[Plugin] Tailscale

EDACerton

By EDACerton
in Plugin Support

Recommended Posts

Recommended

Posted by EDACerton,

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't needed for most installs. Usually, if this happens the WebGUI is still accessible via the Tailscale IP/name. Try connecting via that address, then disable "Use Tailscale Subnets". If you don't know the Tailscale IP for your server, you can get it from ano
Recommended by EDACerton
  • Like

4 reactions

Go to this post
  • Replies 726
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

EDACerton
EDACerton

Tailscale     Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. The service handles complex netw

EDACerton
EDACerton

2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

EDACerton
EDACerton

Common Issues I can't access the WebGUI after logging in to Tailscale This is usually caused by enabling the "Use Tailscale Subnets" feature. This feature isn't neede

Posted Images

rogueosb Noob

rogueosb

Posted
Posted (edited)

I followed the instructions in the post, but did not add the script at the end and it survives a reboot just fine without the need to modify the go script.

EDIT: My interface name was "tailscale1", rather than 0 as in the instructions.

Edited by rogueosb
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
9 hours ago, rogueosb said:

I followed the instructions in the post, but did not add the script at the end and it survives a reboot just fine without the need to modify the go script.

EDIT: My interface name was "tailscale1", rather than 0 as in the instructions.

I'm glad to hear that.... means my job will hopefully be easy :). There's probably a race condition related to when tailscale comes up vs. when ssh/nginx start, but I'll handle that in the startup script that Tailscale uses.

 

The plugin does use tailscale1 for the interface name... that helps when people accidentally install both the plugin and the docker container (docker creates tailscale0, so using tailscale1 avoids conflicts... you still can't run them together, but it makes fixing it easier).

Link to comment
JustMatt Noob

JustMatt

Posted
Posted

Hi! I'm still trying to learn my way around Tailscale, and I'm trying to get the plugin to work correctly with my reverse proxy container.

 

I have a custom docker network which traefik and other app containers belong to. When I am connected to my LAN, I'm able to access the containers' web interfaces via my domain. When I am on an external network, none of the requests to my domain are being routed to the reverse proxy (no access logs on Traefik). I've already confirmed from my remote client that my DNS server correctly returns an A record with the Tailscale IP address of my unRAID server.

 

After browsing through this post, I wonder if the ability to listen in on interfaces would solve my problem.

Does anyone have any suggestions on what I might try to get this thing working?

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted (edited)

2023.06.09

  • Adds support for Unraid 6.12

This release adds a new setting to have Unraid services listen on the Tailscale interfaces (enabled by default). You don't need to do anything listed in the pre-release thread for 6.12rc7, the plugin handles all of it.

 

@Squid This resolves the compatibility issue with 6.12, you can remove that flag now.

Edited by EDACerton
  • Like 1
  • Thanks 1
Link to comment
milouz Noob

milouz

Posted
Posted

My logs are full of this kind of line:

Jun 9 15:47:12 NAS tailscaled: 2023/06/09 15:47:07 wg: [rNaiD] - Failed to send handshake initiation: peer's node key has expired

all my devices on my tailscale network have valid key and my unRAID server has  Expiry disabled

what does these errors mean?

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
4 hours ago, milouz said:

My logs are full of this kind of line:

Jun 9 15:47:12 NAS tailscaled: 2023/06/09 15:47:07 wg: [rNaiD] - Failed to send handshake initiation: peer's node key has expired

all my devices on my tailscale network have valid key and my unRAID server has  Expiry disabled

what does these errors mean?

If all of your devices have a valid key, I’m not certain why you would get that message.

 

Feel free to post diagnostics and I’ll take a look at the logs. It seems like an internal Tailscale/Wireguard problem, though, so you might be better off posting over at Tailscale about it.

 

 

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
22 hours ago, JustMatt said:

Hi! I'm still trying to learn my way around Tailscale, and I'm trying to get the plugin to work correctly with my reverse proxy container.

 

I have a custom docker network which traefik and other app containers belong to. When I am connected to my LAN, I'm able to access the containers' web interfaces via my domain. When I am on an external network, none of the requests to my domain are being routed to the reverse proxy (no access logs on Traefik). I've already confirmed from my remote client that my DNS server correctly returns an A record with the Tailscale IP address of my unRAID server.

 

After browsing through this post, I wonder if the ability to listen in on interfaces would solve my problem.

Does anyone have any suggestions on what I might try to get this thing working?

