Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.
Message added by EDACerton,

When requesting support, please include a Tailscale diag package with your request:

 

https://edac.dev/unraid/plugin-diagnostics/usage/

[Plugin] Tailscale

Featured Replies

On 12/14/2025 at 1:24 AM, steve1977 said:

I am curious whether it is possible to connect two Unraid servers in different locations over Tailscale. And then access their respective arrays inside their dockers (docker in unraid server a accesses docker of unraid server b). This would require me to mount the unraid a array in unraid b?

You should be able to just do this using tailscale IP or DNS (Might need use tailscale DNS option) and SMB share. Mount the share and you should be able to point to it from docker...
{1F4A817D-B2CE-4CFD-A940-D4DD4DFEAFEA}.png

  • Replies 1.7k
  • Views 375.8k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • EDACerton
    EDACerton

    This topic is not for support of the Tailscale docker integration. Please make a post in the appropriate OS support forum for issues related to the docker integration. Common Issues I

  • 2024.08.28   This update contains an important alert for Unraid Connect users. We recently determined that the Flash Backup feature of Unraid Connect would back up the Tailscale state file.

  • EDACerton
    EDACerton

    2023.05.25b Update Tailscale to 1.42.0 Add Tailscale web interface to Settings page Add page for Tailscale / plugin logs Switch Taildrop implementation to use native Unrai

Posted Images

Hi,

For accessing an ESP32 remotely, I want to utilize Tailscale's Accept Routes functionality. Tried it out in Unraid and ran into the same issue as most other people: Unraid is not accessible via the local IP anymore.

Now I understand that for most folks, keeping it disabled is fine... but I do need it to work for my setup. )

Is there any way Accept Routes will actually work with Unraid, or will is just never work with the Tailscale plugin (no complaint or hate, just a serious question)?

Thanks!

Boergen

Have been a loyal tailscale plugin user for a while. It really works so well. Thank you for the development!

I am not sure whether it is related to a recent update, me toying around with magic-dns, or any setting change (which I don't believe is the case). Any thoughts appreciated!

When I an using the tailscale IP, all works well and I can access the Unraid UI over tailscale. Unfortunately, I can no longer access via my local network IP (192.168.x.x) since recent. I am still advertising the IP, so this hasn't changed. Not sure what else I have done that prevents this from working now?

10 hours ago, steve1977 said:

Have been a loyal tailscale plugin user for a while. It really works so well. Thank you for the development!

I am not sure whether it is related to a recent update, me toying around with magic-dns, or any setting change (which I don't believe is the case). Any thoughts appreciated!

When I an using the tailscale IP, all works well and I can access the Unraid UI over tailscale. Unfortunately, I can no longer access via my local network IP (192.168.x.x) since recent. I am still advertising the IP, so this hasn't changed. Not sure what else I have done that prevents this from working now?

Can you post your settings for:

network settings -> routing table

tailscale

Managment access?

Along with trace route for when you are unable to access the server.

On 12/25/2025 at 5:05 PM, Boergen said:

Hi,

For accessing an ESP32 remotely, I want to utilize Tailscale's Accept Routes functionality. Tried it out in Unraid and ran into the same issue as most other people: Unraid is not accessible via the local IP anymore.

Now I understand that for most folks, keeping it disabled is fine... but I do need it to work for my setup. )

Is there any way Accept Routes will actually work with Unraid, or will is just never work with the Tailscale plugin (no complaint or hate, just a serious question)?

Thanks!

Boergen

You have posted a verry vague description... Generally speaking it should work if you know what you are doing networking wise and know how to solve routing issues...

If you'd post a more complete description of your setup along with routing involved maybe someone would be able to give you more input...

  • Author
13 hours ago, steve1977 said:

Have been a loyal tailscale plugin user for a while. It really works so well. Thank you for the development!

I am not sure whether it is related to a recent update, me toying around with magic-dns, or any setting change (which I don't believe is the case). Any thoughts appreciated!

When I an using the tailscale IP, all works well and I can access the Unraid UI over tailscale. Unfortunately, I can no longer access via my local network IP (192.168.x.x) since recent. I am still advertising the IP, so this hasn't changed. Not sure what else I have done that prevents this from working now?

Usually, "I can't access Unraid from the local IP" has something to do with "Accept routes" being turned on.

Please provide a Tailscale diagnostics package (see the green message at the top of the page) so that we can see what's going on.

2 hours ago, Laov said:

Can you post your settings for:

network settings -> routing table

tailscale

Managment access?

Along with trace route for when you are unable to access the server.

Let me clarify. Everything works as long as I use the Tailscale IP. I can access my unraid server remotely via the Tailscale IP. What no longer works is to access it remotely via the local network IP. When on my local network, this of course still works as well. So assume must be somehow related to either the plugin update breaking this functionality or one of the plugin settings (subnet routing? dns?).

