Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Tailscale Support Thread

Featured Replies

  • Author
On 6/16/2022 at 5:52 PM, JM2005 said:

Just wondering how safe Tailscale is security wise? They seem to log a lot of information about what IP's , hostnames and more while connected.  

 

There quite open about how it all works, and from my understanding their piece just facilitates the setup of connections, they never see the keys.

 

 https://tailscale.com/blog/how-tailscale-works/

  • Replies 350
  • Views 131.8k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Ragemachinest
    Ragemachinest

    Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set

  • Hello everyone.   Tailscale for unraid has become rather more popular than I ever imagined, when I started this it was in the great tradition of scratching my own itch, wanting to access my

  • sdballer
    sdballer

    I had the same issue... The Log tells you what to update in the advanced setting: --advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering   newly added to mine.

Posted Images

  • 2 weeks later...
On 4/7/2020 at 4:36 AM, dsmith44 said:

Introduction

 

This is the support thread for deasmi/unraid-tailscale docker CA.

If you have a feature request or bug report please also try and add an issue on github

https://github.com/deasmi/unraid-tailscale

 

If you find this useful please consider donating to my chosen charity, Cancer Research.

https://www.justgiving.com/fundraising/unraid-tailscale

Thank you to those that have already donated.

 

Latest version of tailscale included: 1.26.1

This supports TLS certificates and Downloads, see below for instructions


What is this?

 

This container sets up tailscale for unraid. Tailscale is a managed point to point VPN using wireguard.

 

It is intended to allow you to access services of your unraid server over tailscale, it does not, and is not intended to, provide a VPN gateway to your LAN.

Communications are limited to services that listen on all interfaces on the host itself via standard bridge or host networking.

 

Installation and setup

Before you start it is a good idea to make sure you have already registered with Tailscale and installed tailscale onto another computer.

https://login.tailscale.com/start

 

Then install this app on Unraid and start it up, there are no config changes needed for the detault setup however it will register as hostname unraid, if you want to change that see 'Extra Parameters' in the container config and change to the hostname you would like before you start up. This can be changed later.

 

** IMPORTANT When you first start this container you must check the log file for the logon URL and then enter it into a browser and logon to tail scale. I would then also advise setting the keys to not expire for your unraid host **

 

You need to look for the following in the log

 

 

** Note that this will expose your whole server into your tailscale VPN network **

 

Do not do this if you do not understand what that means.

 

Downloads

Starting with release 1.24.2-downloads you can now support automatic downloads with taildrop.

If you have already installed tailscale you will need to add some extra paramaters manually as shown below.

 

Instructions.thumb.PNG.32ec4ea7e6696ce076c35650ef8e81a6.PNG

 

TLS Certificates

 

If you want to use TLS certificates as per https://tailscale.com/kb/1153/enabling-https/ you will need to connect to the console of the docker container and issue the tailscale cert command.

 

External Links

 

Ibracorp have a guide with video on how to set all this up, as well as some advanced topics like exit nodes.

 

https://docs.ibracorp.io/tailscale/

 

When setting up Taildrop, I followed all the instructions but my Unraid device still shows as unavailable for downloading in share sheets. Any ideas? From this photo there is now a new instruction: "Note: You must manually set tag to above to deasmi/unraid-tailscale:download to support downloads until beta test is finished". I set this tag, but the build fails and says it cannot find that repository. Any help would be appreciated. 

On 7/6/2022 at 1:52 PM, macmaster28 said:

When setting up Taildrop, I followed all the instructions but my Unraid device still shows as unavailable for downloading in share sheets. Any ideas? From this photo there is now a new instruction: "Note: You must manually set tag to above to deasmi/unraid-tailscale:download to support downloads until beta test is finished". I set this tag, but the build fails and says it cannot find that repository. Any help would be appreciated. 

My experience with Taildrop has been that it's inconsistent. Sometimes won't work; i'll restart container then it will work. Unno, haven't had time to investigate nor do I have the knowledge. It absolutely does work, part of the time though.

 

On 7/8/2022 at 11:27 AM, blaine07 said:

My experience with Taildrop has been that it's inconsistent. Sometimes won't work; i'll restart container then it will work. Unno, haven't had time to investigate nor do I have the knowledge. It absolutely does work, part of the time though.

 

I've restarted, reinstalled, and tried every which way to get it to work, never seen it work on Unraid to date :(. did you updated repo path to :download ? or is your repo flag :latest when it does work for you?

On 7/9/2022 at 2:59 PM, macmaster28 said:

I've restarted, reinstalled, and tried every which way to get it to work, never seen it work on Unraid to date :(. did you updated repo path to :download ? or is your repo flag :latest when it does work for you?

It updated today; have you tried todays update?