The “listen on interface” changes wouldn’t help with this — that’s for Unraid services, not docker containers. 
 

Have you enabled “Host access to custom networks” in your docker settings?

Link to comment
milouz Noob

milouz

Posted
Posted
3 hours ago, EDACerton said:

If all of your devices have a valid key, I’m not certain why you would get that message.

 

Feel free to post diagnostics and I’ll take a look at the logs. It seems like an internal Tailscale/Wireguard problem, though, so you might be better off posting over at Tailscale about it.

 

 

 

Thanks for your help.
I'll try to ask tailscale also.

nas-diagnostics-20230609-2323.zip

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
On 6/9/2023 at 5:27 PM, milouz said:

 

Thanks for your help.
I'll try to ask tailscale also.

nas-diagnostics-20230609-2323.zip 216.47 kB · 0 downloads

I took a look and didn't see anything that seems out of place. I recommend running a "tailscale bugreport" and provide the info from that to the folks over on the Tailscale side (that generates an identifier so they can check the logs).

Link to comment
ramair02 Rookie

ramair02

Posted
Posted

My logs are littered with...

  

Jun 14 15:54:24 homegrown tailscaled: 2023/06/14 15:54:24 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:27 homegrown tailscaled: 2023/06/14 15:54:27 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:37 homegrown tailscaled: 2023/06/14 15:54:37 open-conn-track: timeout opening (TCP 100.71.223.5:47567 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:39 homegrown tailscaled: 2023/06/14 15:54:39 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:40 homegrown tailscaled: 2023/06/14 15:54:40 open-conn-track: timeout opening (TCP 100.71.223.5:47567 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:47 homegrown tailscaled: 2023/06/14 15:54:47 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:47 homegrown tailscaled: 2023/06/14 15:54:47 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 [RATELIMIT] format("open-conn-track: timeout opening %v; no associated peer node")
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 [RATELIMIT] format("open-conn-track: timeout opening %v; no associated peer node") (1 dropped)
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node

 

Everything seems to be working fine, but these lines are constantly repeating in the logs. Any insight?

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
1 hour ago, ramair02 said:

My logs are littered with...

  

Jun 14 15:54:24 homegrown tailscaled: 2023/06/14 15:54:24 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:27 homegrown tailscaled: 2023/06/14 15:54:27 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:37 homegrown tailscaled: 2023/06/14 15:54:37 open-conn-track: timeout opening (TCP 100.71.223.5:47567 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:39 homegrown tailscaled: 2023/06/14 15:54:39 open-conn-track: timeout opening (TCP 100.71.223.5:51675 => 172.64.96.12:443); no associated peer node
Jun 14 15:54:40 homegrown tailscaled: 2023/06/14 15:54:40 open-conn-track: timeout opening (TCP 100.71.223.5:47567 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:47 homegrown tailscaled: 2023/06/14 15:54:47 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:47 homegrown tailscaled: 2023/06/14 15:54:47 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node
Jun 14 15:54:50 homegrown tailscaled: 2023/06/14 15:54:50 [RATELIMIT] format("open-conn-track: timeout opening %v; no associated peer node")
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 [RATELIMIT] format("open-conn-track: timeout opening %v; no associated peer node") (1 dropped)
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 open-conn-track: timeout opening (TCP 100.71.223.5:54857 => 172.64.163.13:443); no associated peer node
Jun 14 15:55:02 homegrown tailscaled: 2023/06/14 15:55:02 open-conn-track: timeout opening (TCP 100.71.223.5:42959 => 45.154.253.8:80); no associated peer node

 

Everything seems to be working fine, but these lines are constantly repeating in the logs. Any insight?

I sent you a PM with some information... I think there is something else that is sending traffic places it shouldn't, which is why these error messages are ending up in the logs.

Link to comment
ramair02 Rookie

ramair02

Posted
Posted (edited)
2 hours ago, EDACerton said:

I sent you a PM with some information... I think there is something else that is sending traffic places it shouldn't, which is why these error messages are ending up in the logs.

 

Thanks for the reply, EDACerton. I also saw your PM. I'm not sure what's going on -- everything I Google essentially says it is a bug with NetworkManager / ConnectivityCheck and doesn't affect the operation of Tailscale. However, it is annoying and I don't remember having this issue when I was using the Tailscale Docker Container. I'm not sure if the research I've done is related to the syslog being spammed with the above, but it's all I could find searching around.

