Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

  • Replies 1.7k
  • Views 376.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

Today I use tailscale command to accept routes (tailscale set --accept-routes), after entering the command, my unraid did not respond to the command and I no longer be able to access my unraid either my its local IP or tailnet IP. What should I do?

9 hours ago, bthoven said:

Today I use tailscale command to accept routes (tailscale set --accept-routes), after entering the command, my unraid did not respond to the command and I no longer be able to access my unraid either my its local IP or tailnet IP. What should I do?

I had the same problem yesterday with the tailscale set command. Also couldn’t access the server afterwards. I removed the server via the Tailscale Homepage from the list and rebooted. I was then able to access my server again. 
 

Don’t know yet what happened. Have not reconnected the server yet. 

  • Author

Enabling --accept-routes on an Unraid server is almost always a bad idea. You shouldn’t enable that unless you understand the ramifications of turning it on. The plugin has some logic in it to help folks that turn it on anyways, but it’s not perfect. 

 

There’s a reason that the GUI option to enable it is in “Advanced” mode *and* includes a warning message. 

Edited by EDACerton

Yeah, I use that for installations outside my LAN, not for anything within it.

Ok, I am new to this. Found a walkthrough on how to use a proxy for an VM and I was able to do it!  How do I do it with a VM that is a ubuntu and has multiple containers that have the same Ip but different ports?

  • Author
Just now, kack8457 said:

Ok, I am new to this. Found a walkthrough on how to use a proxy for an VM and I was able to do it!  How do I do it with a VM that is a ubuntu and has multiple containers that have the same Ip but different ports?

Installing Tailscale in an Ubuntu VM is outside of the scope of the Tailscale plugin for Unraid. You should take that question to either Ubuntu or Tailscale support communities. 

11 minutes ago, EDACerton said:

Installing Tailscale in an Ubuntu VM is outside of the scope of the Tailscale plugin for Unraid. You should take that question to either Ubuntu or Tailscale support communities. 

Thank you! Will do

 

Happily using tailscale with help of the new plugin and with spaceinvader1's videos.

 

I can access my vm''s from the internet, I have setup specific dns addresses in my own domain. Everything works great. I have also been able to use the docker-mod to give one of my dockers a specific tailscale address, also works great !

 

I have also added the mullvad exit nodes (payed option), also works !)

 

It is amazing how easy this product works.

 

Now what I want to do is to force that docker to use a mullvad exit node. I have set this container to make it possible to us a mullvad exit node, I then give the following command on the container console:   

 

tailscale up --exit-node=100.70.79.111 --exit-node-allow-lan-access

 

As far as I understand that should make the container use the exit node while still alowing local access.

 

Unfortuantely this does not work. The container does not route its traffic thru the exit node.

 

Any help is appreciated.

  • Author
19 minutes ago, Helmonder said:

Happily using tailscale with help of the new plugin and with spaceinvader1's videos.

 

I can access my vm''s from the internet, I have setup specific dns addresses in my own domain. Everything works great. I have also been able to use the docker-mod to give one of my dockers a specific tailscale address, also works great !

 

I have also added the mullvad exit nodes (payed option), also works !)

 

It is amazing how easy this product works.

 

Now what I want to do is to force that docker to use a mullvad exit node. I have set this container to make it possible to us a mullvad exit node, I then give the following command on the container console:   

 

tailscale up --exit-node=100.70.79.111 --exit-node-allow-lan-access

 

As far as I understand that should make the container use the exit node while still alowing local access.

 

Unfortuantely this does not work. The container does not route its traffic thru the exit node.

 

Any help is appreciated.

This isn't a support topic for the docker mod (issues with that should go to the Docker mod GitHub page, since I don't develop that), however:

 

Routing traffic via an exit node requires that the container use Tailscale in "kernel networking" mode, not "userspace networking" mode. I don't know if the docker mod can be switched to use kernel networking.

 

However, you could install Tailscale as a sidecar container with kernel networking: https://selfhosters.net/remote/tailscale/docker/#running-tailscale-as-a-sidecar-container

Thanks for this tip, I will dive into that !

On 11/10/2024 at 10:38 AM, Helmonder said:

Thanks for this tip, I will dive into that !

 

You can always use NPM (or other reverse proxy) and Tailscale together on Debian, running inside a Linux Container (LXC). Works very well to get anything with your own FQDN(s) connected to any Docker container or VM on your system(s). If you're interested in trying that out, I've just posted some instructions to the NPM Docker thread.

 

 

Edited by Espressomatic

  • Author
7 hours ago, Espressomatic said:

 

You can always use NPM (or other reverse proxy) and Tailscale together on Debian, running inside a Linux Container (LXC). Works very well to get anything with your own FQDN(s) connected to any Docker container or VM on your system(s). If you're interested in trying that out, I've just posted some instructions to the NPM Docker thread.

 

 

Disclaimer: users should understand that by running Tailscale/NPM/(anything actually) in an LXC, they inherit any work required to update/maintain that installation. They will no longer get updates from containers, etc... they will have to either manually update the applications/LXC or set up automation to do so.

