dsmith44 Posted April 17 Author Share Posted April 17 4 minutes ago, Duckers said: Hoi, tailscale is now all set up on my end, unraid as exit node, i can browse the web and everything. But i can't seem to access unraid's webui or anything. Nor browse the shares over SMB with x-plore. docker logs shows it's accepting, but still can't access anything of the server. Please use the plugin instead. This is only for specialist use cases now. Quote Link to comment
Fidel84 Posted May 11 Share Posted May 11 a update where nice. Thx 4 Your Work Quote Security update available This machine is running a version with a known security vulnerability. It’s recommended to update to 1.66.1. Quote Link to comment
blaine07 Posted May 21 Share Posted May 21 1.66.4 won't stay running on my Unraid; not sure if just me or what... Quote Link to comment
sdballer Posted May 21 Share Posted May 21 (edited) 1 hour ago, blaine07 said: 1.66.4 won't stay running on my Unraid; not sure if just me or what... I had the same issue... The Log tells you what to update in the advanced setting: --advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering newly added to mine. --stateful-filtering working now. Edited May 21 by sdballer 1 2 Quote Link to comment
blaine07 Posted May 21 Share Posted May 21 50 minutes ago, sdballer said: I had the same issue... The Log tells you what to update in the advanced setting: --advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering newly added to mine. --stateful-filtering working now. What exactly does stateful filtering do/is it for? Quote Link to comment
sdballer Posted May 21 Share Posted May 21 (edited) 50 minutes ago, blaine07 said: What exactly does stateful filtering do/is it for? https://tailscale.com/security-bulletins Description: Insufficient inbound packet filtering in subnet routers and exit nodes May 8, 2024 TS-2024-005 Quote Stateful packet filtering on packet-forwarding nodes On Linux packet-forwarding nodes we added stateful packet filtering. This means that these nodes keep track of forwarded connections and only allow return packets for existing outbound connections. Inbound packets that don't belong to an existing connection are dropped. Because routing is implemented differently on non-Linux platforms, this mitigation is only necessary on Linux. Stateful filtering is enabled by default....... Edited May 21 by sdballer 1 1 Quote Link to comment
Degn Posted May 23 Share Posted May 23 (edited) On 5/22/2024 at 4:50 AM, sdballer said: I had the same issue... The Log tells you what to update in the advanced setting: --advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering newly added to mine. --stateful-filtering working now. Thanks mate! The fix worked for me. Edited May 23 by Degn Quote Link to comment
Rothemich Posted May 24 Share Posted May 24 I’d like to ssh via Tailscale from a device on my tailnet (let’s call it “TN2”) into my Unraid server which is running the Tailscale plugin. As expected, running /app/tailscale set --ssh from the Tailscale docker container’s CLI enables my Unraid server for ssh (confirmed at my Tailscale admin console "machines" page), but (also as expected), this only grants access to files INSIDE the Tailscale docker container. As I would like access to other folders/files of my broader Unraid server array (i.e. for back-up to that other “TN2” tailnet device), does anyone have a best practice for opening up for broader array access? I can swap the direction, having the Unraid system initiate the ssh to my other tailnet device (“TN2”), but I’d prefer to orchestrated from "TN2" side into the Unraid server. Any suggestions? Quote Link to comment
Rothemich Posted May 26 Share Posted May 26 On 5/24/2024 at 1:54 PM, Rothemich said: I’d like to ssh via Tailscale from a device on my tailnet (let’s call it “TN2”) into my Unraid server which is running the Tailscale plugin. As expected, running /app/tailscale set --ssh from the Tailscale docker container’s CLI enables my Unraid server for ssh (confirmed at my Tailscale admin console "machines" page), but (also as expected), this only grants access to files INSIDE the Tailscale docker container. As I would like access to other folders/files of my broader Unraid server array (i.e. for back-up to that other “TN2” tailnet device), does anyone have a best practice for opening up for broader array access? I can swap the direction, having the Unraid system initiate the ssh to my other tailnet device (“TN2”), but I’d prefer to orchestrated from "TN2" side into the Unraid server. Any suggestions? Nevermind ^^. I conflated docker container and plugin. Quote Link to comment
dsmith44 Posted June 1 Author Share Posted June 1 Hello everyone. At this point I want to step back from supporting this docker container, I don't use it personally at all. That was clear with the recent update that I just pushed without testing it at all, sorry but as I said I don't use this and have no interest in it anymore. For 99%+ of people the plugin is better and should be used. For the 1% of people doing odd things, you have some choices to make. Some of you take over the management of this, it's easy, run a script, push to docker hub I'l work with you and good folk at Unraid on how to best manage the transition as I have no idea You individually use the script to build your own images Something else - ideas on a postcard I'm going to put a date of the end of June for the last updates I will push to this, so after that unless someone wants to pick this up it will go stale at that point. 2 Quote Link to comment
EDACerton Posted June 11 Share Posted June 11 I added a template that installs the official Tailscale Docker container, it is available in CA as "Tailscale-Docker". The official container should be suitable for the advanced use cases which require a separate Tailscale instance. Quote Link to comment
dsmith44 Posted June 12 Author Share Posted June 12 @EDACerton has suggested to me that his template that uses the official docker container becomes the replacement for my container. I think this is a good idea, and thank you. We'll work together to test/document cut over and then I'll update the instructions for this to reference his. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.