I've been using the new tailscale ssh feature (works great), and ran into something with the docker on unRaid that I don't quite understand.

 

If I start tailscale up with the ssh flag, it starts. But when I connect to the IP for my unRaid server (where the docker is running), I am put in a session "inside" the docker, not inside the unRaid OS.

 

I kind of see why, but I'm not sure how to change things so that I get more of what I'm expected.

 

Anybody have a suggestion?

 

Thanks!

On 7/14/2022 at 10:17 AM, bdillahu said:

I've been using the new tailscale ssh feature (works great), and ran into something with the docker on unRaid that I don't quite understand.

 

If I start tailscale up with the ssh flag, it starts. But when I connect to the IP for my unRaid server (where the docker is running), I am put in a session "inside" the docker, not inside the unRaid OS.

 

I kind of see why, but I'm not sure how to change things so that I get more of what I'm expected.

 

Anybody have a suggestion?

 

Thanks!

 

Wondering the same. I doubt a container allowing full unrestricted access to the host system is a good idea though because that could easily be abused and might be a pretty bad CVE.

 

In that case, maybe we should install tailscale on the host in unRAID? Maybe with user scripts or something?

  • 2 weeks later...

heads up v1.28 is out

  • Author
19 minutes ago, ryujin921 said:

heads up v1.28 is out

 

As I have said before....

 

Please note I normally skip 1.xx.0 releases as there are often bug fix releases shortly afterwards. In any event I will wait at least two weeks after a 1.xx.0 release before updating latest, or normally even pushing a build.

 

I have now added this to the front page of this support article.

 

However I have now pushed dev-1.28.0, but this is untested, so use at your own risk.

42 minutes ago, dsmith44 said:

 

As I have said before....

 

Please note I normally skip 1.xx.0 releases as there are often bug fix releases shortly afterwards. In any event I will wait at least two weeks after a 1.xx.0 release before updating latest, or normally even pushing a build.

 

I have now added this to the front page of this support article.

 

However I have now pushed dev-1.28.0, but this is untested, so use at your own risk.

Thank you, thank you for always taking good care of us fools; we appreciate your time and support mate!

46 minutes ago, dsmith44 said:

 

As I have said before....

 

Please note I normally skip 1.xx.0 releases as there are often bug fix releases shortly afterwards. In any event I will wait at least two weeks after a 1.xx.0 release before updating latest, or normally even pushing a build.

 

I have now added this to the front page of this support article.

 

However I have now pushed dev-1.28.0, but this is untested, so use at your own risk.

Oh gosh, my bad!

Thanks for making that clear, I totally understand why you would wait for a more "stable" release, makes perfect sense.

Really appreciate your effort!

Hi,

I'm having a devil of a time, and could use any insight/thoughts. I actually had it up and running flawlessly, and then my Unraid box stopped responding entirely and I did a full manual power cycle.  Since that's happened, Tailscale hasn't been happy, and I don't know why.

 

I've recreated the docker container with new appdata 3 times now.  I've linked each to my Tailscale account, I have the right settings for exit node and local subnets, and the Tailscale site correctly recognizes both.  However, I can only directly access my Unraid main server (192.168.4.XX) but not other devices on the .4.0/24 subnet.  I use .4.0/24 for all my dockers; I like separate IP's for each, rather than a ton of different ports on one main IP.  

 

When I turn on subnet routing I can access smb shares remotely; when it's off, I can't. So subnet routing is doing something, but it's only accessing the main IP.  When I try other docker containers, it fails.

 

The confusing part is - I had it working just a couple of days ago!

 

Any thoughts or insight would be helpful.  I'm genuinely scratching my head at my ability to screw things up.

 

Server Settings

--advertise-exit-node --advertise-routes=192.168.4.0/24

Linked to online admin account

I did the Ibracorp commands for ipv4 and ipv6 forwarding.

 

Online Account

Currently recognizes exit node and subnet routes, both are enabled

 

personal PC 

using exit node of the server, local connections enabled.

 

I am successfully using the exit node, but I cannot see subnet routes other than the Unraid box itself.

Hi all,

 

I've successfully installed this Tailscale docker image on my unRAID server and have remote access.

After reading though this article (https://tailscale.com/blog/tls-certs/), I concurred that I don't like having the browsers tell me the certificates are invalid etc and wanted to enable the Tailscale HTTPS certificates for use with my other docker containers (Jellyfin & NextCloud, however, they do nothing!?