12 minutes ago, EDACerton said:

Disclaimer: users should understand that by running Tailscale/NPM/(anything actually) in an LXC, they inherit any work required to update/maintain that installation

 

This also doesn't replace Tailscale running as an Unraid Plugin on my systems.

 

 

Love this plugin, was wondering if there is a way of seeing the inbound and outbound speed of just the tailscale Interface/plugin.

 

 

On 11/11/2024 at 5:20 PM, Espressomatic said:

 

You can always use NPM (or other reverse proxy) and Tailscale together on Debian, running inside a Linux Container (LXC). Works very well to get anything with your own FQDN(s) connected to any Docker container or VM on your system(s). If you're interested in trying that out, I've just posted some instructions to the NPM Docker thread.

 

 

 

Oh absolutely get that.. If I would move to a VM it would be easy, but docker is  lot more conventient so I will work towards that.

LXC = Linux Container.  Not a VM.

 

I don't know how to get the same functionality using NPM in docker along with the Tailscale plugin.

  • Author
3 hours ago, Espressomatic said:

LXC = Linux Container.  Not a VM.

 

I don't know how to get the same functionality using NPM in docker along with the Tailscale plugin.

 

3 hours ago, Helmonder said:

 

Oh absolutely get that.. If I would move to a VM it would be easy, but docker is  lot more conventient so I will work towards that.

Please take discussion about running Tailscale in LXC/VM to another thread, it’s out of scope for the plugin support thread. 

Any info for this warning from Tailscale?

 

Quote

Warning: UDP GRO forwarding is suboptimally configured on shim-br0, UDP forwarding throughput capability will increase with a configuration change.
See https://tailscale.com/s/ethtool-config-udp-gro

 

I don't want to get too far into the weeds installing stuff to try and follow the info at the TS help site, unless it's going to be beneficial.

 

 

Edited by Espressomatic

  • Author
58 minutes ago, Espressomatic said:

Any info for this warning from Tailscale?

 

 

I don't want to get too far into the weeds installing stuff to try and follow the info at the TS help site, unless it's going to be beneficial.

 

 

That error shouldn't affect anything. The plugin already sets the GRO forwarding for the system interface, the warning is just for the Docker shim network.

Hello people:)

 

I´ve got some problems with the plugin.. I can see that alot of people can access the cli.. But how do you ssh into the plugin??

I would also like change my subnet routes.. so that it looks like my own:)

 

Hope you can help me..

thank you

regards

3 hours ago, Mattti1912 said:

I can see that alot of people can access the cli.. But how do you ssh into the plugin??

 

ssh [email protected]

password: ********

tower$ tailscale --help

 

Hello again..

 

Thank you i will try that:)

 

For now i have problems setting up this nginx proxy manager.. Would it in this regard be helpfull, changing the dns to my local subnet route?? changing the server to exit-node

 

Any other advices ? 

 

Thank you!

regards

Edited by Mattti1912

No need to use exit nodes for basic use. Exit nodes designate a machine to go to the internet, so setting one up is a way to proxy your traffic over the secure VPN connection. A local exit node is used/useful when you're connecting from the outside, and a remote exit node would be used/useful when you're connecting from you local network (just like any other commercial VPN let's say).

 

If you're running NPM on a bridge network, using the IP of the Unraid machine itself, it should "just work" - if instead you're using a custom network with a unique IP in the subnet, it probably won't. As I recall, this was the impetus for me to run NPM in LXC, where I also installed another Tailscale client instance.

 

For DNS, I exclusively use my own service (on my local subnet), normally handed out by DHCP to all clients and also set in Tailscale's Global DNS settings. The IP is that of my AdGuard Home instance which then connects to Unbound. If you're running your own DNS services, I suggest you also set Tailscale's Global DNS setting to its IP and also enable it to override local if you have or plan to connect machines that might default to some other DNS (for example, I have a couple of remote systems that would otherwise get some other DNS) - plus mobile devices that would get a random (unknown) DNS when outside the LAN).

 

Tailscale Admin panel, DNS tab:

 

image.png.2a65f2510ff4bcf0f10b014997f49e7d.png

 

I also keep Magic DNS turned OFF, because IMO, it just doesn't work the way I want it to. As I can't specify the root domain for it, I don't want it creating BS records. I already have DNS entries for all machines and services on my network, handled by Unbound (some of which are also proxied by NPM).

 

With the Global DNS set, you can use Tailscale's DNS if you wish (setting on clients), as it'll forward to that global.

 

Don't forget to create DNS entries in your forwarder or resolver (or hosts files) to send the required FQDNs to NPM's IP, otherwise it won't ever get connections to proxy. :)

 

 

Edited by Espressomatic

Hello again. Thank you.

 

I didnt think that, using a adguard dns could be the problem? I have the adguard dns and set up like this: 

 

 

Only different is that it has it´s own ip address, and that the container is set to br0.

 

im not sure what you mean?? english is not my first language :)  So do i have to change my global nameservers to the one from my adguard??

 

Thank you for all your help:)

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.