2 hours ago, EDACerton said:

Usually, "I can't access Unraid from the local IP" has something to do with "Accept routes" being turned on.

Please provide a Tailscale diagnostics package (see the green message at the top of the page) so that we can see what's going on.

Here we go, thanks for your help!

tower-diagnostics-20251228-0720.zip

  • Author
8 hours ago, steve1977 said:

Here we go, thanks for your help!

tower-diagnostics-20251228-0720.zip

Please follow the instructions to download Tailscale diags (installing the "Plugin Diag..." app from Community Applications). The system diags don't include information about how Tailscale is configured.

Edited by EDACerton
break auto-links to the wrong instructions

34 minutes ago, EDACerton said:

Please follow the instructions to download Tailscale diags (installing the "Plugin Diag..." app from Community Applications). The system diags don't include information about how Tailscale is configured.

Got it. Here we go: ee94acfb6d2d0d07b1e11a1910a6e80f

  • Author

There's nothing that immediately jumps out at me as a problem, but I didn't have a ton of time to look right now.

Is the route approved in the admin console?

Is there anything else advertising a similar route?

Do you have accept routes turned on for the devices you're using remotely?

Thanks for your help.

Yes, route is approved. Amd don't think anything else is advertisig a similar route.

In Unraid plugin settings, "accept routes = no", "accept dns = no", "allow tailscale subnets = no", "allow tailscale dns settings = no", and "tailscale funnel =no".

I do believe the "accept routes" are turned on for the devices I am using remotely. But I don't think I am advertising any routes on them.

Hi,

I wrote a comment a few days ago, but the situation has changed.

I tried completely removing the plugin, including its data and files, in the hope of fixing the problem, but it didn't help.

If Tailscale is active, when I connect to the WEB GUI, I get ERR_CONNECTION_REFUSED. After analyzing, I discovered that the Nginx server daemon crashes and go down.

When I try to restart it, I get:

root@PixelNAS:~# tailscale up

root@PixelNAS:~# /etc/rc.d/rc.nginx start

rc.nginx: Starting Nginx server daemon...

Starting Unraid API service...

Starting flash backup service...

Starting the Unraid API

[PM2][WARN] Applications unraid-api not running, starting...

[PM2][WARN] App unraid-api has option 'wait_ready' set, waiting for app to be ready...

[PM2] App [unraid-api] launched (1 instances)

+--- unraid-api

namespace : default

version : 4.29.2+c39b0b26

pid : 417610

pm2 id : 0

status : online

mode : fork

restarted : 0

uptime : 2s

memory usage : 230.0mb

error log : /var/log/graphql-api.log

watching : no

PID file : /var/log/.pm2/pids/unraid-api-0.pid

Starting nchan processes...

rc.nginx: Nginx server daemon... Failed.

If Tailscale is down, it starts correctly and I can access the GUI.

I'm attaching the diagnostic ID, which I didn't attach previously, which is why I'm commenting again.

diagnostic ID: 93ae698a50ac69e791a4a456c978f602

Thanks,

Riccardo

  • Author
27 minutes ago, bakkadps said:

Recently migrated Unraid to a new USB drive(though not sure if its relevant; perhaps it was a problem earlier and I didnt notice) and since then it seems some(though not all) of my tailscale enabled docker apps fail to run tailscale. They all have the following in the logs
```
Executing Unraid Docker Hook for Tailscale

Detecting Package Manager...

Detected pacman Package Manager!

Installing packages...

Please wait...

ERROR: Installing packages!

:: Synchronizing package databases...

core downloading...

extra downloading...

error: failed retrieving file 'core.db' from europe.archive.pkgbuild.com : Could not resolve host: europe.archive.pkgbuild.com

warning: fatal error from europe.archive.pkgbuild.com, skipping for the remainder of this transaction

error: failed retrieving file 'extra.db' from europe.archive.pkgbuild.com : Failed to connect to europe.archive.pkgbuild.com port 443 after 186 ms: Could not connect to server

error: failed retrieving file 'core.db' from america.archive.pkgbuild.com : Could not resolve host: america.archive.pkgbuild.com

warning: fatal error from america.archive.pkgbuild.com, skipping for the remainder of this transaction

error: failed retrieving file 'extra.db' from america.archive.pkgbuild.com : Failed to connect to america.archive.pkgbuild.com port 443 after 90 ms: Could not connect to server

error: failed retrieving file 'core.db' from asia.archive.pkgbuild.com : Could not resolve host: asia.archive.pkgbuild.com

warning: fatal error from asia.archive.pkgbuild.com, skipping for the remainder of this transaction

error: failed retrieving file 'extra.db' from asia.archive.pkgbuild.com : Failed to connect to asia.archive.pkgbuild.com port 443 after 88 ms: Could not connect to server

error: failed to synchronize all databases (failed to retrieve some files)

ERROR: Unraid Docker Hook script throw an error!

Starting container without Tailscale!
```

This topic is not for support of the Tailscale docker integration. Please make a separate post in the Tailscale area for issues related to the docker integration.

Are these the same ? Did the text change ?

image.png

image.png

source:

https://docs.unraid.net/unraid-os/system-administration/secure-your-server/tailscale/#getting-started-with-tailscale

For the newbies, having the documentation match the exact text in the settings is helpful.

As an example, I thought my Tailscale was missing the Management Access area when I went to Settings → Management Access. Of course I was in Tailscale Tab of settings NOT the UNRAID Tab of Settings :)

Edited by digitaldoctor

  • 3 weeks later...

Hi, just a quick question, does the tailscale preview plugin need maintainer manually update when new tailscale version come out, not automatically? Sometime it late more than 1 day, after all my other devices updated.

  • Author

Hi, just a quick question, does the tailscale preview plugin need maintainer manually update when new tailscale version come out, not automatically? Sometime it late more than 1 day, after all my other devices updated.

I do this as a volunteer effort, and I don’t have it auto-push because if there’s a problem it could disrupt people’s access to their devices.

It’s a preview version, but I’m not going to be reckless either. There’s no harm in the update lagging by a day or two, and usually i have the preview plugin updated the same day.

  • 4 weeks later...

So I just realized that my tailscale plugin hasn't been able to connect for a couple of months now.

I have tried uninstalling it, and reinstalling but then it won't let me login. When I press the login button it doesn't do much and then opens a blank page. Any ideas?

I have uploaded my plugin diagnostics ID: 48157fdd7a483240c3163f8d2005f2fc

Mine is crashing with a segmentation fault, repeatedly, as soon as I try to do anything. I've reinstalled, but to no avail.

I'm now just using my firewall to route traffic to between my nodes, since Tailscale on it and on my backup node (also unRAID, same version and all) is running fine.

tailscale.log.txt

On 11/8/2025 at 7:44 PM, brian073 said:

Both of these tell me, "failed to connect to login.tailscale.com port 80 after 9137ms: Could not connect to the server.

"

Have you managed to figure this out? I'm getting the same response when running those 2 commands from my main unraid server which has the plugin, but no issues when running them on my backup unraid server which doesn't have the plugin installed.

Let me start this post by saying I did search through this thread, and while I did see plenty of similar posts, nothing exactly covers what I have been troubleshooting. I am not an expert in any of this, just some guy playing around with techy stuff, and so I am using Claude Code to help me work through it and it was able to find a workaround. I hope I don't get too much hate from the anti-AI crowd. While working through the problems I tried to document as best I could and had Claude write up an analysis. Basically, everything had been working fine. I installed the Tailscale plugin, added my server and laptop to the Tailscale network, and there were no issues. I even still had LAN access from my desktop without it being in the Tailscale network. That all changed when I upgraded the GPU in my server which required changing to UEFI boot, which apparently changes things in the boot order. Suddenly, I had no access to Unraid, WebGUI or SSH, from the LAN, without running through Tailscale. I had it fixed initially by adding a delay to tailscale so it let Unraid settle before attempting to do it's thing. This workaround broke with the latest Unraid version update. Now, I have my system monitoring for LAN bindings for nginx and SSH and restarting the service if needed. This "fix" is currently holding steady, but I figured it was past time to get help from a real person, especially since Claude seems confident this is a plugin issue. Here is the lengthy, detailed write-up Claude created based on my troubleshooting and documentation:

# Tailscale plugin causes WebGUI and SSH to become inaccessible after array autostart (Unraid 7.2.x)

**Platform:** Unraid 7.2.3 / 7.2.4

**Plugin:** Tailscale (community plugin)

**Other relevant containers:** NginxProxyManager

---

## Summary

After array autostart, the Unraid WebGUI and SSH become inaccessible on the LAN. The issue is caused by a race condition between Tailscale restarting during the boot sequence and a brief window in which the LAN bridge interface br0) has no IP address. When Tailscale restarts, it triggers emhttpd to regenerate nginx and SSH configurations — and if that regeneration happens while br0 is temporarily IP-less, both services are configured to listen only on Tailscale/WireGuard IPs, not the LAN IP.


The issue was first introduced by a Legacy→UEFI BIOS conversion (required for a GPU upgrade), which changed boot initialization timing and exposed a pre-existing race condition. A workaround was found that overrode the Tailscale plugin's array_started event hook to delay the restart by 45 seconds, which successfully resolved the issue on Unraid 7.2.3. After updating to Unraid 7.2.4, the issue returned. Investigation revealed that 7.2.4's changed boot sequence now fires the plugin's stopped event hook earlier in the boot process — before the array_started override even runs — triggering a second, earlier Tailscale restart that hits the disruption window. The previous fix had no effect on this new trigger.

---

## Root Cause (Full Chain)

1. Array autostart fires → Docker containers start, including NginxProxyManager

2. NginxProxyManager startup causes avahi-daemon to briefly leave br0 — the interface appears IP-less for approximately 11 seconds

3. During this window, Tailscale restarts (triggered by either the array_started or stopped event hook in /usr/local/emhttp/plugins/tailscale/event/)

4. Tailscale's restart causes tailscale1 to come up, which triggers emhttpd to regenerate /etc/nginx/conf.d/servers.conf and /etc/ssh/sshd_config

5. The regeneration runs while br0 has no IP — br0 is excluded from both configs

6. nginx and sshd reload with configs that only include WireGuard/Tailscale IPs — WebGUI and SSH become inaccessible on the LAN

**The plugin's network-extra.cfg include_interfaces field does not prevent this** because the config generation code validates that the interface has an active IP at the time of regeneration. If br0 is momentarily IP-less, it is excluded regardless of the setting.

---

## Why This Is a Plugin Issue

The plugin should not be able to cause LAN-facing services (nginx, sshd) to lose their LAN bindings. Specifically:

- The array_started event hook fires a Tailscale restart with only a 5-second delay, which is not enough to clear the NginxProxyManager startup disruption window

- In Unraid 7.2.4, a new stopped event hook fires an additional restart even earlier in the boot sequence, before the array has fully started

- The include_interfaces configuration in network-extra.cfg is ineffective when the interface temporarily has no IP, meaning there is no reliable way for users to protect their LAN bindings from being dropped

A robust fix would require the plugin to either:

- Not trigger nginx/SSH config regeneration during interface disruption windows, or

- Retain explicitly configured interfaces in the generated configs regardless of their momentary IP state

---

## Workaround

Since the plugin's event system is the trigger and the fix needs to survive plugin updates, the workaround avoids touching plugin files entirely. Instead, a background watchdog runs from /boot/config/go (on the FAT32 flash drive — never touched by OS or plugin updates) that detects when either service loses its LAN binding and corrects it.

*/boot/config/go:**

```bash

#!/bin/bash

(while true; do

  sleep 15

  IP=$(ip addr show br0 2>/dev/null|awk '/inet /{print $2}'|cut -d/ -f1)

  [ -z "$IP" ] && continue

  ss -tlnp|grep nginx|grep -q "$IP"||/etc/rc.d/rc.nginx update

  ss -tlnp|grep sshd|grep -q "$IP"||/etc/rc.d/rc.sshd update

done)&

# Start the Management Utility

/usr/local/sbin/emhttp

```

Every 15 seconds, the watchdog:

1. Gets br0's current IP — if br0 has no IP, skips (avoids unnecessary reloads during the disruption window itself)

2. Checks whether nginx is listening on that IP — if not, runs rc.nginx update to regenerate the config and reload nginx

3. Checks whether sshd is listening on that IP — if not, runs rc.sshd update to regenerate the config and restart sshd


This approach has negligible performance impact (two kernel memory reads every 15 seconds) and survives all Unraid OS and Tailscale plugin updates since it does not depend on any plugin internals.

---

## Environment

- Unraid 7.2.4

- Tailscale community plugin (latest as of 2026-03-04)

- NginxProxyManager running as a Docker container with array autostart enabled

- UEFI boot mode, Above 4G Decoding enabled

- RTX 2070 GPU

  • Author

@Fragsrus

This isn't a plugin issue. This is a system configuration issue.

Starting NPM shouldn't cause br0 to lose its IP address. That's the root cause of your problem, and the issue that you should fix.

Barring that, a much simpler workaround would probably be to just put a 30-second delay on the container auto-start, to let everything else finish before it breaks the interface.

Hiya. I've updated the tailscale plugin to the latest version, and noticed my Funnel had disappeared. When I try to recreate it, it works for a few seconds, but then it is automatically changed into a Serve, which is not publicly accessible. I note the following line appearing in /var/log/tailscale-utils.log every time I set up the Funnel:

Tailscale funnel is enabled, but config does not allow it, resetting serve config

Unfortunately it gives no hint of which config it is talking about, and I can't find anything. Where should I be looking?

Update. I got it to work by reading through the plugin code and adding ALLOW_FUNNEL="1" in /boot/config/plugins/tailscale/tailscale.cfg

Not sure why this is disabled by default in such a hidden spot. But at least it's resolved for now.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.