October 11, 20241 yr We are thrilled to announce a Technology Alliance Partnership with Tailscale, marking an exciting step forward in secure networking for your Unraid systems. What does this mean? The Tailscale plugin is now an official Lime Technology plugin Unraid 7-beta.3 comes equipped with native Tailscale (ts.net) certificate support In the future, we will release new functionality that will make adding Tailscale to individual Docker containers extremely easy to do. Remote Shares over SMB/NFS will also be a breeze with new Tailscale integrations More to come (that I can't talk about yet)! Read the full announcement and learn how to get Tailscale up and running on your Unraid server up in minutes!
October 15, 20241 yr With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated? I ask because right now, anything integrated into the OS, only gets updated when the OS gets updated. And then, if folks have issues with a release, they have to hold back. If Tailscale is completely integrated into the OS, then Tailscale will only be updated when the OS is updated. That would be a regression from today's plugin/docker approaches where they can be updated independently of the OS releases.
October 15, 20241 yr On 10/11/2024 at 1:10 PM, SpencerJ said: What does this mean? The Tailscale plugin is now an official Lime Technology plugin This (along with the wording in the full announcement) seems to suggest that it will continue to use a plugin architecture probably like the Unraid Connect plugin. Edited October 15, 20241 yr by primeval_god
October 15, 20241 yr Author 12 hours ago, warpspeed said: With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated? 12 hours ago, primeval_god said: This (along with the wording in the full announcement) seems to suggest that it will continue to use a plugin architecture probably like the Unraid Connect plugin. Yes- it is my understanding that it will remain a plugin to allow for updates outside of OS releases.
October 18, 20241 yr On 10/14/2024 at 11:32 PM, warpspeed said: With Tailscale being integrated into Unraid, does that mean it'll still stay in the Plugin, or is it going to be fully integrated? I ask because right now, anything integrated into the OS, only gets updated when the OS gets updated. And then, if folks have issues with a release, they have to hold back. If Tailscale is completely integrated into the OS, then Tailscale will only be updated when the OS is updated. That would be a regression from today's plugin/docker approaches where they can be updated independently of the OS releases. The plan is to keep it as a plugin, for the specific reason that you stated
October 18, 20241 yr 9 hours ago, EDACerton said: The plan is to keep it as a plugin, for the specific reason that you stated It would be cool if TS and a select number of other plugins were installed by default when making a new Unraid boot drive. Even if many of them are "OFF" by default like many other Unraid features. This could greatly simplify the discovery process for everyone, not just people new to Unraid. Edited October 18, 20241 yr by Espressomatic
October 20, 20241 yr This is a great addition ! I had wireguard running without issues but this is way better ! If we can add support for dockers with specific exit points then that will make my setup a bit easier. Love these additions! Am currently paying for mullvad but if we can add tailgate for the dockers I can move away from there, move away from OpenVPN-Client and use tailscale. The setup is indeed enormously more easy then with wireguard on its own, for the tweaker it will not be a big difference but for those a bit less tech savy it iis a way better experience.
October 26, 20241 yr Is Headscale going to be discussed at all, or with this partnership is there a plan to allow Tailscale to run self-hosted without needing to phone home or connect to a third-party Tailscale server? Everyone here is a self-hosting enthusiast and while Tailscale is cool, it is not a self-hosted product as far as I can tell.
