited by Elmojo

38 minutes ago, Elmojo said:

How would I go about resolving NAT-PMP/TS collisions

 

How about setting the TS client to not connect when it's on your LAN?

Pardon my ignorance; it's been a while.

Wanting to set up a "new" Unraid server as a Tailscale Exit Node using this plugin -

 

What is the today and now correct way/how to enable a device as a exit node?

8 hours ago, Espressomatic said:

 

How about setting the TS client to not connect when it's on your LAN?

It's a desktop PC, it's always on my LAN. lol

  • Author
12 hours ago, Elmojo said:

Yes, TS subnets are enable on her desktop.

How would I go about resolving NAT-PMP/TS collisions, or whatever you're seeing?
My router is pfsense, if that helps.
What sort of nginx messages?  Errors?  I have no idea how to read a log, so I'm relying on you for this one. :)

I'd try turning subnet routes off. For the NAT-PMP, you'd have to make certain that it is properly configured on pfSense:

https://docs.netgate.com/pfsense/en/latest/services/upnp.html

3 hours ago, Elmojo said:

It's a desktop PC, it's always on my LAN. lol

 

Are you're connecting TO it from the outside? Does it need to be on your tailnet?

 

The only "desktops" I have are all servers, so I keep them on the tailnet all the time, but it's not used for local addresses and that seems to work reliably. My phones and notebooks all activate and deactivate TS depending on whether or not they're at home. But I did just test forcing my Macbook to always be connected to TS and SMB connections all continue to work as expected.

 

Edited by Espressomatic

2 hours ago, EDACerton said:

I'd try turning subnet routes off. For the NAT-PMP, you'd have to make certain that it is properly configured on pfSense:

Thanks, I'll try disabling both and see if that helps.  I don't really have anything in the home that would require uPnP anyway, so let's see what happens with it off entirely in pfSense.

 

1 hour ago, Espressomatic said:

Are you're connecting TO it from the outside? Does it need to be on your tailnet?

Yes.  My wife connects to her home desktop from work, so she can have access to files on our home server.

I'd probably start by disabling NetBIOS while investigating this.

 

And a shot in the dark... How is your wireless set up? Are you using real AP? Combo device in bridge mode? Not double-NAT right?

Did you happen to see this post back in the thread?

 

 

On 3/25/2023 at 1:51 PM, EDACerton said:

From Community Applications, install "Plugin Diagnostics".

 

I just wanted to mention that this isn't showing up in CA - not while running Unraid 7 anyway.

  • Author
38 minutes ago, Espressomatic said:

 

I just wanted to mention that this isn't showing up in CA - not while running Unraid 7 anyway.

@Squid

  • Author
2 hours ago, Espressomatic said:

 

I just wanted to mention that this isn't showing up in CA - not while running Unraid 7 anyway.

This should be fixed now... some unintended side effects from the plugin migrating to Unraid's official repository last night.

ADDITION: Disabling magic dns resolved the issue.

 

 

Hello, I have successfully installed and set up the Tailscale plugin, which allows me to remotely access my Unraid server and the individual Docker containers.
Since then, however, various Docker containers have been behaving strangely (network type: custom br0).

It looks like a connection to the internet is no longer possible.

Errors when the tailscale plugin is activated:
 

Jellyfish:

The plugin catalogue and meta data can no longer be loaded:

[2024-10-04 12:05:15.192 +02:00] [ERR] [17] MediaBrowser.Providers.Movies.MovieMetadataService: Error in "The Open Movie Database"
System.Net.Http.HttpRequestException: Resource temporarily unavailable (www.omdbapi.com:443)
 ---> System.Net.Sockets.SocketException (11): Resource temporarily unavailable

 

SABnzbdVPN:

Restart of the container no longer possible (see

 

If I deactivate the tailscale plugin in the settings, all containers work as desired again after I restart them.

 

Settings:

image.thumb.png.ecc1f67512e6a44243a2fd428ce3dea0.png


(it makes no difference whether DNS settings are activated/deactivated)

 

Does anyone know a way to solve this error?

Or do I have to explicitly use my Unraid server as an ‘exit node’ in this case so that the Docker containers can continue to access the Internet? I haven't activated this function yet because I don't need it.

Edited by raiderbert

 

17 hours ago, raiderbert said:

Does anyone know a way to solve this error?

Or do I have to explicitly use my Unraid server as an ‘exit node

 

I have exactly the same Tailscale plugin settings in place as you do on each of 4 different systems, and I'm also using the br0 network on a number of containers on 3 of those systems. I don't have any issues going out to the net on any container that should have that capability - not that I know of yet.

