[Plugin] Tailscale

[EDACerton]

39 minutes ago, Angeloc said:

After upgrading Unraid to 6.12.0-rc6, ssh and samba through tailscale interface are broken, maybe it was caused by the following update:

 

Are there any workaround for this？

I just looked at the changes.... there's not a quick/simple workaround from what I can see. I've posted over in the prerelease thread asking about this.

[Squid]

6 minutes ago, EDACerton said:

I just looked at the changes.... there's not a quick/simple workaround from what I can see. I've posted over in the prerelease thread asking about this.

Since there is no quick and dirty workaround and stable is imminent, I'm going to mark Tailscale as being incompatible until such time  as the situation changes.

[EDACerton]

1 minute ago, Squid said:

Since there is no quick and dirty workaround and stable is imminent, I'm going to mark Tailscale as being incompatible until such time  as the situation changes.

Implementing functional changes to the platform with stable imminent... great

[stridemat]

On 5/20/2023 at 4:03 PM, EDACerton said:

Implementing functional changes to the platform with stable imminent... great

Is there likely to be a fix in the short term with this or is it a more fundamental change?

[EDACerton]

3 hours ago, stridemat said:

Is there likely to be a fix in the short term with this or is it a more fundamental change?

I’m waiting to see what feedback I can get from LimeTech. I figured out a way to make it work, but it’s not particularly pretty and so I’d rather see if I can get a fix from them before I roll out the workaround. 

[ytddewqf]

2 minutes ago, EDACerton said:

I’m waiting to see what feedback I can get from LimeTech. I figured out a way to make it work, but it’s not particularly pretty and so I’d rather see if I can get a fix from them before I roll out the workaround. 

 

Your plugin is a godsend for me, especially as I'm now behind CGNAT. I hope LimeTech work with you to help with the situation.

 

Keep up the great work!

[stridemat]

1 hour ago, EDACerton said:

I’m waiting to see what feedback I can get from LimeTech. I figured out a way to make it work, but it’s not particularly pretty and so I’d rather see if I can get a fix from them before I roll out the workaround. 

Agreed. Much better than running in docker from a resilience point of view. 

[EDACerton]

7 hours ago, BeardedNoir said:

 

Your plugin is a godsend for me, especially as I'm now behind CGNAT. I hope LimeTech work with you to help with the situation.

 

Keep up the great work!

Feel free to put a note in over on the prerelease thread so the powers that be can see that there’s interest in getting this fixed… I doubt most of them follow my support thread too closely 😁

[furian]

and here i was trying to get it working.. turned out that @Angeloc posted the exact reason why i could not get it working..

1 of my nodes is on the latest version.

 

hoping for a fix soon...

[bonienl]

A fix will come in a future release.

It will allow users to specify additional interfaces or IP addresses to listen to, this may include any custom tunnels.

 

[furian]

2 minutes ago, bonienl said:

A fix will come in a future release.

It will allow users to specify additional interfaces or IP addresses to listen to, this may include any custom tunnels.

 

 

wonderfull.. any idea how long i would have to wait for it?

[bonienl]

These changes are currently under test and likely too soon for 6.12.0 release.

I expect to  include them in 6.12.1

 

[Squid]

@EDACerton @bonienl

 

Thanks.  The plugin being marked as incompatible with 6.12 will remain in place until someone lets me know that the fix has been implemented either at the OS level or at the plugin level

[furian]

i went back to 6.12.0-rc5 to get it fixed

[ytddewqf]

6 hours ago, furian said:

i went back to 6.12.0-rc5 to get it fixed

 

I always upgrade to the latest unRaid build, but this plugin is my new favourite and I can't go back to not having it, so I've just done the same and rolled back to 6.12.0-rc5 👍

[stridemat]

Looks like I'm waiting until a .1 or .2 release then

[EDACerton]

On the bright side, from the Tailscale release notes for 1.42.0:

Quote

Unraid

• support Unraid as a NAS platform similar to how Synology and QNAP are handled

 

This might mean that some fun things will be happening in the next plugin update

[EDACerton]

On 5/23/2023 at 5:59 AM, bonienl said:

A fix will come in a future release.

It will allow users to specify additional interfaces or IP addresses to listen to, this may include any custom tunnels.

 

Can you please make it easy to programmatically add interfaces?

[EDACerton]

2023.05.25b

• Update Tailscale to 1.42.0
• Add Tailscale web interface to Settings page
• Add page for Tailscale / plugin logs
• Switch Taildrop implementation to use native Unraid support
• Add GUI options for --accept-routes and --accept-dns
• Add notifications for Tailscale key expiration

[adambeck7]

Seriously awesome plugin! Love that I can still access if docker goes down.

Is there any way I can get HTTPS working? I ran `tailscale cert {my_tailnet_name}` and it successfully generated the certs, but https still doesn't work. I have magic dns turned on, enabled https, and ran the script but nothing. Any ideas?

Edited May 31, 2023 by adambeck7

[EDACerton]

10 minutes ago, adambeck7 said:

Seriously awesome plugin! Love that I can still access if docker goes down.