October 26, 20241 yr I think that Tailscale has to be somewhere on the internet to provide a publicly available server that can allow two tailscale nodes that are remote to each other to connect to each other
October 26, 20241 yr You could technically install a Headscale container on your server and expose it to the internet, although in general I wouldn't recommend doing so. (The whole reason I started writing the Tailscale plugin was because, when I was using the Tailscale docker image, if the array was stopped I would lose access to the WebGUI... if you put the control server on the Unraid server, you're right back in the same spot 🤪). Edited October 26, 20241 yr by EDACerton
October 26, 20241 yr 1 hour ago, EDACerton said: You could technically install a Headscale container on your server and expose it to the internet, although in general I wouldn't recommend doing so In addition to the reason you gave (tailnet going down), it also means opening ports on your firewall/router. Which counters one of the benefits of running a tailnet as well, not having to open any ports to the outside. Headscale is pretty easy to deploy on a self-hosted instance in the cloud. Mine is set up on a minimal VPS running at IONOS, which costs a few $ a month. If someone is interested in this type of deployment, make sure your provider offers root, or at minimum sudu access. My long-term host, Dreamhost, doesn't on what they call "VPS." In addition to Headscale, I also deployed Portainer and Nginx Proxy Manager to make it easy to manage and resolve (plus valid certs). One requirement is that the Headscale instance use a different domain name than the tailnet. The tialnet/LAN domain can be made-up, but the Headscale, living on the public internet, has to be legit/registered. About the only caveat with Headscale is that it doesn't have any kind of GUI. There are a few third-party offerings, but I couldn't get any of them to work as they're seemingly not up to date with the latest Headscale developments. So everything has to be managed from SSH. The end result is a tailnet about as secure as going through Tailscale. Just make sure to keep Headscale up to date when necessary. Edited October 26, 20241 yr by Espressomatic
October 26, 20241 yr When I tried Tailscale some months ago on my Unraid server, copying files eg from an Android device over SMB was terrible, terrible slow. So i dropped it. Using that same two devices and SMB with other VPN solutions was way faster (MB/s instead of KB/s). Is this fixed now? Edited October 26, 20241 yr by hawihoney
October 26, 20241 yr If I had to guess, you were sending traffic through a relay connection and not getting a direct connection. This can happen due to some firewall/router configurations. Without seeing specific details, though, all I can really do is guess on that. I don't have any speed issues with Tailscale; I even use Tailscale for LAN connections. (The only thing that doesn't run over TS is the 10Gbps backup server connection).
October 26, 20241 yr 22 minutes ago, EDACerton said: relay connection I don't even know what this is. Installed the plugin on Unraid, the app on Android, and added the full tailscale domain to my file manager on Android. That's all. No additional VPN, no NPM etc, bonding=yes, bridging=no, VLANs=no, macvlan on docker and host access=yes. No ports on router open, no proxys of any type. My tailscale account was still there, so installed it again - it's really fast to setup. Copied one file --> 62 kb/s. Dropped everything, started my Fritzbox VPN, copied one single file in several MB/s. Searching the web I find lots of complaints about tailscale and SMB. What's the magic?
October 26, 20241 yr 31 minutes ago, hawihoney said: I don't even know what this is. Installed the plugin on Unraid, the app on Android, and added the full tailscale domain to my file manager on Android. That's all. No additional VPN, no NPM etc, bonding=yes, bridging=no, VLANs=no, macvlan on docker and host access=yes. No ports on router open, no proxys of any type. My tailscale account was still there, so installed it again - it's really fast to setup. Copied one file --> 62 kb/s. Dropped everything, started my Fritzbox VPN, copied one single file in several MB/s. Searching the web I find lots of complaints about tailscale and SMB. What's the magic? https://tailscale.com/kb/1257/connection-types
October 26, 20241 yr @EDACerton: In one of the complaints mentioned above, somebody wrote that MagicDNS would lead to relayed connections. As a network NOOB without a clue, I changed the address of my Unraid server in my Android tablet from the full tailscale domain to its IPv4. Seems a lot faster now. Switching these address from one type to another seems to confirm that. Pure luck or simply impossible?
October 26, 20241 yr MagicDNS doesn’t have any impact on whether a connection is relayed or not. Putting in server.something.ts.net should be no different than connecting to 100.x.y.z.