 

My docker networking for br0 is MACvlan and I'm running Unraid 7.0.0.beta3 (just updated from bet2 which I'd been running since June).

 

Every system is advertising my subnet, but none of them are set to accept a subnet from elsewhere (they don't need it). No exit points set up on these systems or on other systems connected to the Tailnet.

 

Plex can go fetch data, Stremio can load sources, JDownloader can do direct downloads from anywhere, QBittorrent working, (those are all on unique ips with br0), and even pfSense (in a VM) can download plugins and make cloud backups, etc.

 

 

Edited by Espressomatic

Hey, @EDACerton, in the LXC thread you'd mentioned Unraid 7beta3 would include something new for Tailscale docker access. Can you elaborate on that?

 

Just as a refresher, in the LXC thread I'd mentioned that I had installed TS and Nginx Proxy Manager into a Debian LXC to give NPM a direct connection to the tailnet making reverse proxy transparent and "just work" without any additional config or hoops to jump.

On 10/4/2024 at 8:18 AM, raiderbert said:

Hello, I have successfully installed and set up the Tailscale plugin, which allows me to remotely access my Unraid server and the individual Docker containers.
Since then, however, various Docker containers have been behaving strangely (network type: custom br0).

It looks like a connection to the internet is no longer possible.

Errors when the tailscale plugin is activated:
 

If I deactivate the tailscale plugin in the settings, all containers work as desired again after I restart them.

 

Does anyone know a way to solve this error?

 

 

I have now been able to narrow down the problem somewhat. 
I tested with a chromium container.
With network type “Bridge”, the connection to websites in this browser works perfectly, regardless of Tailscale.
If I set the container to “Custom: br0”, I can only call up websites in the browser if I first use
tailscale down
to close the connection to the tailscale network, then start the container.
I can then use 
tailscale up 
to re-establish the connection to Tailscale without affecting already running/functioning containers.


Unfortunately, all containers with custom network br0 are actually affected.
If I reboot them while connected to the Tailscale network, the containers do not get a connection to the internet.

 

Does anyone have an idea how I can further analyze the problem?

On 10/5/2024 at 1:13 AM, Espressomatic said:

My docker networking for br0 is MACvlan and I'm running Unraid 7.0.0.beta3 (just updated from bet2 which I'd been running since June).

 

Thank you very much for your answer. My Docker network was still running with the network type “ipvlan” until just now.
I changed it to “macvlan”, but unfortunately this did not bring any improvement.

 

image.thumb.png.b52b6ec9f7d1f1c9b2461c028a1b5280.png

I am at a loss. I have tried every setting, both enabled and disabled to try and access my tailscale IP to enter my WebGUI but it does not work. Not only does that fail but I also can't access any docker containers using their ports. Any help would be greatly appreciated.

I have made sure to have these settings below:
image.thumb.png.fb82bc2a3a9dea03f224dc8bbde012f0.png

I have also enabled the exit node and set subnets for the approved IP range of: 192.168.1.0/24

Attached is the diagnostics. Any help is appreciated folks.

Tower-tailscale-diag-20241006-093528.zip

On 3/26/2023 at 11:26 PM, ADvorsky said:

just for your info.... tailscales magic dns might break your docker containers.

/etc/resolv.conf gets copied to all freshly started contaieners from the host, which points to a dns not existing inside the container...

disabling magic dns resolved this issue.

Thank you very much! Disabling magic dns resolved the issue with all my br0 docker containers!

Edited by raiderbert

2 hours ago, raiderbert said:

I tested with a chromium container.
... If I set the container to “Custom: br0”, I can only call up websites in the browser if I first use tailscale down

 

I'm going to try this right now and will let you know what I see on my system - in case there's any difference compared to the other containers I mentioned earlier.

 

I have always had Magic DNS turned ON and have created a name-name.ts.net tailnet name, I have also specified my own DNS server (actually black hole and resolver) as the global (every machine that sits on the LAN also uses the same DNS, assigned by DHCP:

 

image.png.5f2b0d8fd99e51421194f1029df69a89.png

 

 

The results for Chromium match yours - it is unable to reach any domain name - DNS doesn't work at all. It doesn't seem to matter which settings I change in Chromium. I can reach devices in my LAN by IP address.

 

BUT... I think I found the problem and a solution. Doing some testing.

 

Edited by Espressomatic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.