 

I have;

  • enabled the HTTPS certificates setting on my Tailscale account.
  • accessed the Tailscale docker image and ran the below command to successfully create the .key and .cert files.
./tailscale cert unraid.<server-alias>.ts.net
  • edit NextCloud config file to add unraid.<server-alias>.ts.net to the 'trusted domains'
  • using my remotely connected phone or pc, attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net
    -> this results in a successful but insecure connection due to the certificate being selfsigned.
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<nextcloud_port_number>
    -> successful but insecure connection due to the CA Authority being invalid
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<jellyfin_port_number>
    -> unsuccessful connection... "connection refused" this does however work if I use the same address above just with 'http', but then it just complains it isn't secure.

 

Can anyone help me identify what I'm missing here and why these certificates have no affect, particularly on my docker containers?

 

I'd most prefer to get the HTTPS certificates working so the browsers don't complain... failing this, I guess it's fine to just ignore it since its all encrypted through the VPN anyway, right?

 

EDIT:

Just to clarify, the .crt and .key files are still in the location they were created... within the /app folder of the Tailscale docker container. Do these need to be moved/installed somehow?

Edited by BlueBell
more info

Thanks for maintaining this container! It works great for accessing my Unraid server remotely. Is there any way to use this container to allow other Docker containers on my Unraid server to access other devices on my Tailscale network?

On 8/12/2022 at 4:25 AM, BlueBell said:

Hi all,

 

I've successfully installed this Tailscale docker image on my unRAID server and have remote access.

After reading though this article (https://tailscale.com/blog/tls-certs/), I concurred that I don't like having the browsers tell me the certificates are invalid etc and wanted to enable the Tailscale HTTPS certificates for use with my other docker containers (Jellyfin & NextCloud, however, they do nothing!?

 

I have;

  • enabled the HTTPS certificates setting on my Tailscale account.
  • accessed the Tailscale docker image and ran the below command to successfully create the .key and .cert files.
./tailscale cert unraid.<server-alias>.ts.net
  • edit NextCloud config file to add unraid.<server-alias>.ts.net to the 'trusted domains'
  • using my remotely connected phone or pc, attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net
    -> this results in a successful but insecure connection due to the certificate being selfsigned.
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<nextcloud_port_number>
    -> successful but insecure connection due to the CA Authority being invalid
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<jellyfin_port_number>
    -> unsuccessful connection... "connection refused" this does however work if I use the same address above just with 'http', but then it just complains it isn't secure.

 

Can anyone help me identify what I'm missing here and why these certificates have no affect, particularly on my docker containers?

 

I'd most prefer to get the HTTPS certificates working so the browsers don't complain... failing this, I guess it's fine to just ignore it since its all encrypted through the VPN anyway, right?

 

EDIT:

Just to clarify, the .crt and .key files are still in the location they were created... within the /app folder of the Tailscale docker container. Do these need to be moved/installed somehow?


same problem here!

  • Author
On 8/10/2022 at 3:42 AM, david1564 said:

Hi,

I'm having a devil of a time, and could use any insight/thoughts. I actually had it up and running flawlessly, and then my Unraid box stopped responding entirely and I did a full manual power cycle.  Since that's happened, Tailscale hasn't been happy, and I don't know why.

 

I've recreated the docker container with new appdata 3 times now.  I've linked each to my Tailscale account, I have the right settings for exit node and local subnets, and the Tailscale site correctly recognizes both.  However, I can only directly access my Unraid main server (192.168.4.XX) but not other devices on the .4.0/24 subnet.  I use .4.0/24 for all my dockers; I like separate IP's for each, rather than a ton of different ports on one main IP.  

 

When I turn on subnet routing I can access smb shares remotely; when it's off, I can't. So subnet routing is doing something, but it's only accessing the main IP.  When I try other docker containers, it fails.

 

The confusing part is - I had it working just a couple of days ago!

 

Any thoughts or insight would be helpful.  I'm genuinely scratching my head at my ability to screw things up.

 

Server Settings

--advertise-exit-node --advertise-routes=192.168.4.0/24

Linked to online admin account

I did the Ibracorp commands for ipv4 and ipv6 forwarding.

 

Online Account

Currently recognizes exit node and subnet routes, both are enabled

 

personal PC 

using exit node of the server, local connections enabled.

 

I am successfully using the exit node, but I cannot see subnet routes other than the Unraid box itself.

Are the routes enabled in the tailscale admin console? If not they won't work.

https://tailscale.com/kb/1019/subnets/

 

If they are I'd check the networking mode of the docker container.

From your description I think you will need to ensure it's running in host mode, ie. using the network stack of the main unraid server.

 

To be honest this is unsupported config for this container.

 

If you read back in the history, and is really just there via the additional flags for people that need it, understand it and can troubleshoot. I'm just not setup to do network troublshooting.

 

My advice for exit nodes it not to run them in docker, put tailscale on a firewall/raspberry pi/anything else.

 

Inside docker, in unraid, is always going to be complicated to diagnose without intimate knowledge of how docker networking interacts with underlying unraid config, linux kernel and tailscale.