Is there any way I can get HTTPS working? I ran `tailscale cert {my_tailnet_name}` and it successfully generated the certs, but https still doesn't work. I have magic dns turned on, enabled https, and ran the script but nothing. Any ideas?

Make certain that you set the Unraid domain name to your tailnet domain. If those don’t match, Unraid will replace the Tailscale certificate with a self-signed one. 

[adambeck7]

12 hours ago, EDACerton said:

Make certain that you set the Unraid domain name to your tailnet domain. If those don’t match, Unraid will replace the Tailscale certificate with a self-signed one. 

 

Thank you. I'm sure this is the missing piece, but I can't change the domain successfully. I went to Settings > Management Access and updated the Local TLD, but it keeps throwing an extra `UNRAID` in front of my TLD, like `UNRAID.myMachine.mytailnet` even though the local TLD is set to `myMachine.mytailnet`. Any idea what I'm going wrong? I don't see another value hanging around that is just UNRAID anywhere. I'm guessing it's just inserting the machine name, but any idea how I'd stop it? Or am I updating the wrong value?

Edited May 31, 2023 by adambeck7
clarification

[EDACerton]

7 hours ago, adambeck7 said:

 

Thank you. I'm sure this is the missing piece, but I can't change the domain successfully. I went to Settings > Management Access and updated the Local TLD, but it keeps throwing an extra `UNRAID` in front of my TLD, like `UNRAID.myMachine.mytailnet` even though the local TLD is set to `myMachine.mytailnet`. Any idea what I'm going wrong? I don't see another value hanging around that is just UNRAID anywhere. I'm guessing it's just inserting the machine name, but any idea how I'd stop it? Or am I updating the wrong value?

You don't want to set your local TLD to mymachine.mytailnet... it should just be mytailnet.

 

You should set the "Server Name" in "Identification" to mymachine... it sounds like that's currently set to UNRAID.

[adambeck7]

On 5/31/2023 at 2:44 PM, EDACerton said:

You don't want to set your local TLD to mymachine.mytailnet... it should just be mytailnet.

 

You should set the "Server Name" in "Identification" to mymachine... it sounds like that's currently set to UNRAID.

Thanks. I just found the help section in the plugin, sorry I missed that earlier. So I ran through the whole process, navigated to `/boot/config/ssl/certs` verified it has the .pem file, and ran the restart script, but https still fails. There is one error in the log about health overall not in map poll, and then there is the info log about someone dleteing ip rules and restoring tailscale's.

 

Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:58 magicsock: SetPrivateKey called (init)
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:58 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:58 active login: [email protected]
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:58 control: netmap: got new dial plan from control
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:58 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:57 control: creating new noise client
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:57 control: RegisterReq: onode= node=[vyWMG] fup=false nks=false
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:57 control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 router: somebody (likely systemd-networkd) deleted ip rules; restoring Tailscale's
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 control: doLogin(regen=false, hasUrl=false)
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 health("overall"): error: not in map poll
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 control: client.Login(false, 0)
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 Backend: logs: be:79bf379505cc8f270fadc1401b825ad66be04a648fc0e3f379af fe:
Jun  1 15:51:58 UNRAID tailscaled: 2023/06/01 15:51:52 Start

 

[stridemat]

On 6/6/2023 at 10:44 AM, bonienl said:

HOW TO SETUP TAILSCALE OR ZEROTIER COMMUNICATION

 

• Install the Tailscale or Zerotier docker container as usual and start the container
• It is recommended to have this container autostart as the first container in the list

 

 

• Go to Settings -> Network Settings -> Interface Extra
• This is a new section which allows the user to define which interfaces are used by the Unraid services. By default all regular interfaces with an IP address are included in the list of listening interfaces
• The tunnels of the built-in WireGuard function of Unraid are automatically added or removed from the list when the Wireguard tunnels are activated or deactivated. The user may exclude these tunnels from the list of listening interfaces
• To use the Tailscale or Zerotier interface, it is required to add the interface name or IP address of the communication to the list of included listening interfaces. It is imperative that Tailscale or Zerotier container is running before the interface is added to the list.

 

 

• A check is done if a valid name or IP address is entered and the new entry is added to the list of current listening interfaces. At this point, services are restarted to make them listen to the new interface as well

 

 

• When the new listening interface is active, it is possible to use it. For example it allows Tailscale to enter the GUI on its designated IP address

 

 

Included and Excluded listening interfaces need to be reactivated each time the server reboots or the array is restarted.

To automate this process, you can add the following code in the "go" file (place it before starting the emhttpd daemon)

 

# reload services after starting docker with 20 seconds grace period to allow starting up containers
event=/usr/local/emhttp/webGui/event/docker_started
mkdir -p $event
cat <<- 'EOF' >$event/reload_services
#!/bin/bash
echo '/usr/local/emhttp/webGui/scripts/reload_services' | at -M -t $(date +%Y%m%d%H%M.%S -d '+20 sec') 2>/dev/null
EOF
chmod +x $event/reload_services

 

With this code in place and autostart of containers is enabled, it will ensure the listening interfaces are automatically updated after a system reboot or array restart.

 

 

Looks like the fix will be in the final build (it seems to be in rc7). 
 

Seems like a support headache though?