October 26, 20241 yr 5 hours ago, Espressomatic said: In addition to the reason you gave (tailnet going down), it also means opening ports on your firewall/router. Which counters one of the benefits of running a tailnet as well, not having to open any ports to the outside. Headscale is pretty easy to deploy on a self-hosted instance in the cloud. Mine is set up on a minimal VPS running at IONOS, which costs a few $ a month. If someone is interested in this type of deployment, make sure your provider offers root, or at minimum sudu access. My long-term host, Dreamhost, doesn't on what they call "VPS." In addition to Headscale, I also deployed Portainer and Nginx Proxy Manager to make it easy to manage and resolve (plus valid certs). One requirement is that the Headscale instance use a different domain name than the tailnet. The tialnet/LAN domain can be made-up, but the Headscale, living on the public internet, has to be legit/registered. About the only caveat with Headscale is that it doesn't have any kind of GUI. There are a few third-party offerings, but I couldn't get any of them to work as they're seemingly not up to date with the latest Headscale developments. So everything has to be managed from SSH. The end result is a tailnet about as secure as going through Tailscale. Just make sure to keep Headscale up to date when necessary. My general take on Headscale is pretty simple: If you want to run Headscale because you think it's fun to do, go for it If you want something simple/easy/that just works, use Tailscale. If you don't want to trust the Tailscale control servers, but still want something simple/easy/that just works, use Tailscale with Tailscale Lock. I generally put Tailscale in the "better to use a service" category, similar to how folks would use Dynamic DNS services instead of trying to self-host their own public DNS. Edited October 26, 20241 yr by EDACerton
October 27, 20241 yr On 10/26/2024 at 5:28 PM, EDACerton said: If you want something simple/easy/that just works, use Tailscale. I went to Headscale primarily because I couldn't stand that Tailscale doesn't allow editing of the user name. As I first signed in with an iCloud private email address, it was a long string of crap that really cluttered up the UI. It was like a small pebble in my shoe, bothering me more every time I opened the page(s) 🤣 Someone might also want Headscale because you can support any number of user accounts, where the Personal/Free tier of Tailscale supports only 3. That wasn't an issue for me, as every machine gets added under my single account anyway, but it might be for someone else. Edited October 29, 20241 yr by Espressomatic
October 28, 20241 yr Is it just me or is Tailscales website down? I can reach: https://login.tailscale.com/ but none of the static parts like https://tailscale.com/kb/ The result is "ERR_CONNECTION_TIMED_OUT". As I'm not in my own country currently I additionally tried a VPN to different countries but the result is the same. I thought that the installation of Tailscale might be the reason and stopped Tailscale. Without success again. The last time it worked for me is two days ago. Thanks.
October 28, 20241 yr 2 minutes ago, hawihoney said: Is it just me or is Tailscales website down? I can reach: https://login.tailscale.com/ but none of the static parts like https://tailscale.com/kb/ The result is "ERR_CONNECTION_TIMED_OUT". As I'm not in my own country currently I additionally tried a VPN to different countries but the result is the same. I thought that the installation of Tailscale might be the reason and stopped Tailscale. Without success again. The last time it worked for me is two days ago. Thanks. Everything works fine for me.
October 28, 20241 yr 3 hours ago, EDACerton said: Everything works fine for me. Thanks for your fast answer. Hmm, I can reach everything from Google to IBM around the world. login.tailscale.com works but not the website. I jumped - via tailscale - on my Unraid server at home and did a traceroute from DE. Same result from ZA on Android: root@Tower:~# traceroute tailscale.com traceroute to tailscale.com (76.76.21.21), 30 hops max, 60 byte packets 1 fritz.box (192.168.178.1) 1.703 ms 2.283 ms 2.638 ms 2 p3e9bf1dc.dip0.t-ipconnect.de (62.155.241.220) 15.594 ms 15.627 ms 15.760 ms 3 d-ed5-i.D.DE.NET.DTAG.DE (217.5.110.90) 16.892 ms 16.884 ms 17.447 ms 4 d-ed5-i.D.DE.NET.DTAG.DE (217.5.110.90) 17.398 ms 23.944 ms 24.080 ms 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 *^C Edited October 28, 20241 yr by hawihoney
October 29, 20241 yr Thanks, everyone, for all of your insight into the benefits of using the Tailscale service versus something like Headscale running on Unraid. In the even that the Tailscale servers do go down for a period of time, if devices have already connected, would those connections be maintained until an IP changes on a device? I assume once the DNS is resolved the magicDNS service is no longer required until the IP changes?
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.