Edited by dsmith44

  • Author
On 8/12/2022 at 1:25 PM, BlueBell said:

Hi all,

 

I've successfully installed this Tailscale docker image on my unRAID server and have remote access.

After reading though this article (https://tailscale.com/blog/tls-certs/), I concurred that I don't like having the browsers tell me the certificates are invalid etc and wanted to enable the Tailscale HTTPS certificates for use with my other docker containers (Jellyfin & NextCloud, however, they do nothing!?

 

I have;

  • enabled the HTTPS certificates setting on my Tailscale account.
  • accessed the Tailscale docker image and ran the below command to successfully create the .key and .cert files.
./tailscale cert unraid.<server-alias>.ts.net
  • edit NextCloud config file to add unraid.<server-alias>.ts.net to the 'trusted domains'
  • using my remotely connected phone or pc, attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net
    -> this results in a successful but insecure connection due to the certificate being selfsigned.
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<nextcloud_port_number>
    -> successful but insecure connection due to the CA Authority being invalid
  • " attempt to access the main unRAID server at https://unraid.<server-alias>.ts.net:<jellyfin_port_number>
    -> unsuccessful connection... "connection refused" this does however work if I use the same address above just with 'http', but then it just complains it isn't secure.

 

Can anyone help me identify what I'm missing here and why these certificates have no affect, particularly on my docker containers?

 

I'd most prefer to get the HTTPS certificates working so the browsers don't complain... failing this, I guess it's fine to just ignore it since its all encrypted through the VPN anyway, right?

 

EDIT:

Just to clarify, the .crt and .key files are still in the location they were created... within the /app folder of the Tailscale docker container. Do these need to be moved/installed somehow?

 

I'm sorry, this isn't really a tailscale docker issue. I would suggest talking to nextcloud maintainers and/or wider unraid community. This is behaving exactly as planned.

 

However a few comments.

 

Unraid isn't using the tailscale cert, so it exists in the docker container data in /mnt/user/appdata tailscale somewhere, but unraid won't be picking that up.

 

You may not want it to anyway as then _only_ the unraid.<server-alias>.ts.net will ever be valid.

 

If you do, I'd look into putting something inti /boot/config/go to put the certs in the right place, but you'd have to ask elsewhere for where that is.

 

 

Edited by dsmith44

  • Author
On 8/14/2022 at 4:44 AM, bdr9 said:

Thanks for maintaining this container! It works great for accessing my Unraid server remotely. Is there any way to use this container to allow other Docker containers on my Unraid server to access other devices on my Tailscale network?

 

Maybe - You are on your own however

 

I think that if you are running tailscale in host mode, the default, then any other containers running in host mode should be able to connect to tailscale ip addresses.

 

However I have never tested this, won't be testing it, and certainly won't be support it as a use case. Sorry.

Quick question before I dive in. 

Is there any way to have tailscale working on unraid natively, like a plugin? So that the array does not have to be spun up to be able to connect?

 

I'm asking because if the array powers down or stops for some reason, then dockers don't run until the array starts which it may not. Which means I'll still have to have a VPN and forward ports to be able to troubleshoot (this is for a remote unraid server). But if it's native and doesn't require array to start it would be much more useful...

 

Any thoughts?

8 minutes ago, maxse said:

I'll still have to have a VPN and forward ports to be able to troubleshoot

Multiple communication paths are a must if you want your best chance to keep operating. Always keep a backup, preferably multiples. The more important the setup, the more redundancy you need.

  • Author
Quick question before I dive in. 
Is there any way to have tailscale working on unraid natively, like a plugin? So that the array does not have to be spun up to be able to connect?
 
I'm asking because if the array powers down or stops for some reason, then dockers don't run until the array starts which it may not. Which means I'll still have to have a VPN and forward ports to be able to troubleshoot (this is for a remote unraid server). But if it's native and doesn't require array to start it would be much more useful...
 
Any thoughts?

I don’t think there is a Slackware build provided by tailscale.

So if you want - get golang installed, compile from source (https://github.com/tailscale/tailscale) and setup, that will probably work.

How you get it to start at boot, not stop with array etc I don’t know. Would probably warrant a plug-in being written or put in a feature request :)

Dean
  • Author
Multiple communication paths are a must if you want your best chance to keep operating. Always keep a backup, preferably multiples. The more important the setup, the more redundancy you need.

On that subject get a cheap USB serial adapter and connect it to something else

I have mine connected to a pinhole, then I always have a serial console.

Apologies if this has been asked, but I just setup tailscale, and I can't access anything.  Since I also use pihole, I followed these directions.  My pihole DNS points to my opnsense router running unbound.  I'm not sure if unbound is interfering, but I don't know how to check.  Any help would be appreciated.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.