 

https://github.com/tailscale/tailscale/issues/5175

https://forum.tailscale.com/t/ratelimit-format-open-conn-track-timeout-opening-v-no-associated-peer-node/1456/2

https://forum.tailscale.com/t/open-conn-track-timeout/2231

 

FWIW, unraid is setup as an exit node in Tailscale. I've also tested with Accept Routes on & off as well as Accept DNS on & off. Logs still get spammed with the same.

Edited by ramair02
Link to comment
Derek Watson Noob

Derek Watson

Posted
Posted (edited)

Hello

 

Just started using tailscale.  One problem I'm having is when I reboot my unraid server, tailscale status says "stopped" I then need to take off the plugin and reinstall.  Can anyone point me in the right direction?  I'm on the latest version as well as unrail 6.12.

 

Running: 

/etc/rc.d/rc.tailscale restart      

 

brings it back online.

 

Should i need to do this after every reboot?

 

image.thumb.png.e47cea9a1569219fad83839ec12a7fbd.png

Edited by Derek Watson
Link to comment
trevorstarick Noob

trevorstarick

Posted
Posted (edited)

As of plugin version 2023.06.11a and/or 6.12.0-RC8/6.12.0, I'm encountering an issue where when I have the plugin installed, I'm unable to access any of my servers on their local IP (192.168.1.xxx) but am able to access them via their tailnet IP (100.xxx.xxx.xxx).

I'm going to do a bit more digging into what might be happening, but wanted to post a comment to see if this is an issue affecting more than myself.

 

EDIT:

I also noticed that when I uninstalled the plugin, I needed to toggle SSH in the "Management Access" section in Settings, or reboot to get SSH access to the server.

Edited by trevorstarick
Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
9 minutes ago, ramair02 said:

 

Thanks for the reply, EDACerton. I also saw your PM. I'm not sure what's going on -- everything I Google essentially says it is a bug with NetworkManager / ConnectivityCheck and doesn't affect the operation of Tailscale. However, it is annoying and I don't remember having this issue when I was using the Tailscale Docker Container. I'm not sure if the research I've done is related to the syslog being spammed with the above, but it's all I could find searching around.

 

https://github.com/tailscale/tailscale/issues/5175

https://forum.tailscale.com/t/ratelimit-format-open-conn-track-timeout-opening-v-no-associated-peer-node/1456/2

https://forum.tailscale.com/t/open-conn-track-timeout/2231

 

FWIW, unraid is setup as an exit node in Tailscale. I've also tested with Accept Routes on & off as well as Accept DNS on & off. Logs still get spammed with the same.

The same thing may have still been happening with the docker container -- the difference is that the docker container tailscale logs are "hidden" within the container, while the plugin logs to syslog (making it more visible, e.g. in diagnostics).

 

In general, you're right that it doesn't affect the operation of Tailscale -- the messages are just Tailscale reporting that "something sent me traffic that I can't handle". The log spam is certainly annoying, though.

 

At some point, I'm going to do some overhaul work on the logging (which will at least help keep this from filling up syslog), but that's probably a few versions away.

Link to comment
EDACerton Contributor

EDACerton

Posted
  • Author
Posted
41 minutes ago, trevorstarick said:

As of plugin version 2023.06.11a and/or 6.12.0-RC8/6.12.0, I'm encountering an issue where when I have the plugin installed, I'm unable to access any of my servers on their local IP (192.168.1.xxx) but am able to access them via their tailnet IP (100.xxx.xxx.xxx).

I'm going to do a bit more digging into what might be happening, but wanted to post a comment to see if this is an issue affecting more than myself.

 

EDIT:

I also noticed that when I uninstalled the plugin, I needed to toggle SSH in the "Management Access" section in Settings, or reboot to get SSH access to the server.

 

8 hours ago, Derek Watson said:

Hello

 

Just started using tailscale.  One problem I'm having is when I reboot my unraid server, tailscale status says "stopped" I then need to take off the plugin and reinstall.  Can anyone point me in the right direction?  I'm on the latest version as well as unrail 6.12.

 

Running: 

/etc/rc.d/rc.tailscale restart      

 

brings it back online.

 

Should i need to do this after every reboot?

 

image.thumb.png.e47cea9a1569219fad83839ec12a7fbd.png

 

11 hours ago, baujahr said:

Just wanted to let you know that this did not fix SSH for me, nor did the new stable Unraid release.

Were you able to reproduce this issue?

Please generate and post diagnostics.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing