Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Unraid is Partnering with Tailscale for Seamless, Secure Networking Solutions

Featured Replies

We are thrilled to announce a Technology Alliance Partnership with Tailscale, marking an exciting step forward in secure networking for your Unraid systems. 

 

What does this mean?

  • The Tailscale plugin is now an official Lime Technology plugin
  • Unraid 7-beta.3 comes equipped with native Tailscale (ts.net) certificate support
  • In the future, we will release new functionality that will make adding Tailscale to individual Docker containers extremely easy to do.  Remote Shares over SMB/NFS will also be a breeze with new Tailscale integrations
  • More to come (that I can't talk about yet)!

 

Read the full announcement and learn how to get Tailscale up and running on your Unraid server up in minutes!

tailscalegfx.png

Ed beat you to the punch.😁

Or I guess really it was @ironicbadger.

With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated?

 

I ask because right now, anything integrated into the OS, only gets updated when the OS gets updated. And then, if folks have issues with a release, they have to hold back. If Tailscale is completely integrated into the OS, then Tailscale will only be updated when the OS is updated. That would be a regression from today's plugin/docker approaches where they can be updated independently of the OS releases.

On 10/11/2024 at 1:10 PM, SpencerJ said:

What does this mean?

  • The Tailscale plugin is now an official Lime Technology plugin

This (along with the wording in the full announcement) seems to suggest that it will continue to use a plugin architecture probably like the Unraid Connect plugin.

Edited by primeval_god

  • Author
12 hours ago, warpspeed said:

With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated?

 

12 hours ago, primeval_god said:

This (along with the wording in the full announcement) seems to suggest that it will continue to use a plugin architecture probably like the Unraid Connect plugin.

Yes- it is my understanding that it will remain a plugin to allow for updates outside of OS releases.

On 10/14/2024 at 11:32 PM, warpspeed said:

With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated?

 

I ask because right now, anything integrated into the OS, only gets updated when the OS gets updated. And then, if folks have issues with a release, they have to hold back. If Tailscale is completely integrated into the OS, then Tailscale will only be updated when the OS is updated. That would be a regression from today's plugin/docker approaches where they can be updated independently of the OS releases.

The plan is to keep it as a plugin, for the specific reason that you stated :)

9 hours ago, EDACerton said:

The plan is to keep it as a plugin, for the specific reason that you stated :)

 

It would be cool if TS and a select number of other plugins were installed by default when making a new Unraid boot drive. Even if many of them are "OFF" by default like many other Unraid features. This could greatly simplify the discovery process for everyone, not just people new to Unraid.

 

 

Edited by Espressomatic

This is a great addition !  I had wireguard running without issues but this is way better !  If we can add support for dockers with specific exit points then that will make my setup a bit easier.

 

Love these additions!  Am currently paying for mullvad but if we can add tailgate for the dockers I can move away from there, move away from OpenVPN-Client and use tailscale.

 

The setup is indeed enormously more easy then with wireguard on its own, for the tweaker it will not be a big difference but for those a bit less tech savy it iis a way better experience.

Is Headscale going to be discussed at all, or with this partnership is there a plan to allow Tailscale to run self-hosted without needing to phone home or connect to a third-party Tailscale server? Everyone here is a self-hosting enthusiast and while Tailscale is cool, it is not a self-hosted product as far as I can tell.

I think that Tailscale has to be somewhere on the internet to provide a publicly available server that can allow two tailscale nodes that are remote to each other to connect to each other 

You could technically install a Headscale container on your server and expose it to the internet, although in general I wouldn't recommend doing so. (The whole reason I started writing the Tailscale plugin was because, when I was using the Tailscale docker image, if the array was stopped I would lose access to the WebGUI... if you put the control server on the Unraid server, you're right back in the same spot 🤪).

Edited by EDACerton

1 hour ago, EDACerton said:

You could technically install a Headscale container on your server and expose it to the internet, although in general I wouldn't recommend doing so

 

In addition to the reason you gave (tailnet going down), it also means opening ports on your firewall/router. Which counters one of the benefits of running a tailnet as well, not having to open any ports to the outside.

 

Headscale is pretty easy to deploy on a self-hosted instance in the cloud. Mine is set up on a minimal VPS running at IONOS, which costs a few $ a month. If someone is interested in this type of deployment, make sure your provider offers root, or at minimum sudu access. My long-term host, Dreamhost, doesn't on what they call "VPS."

 

In addition to Headscale, I also deployed Portainer and Nginx Proxy Manager to make it easy to manage and resolve (plus valid certs). One requirement is that the Headscale instance use a different domain name than the tailnet. The tialnet/LAN domain can be made-up, but the Headscale, living on the public internet, has to be legit/registered.

 

About the only caveat with Headscale is that it doesn't have any kind of GUI. There are a few third-party offerings, but I couldn't get any of them to work as they're seemingly not up to date with the latest Headscale developments. So everything has to be managed from SSH.

The end result is a tailnet about as secure as going through Tailscale.  Just make sure to keep Headscale up to date when necessary.

 

 

Edited by Espressomatic

When I tried Tailscale some months ago on my Unraid server, copying files eg from an Android device over SMB was terrible, terrible slow. So i dropped it.

 

Using that same two devices and SMB with other VPN solutions was way faster (MB/s instead of KB/s).

 

Is this fixed now?

 

Edited by hawihoney

If I had to guess, you were sending traffic through a relay connection and not getting a direct connection. This can happen due to some firewall/router configurations.

 

Without seeing specific details, though, all I can really do is guess on that. I don't have any speed issues with Tailscale; I even use Tailscale for LAN connections. (The only thing that doesn't run over TS is the 10Gbps backup server connection).

22 minutes ago, EDACerton said:

relay connection

I don't even know what this is. Installed the plugin on Unraid, the app on Android, and added the full tailscale domain to my file manager on Android. That's all. No additional VPN, no NPM etc, bonding=yes, bridging=no, VLANs=no, macvlan on docker and host access=yes. No ports on router open, no proxys of any type.

 

My tailscale account was still there, so installed it again - it's really fast to setup. Copied one file --> 62 kb/s.

 

Dropped everything, started my Fritzbox VPN, copied one single file in several MB/s.

 

Searching the web I find lots of complaints about tailscale and SMB.

 

What's the magic?

 

31 minutes ago, hawihoney said:

I don't even know what this is. Installed the plugin on Unraid, the app on Android, and added the full tailscale domain to my file manager on Android. That's all. No additional VPN, no NPM etc, bonding=yes, bridging=no, VLANs=no, macvlan on docker and host access=yes. No ports on router open, no proxys of any type.

 

My tailscale account was still there, so installed it again - it's really fast to setup. Copied one file --> 62 kb/s.

 

Dropped everything, started my Fritzbox VPN, copied one single file in several MB/s.

 

Searching the web I find lots of complaints about tailscale and SMB.

 

What's the magic?

 

https://tailscale.com/kb/1257/connection-types

@EDACerton: In one of the complaints mentioned above, somebody wrote that MagicDNS would lead to relayed connections.

 

As a network NOOB without a clue, I changed the address of my Unraid server in my Android tablet from the full tailscale domain to its IPv4. Seems a lot faster now. Switching these address from one type to another seems to confirm that.

 

Pure luck or simply impossible?

 

MagicDNS doesn’t have any impact on whether a connection is relayed or not. Putting in server.something.ts.net should be no different than connecting to 100.x.y.z. 

5 hours ago, Espressomatic said:

 

In addition to the reason you gave (tailnet going down), it also means opening ports on your firewall/router. Which counters one of the benefits of running a tailnet as well, not having to open any ports to the outside.

 

Headscale is pretty easy to deploy on a self-hosted instance in the cloud. Mine is set up on a minimal VPS running at IONOS, which costs a few $ a month. If someone is interested in this type of deployment, make sure your provider offers root, or at minimum sudu access. My long-term host, Dreamhost, doesn't on what they call "VPS."

 

In addition to Headscale, I also deployed Portainer and Nginx Proxy Manager to make it easy to manage and resolve (plus valid certs). One requirement is that the Headscale instance use a different domain name than the tailnet. The tialnet/LAN domain can be made-up, but the Headscale, living on the public internet, has to be legit/registered.

 

About the only caveat with Headscale is that it doesn't have any kind of GUI. There are a few third-party offerings, but I couldn't get any of them to work as they're seemingly not up to date with the latest Headscale developments. So everything has to be managed from SSH.

The end result is a tailnet about as secure as going through Tailscale.  Just make sure to keep Headscale up to date when necessary.

 

 

My general take on Headscale is pretty simple:

 

If you want to run Headscale because you think it's fun to do, go for it :)

If you want something simple/easy/that just works, use Tailscale.

If you don't want to trust the Tailscale control servers, but still want something simple/easy/that just works, use Tailscale with Tailscale Lock.

 

I generally put Tailscale in the "better to use a service" category, similar to how folks would use Dynamic DNS services instead of trying to self-host their own public DNS.

Edited by EDACerton

On 10/26/2024 at 5:28 PM, EDACerton said:

If you want something simple/easy/that just works, use Tailscale.

 

I went to Headscale primarily because I couldn't stand that Tailscale doesn't allow editing of the user name. As I first signed in with an iCloud private email address, it was a long string of crap that really cluttered up the UI. It was like a small pebble in my shoe, bothering me more every time I opened the page(s) 🤣

 

Someone might also want Headscale because you can support any number of user accounts, where the Personal/Free tier of Tailscale supports only 3. That wasn't an issue for me, as every machine gets added under my single account anyway, but it might be for someone else.

 

 

Edited by Espressomatic

Is it just me or is Tailscales website down?

 

I can reach: https://login.tailscale.com/ but none of the static parts like https://tailscale.com/kb/

 

The result is "ERR_CONNECTION_TIMED_OUT". As I'm not in my own country currently I additionally tried a VPN to different countries but the result is the same.

 

I thought that the installation of Tailscale might be the reason and stopped Tailscale. Without success again.

 

The last time it worked for me is two days ago.

 

Thanks.

 

2 minutes ago, hawihoney said:

Is it just me or is Tailscales website down?

 

I can reach: https://login.tailscale.com/ but none of the static parts like https://tailscale.com/kb/

 

The result is "ERR_CONNECTION_TIMED_OUT". As I'm not in my own country currently I additionally tried a VPN to different countries but the result is the same.

 

I thought that the installation of Tailscale might be the reason and stopped Tailscale. Without success again.

 

The last time it worked for me is two days ago.

 

Thanks.

 

Everything works fine for me.

3 hours ago, EDACerton said:

Everything works fine for me.

 

Thanks for your fast answer. Hmm, I can reach everything from Google to IBM around the world. login.tailscale.com works but not the website.

 

I jumped - via tailscale - on my Unraid server at home and did a traceroute from DE. Same result from ZA on Android:

 

root@Tower:~# traceroute tailscale.com
traceroute to tailscale.com (76.76.21.21), 30 hops max, 60 byte packets
 1  fritz.box (192.168.178.1)  1.703 ms  2.283 ms  2.638 ms
 2  p3e9bf1dc.dip0.t-ipconnect.de (62.155.241.220)  15.594 ms  15.627 ms  15.760 ms
 3  d-ed5-i.D.DE.NET.DTAG.DE (217.5.110.90)  16.892 ms  16.884 ms  17.447 ms
 4  d-ed5-i.D.DE.NET.DTAG.DE (217.5.110.90)  17.398 ms  23.944 ms  24.080 ms
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  *^C

 

Edited by hawihoney

Thanks, everyone, for all of your insight into the benefits of using the Tailscale service versus something like Headscale running on Unraid. In the even that the Tailscale servers do go down for a period of time, if devices have already connected, would those connections be maintained until an IP changes on a device? I assume once the DNS is resolved the magicDNS service is no longer required until the IP changes?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.