Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] Tailscale Support Thread

Featured Replies

  • Author
4 minutes ago, Duckers said:

Hoi, tailscale is now all set up on my end, unraid as exit node, i can browse the web and everything. But i can't seem to access unraid's webui or anything. Nor browse the shares over SMB with x-plore. docker logs shows it's accepting, but still can't access anything of the server.

Please use the plugin instead.

 

This is only for specialist use cases now.

  • 4 weeks later...
  • Replies 350
  • Views 131.7k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • Ragemachinest
    Ragemachinest

    Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set

  • Hello everyone.   Tailscale for unraid has become rather more popular than I ever imagined, when I started this it was in the great tradition of scratching my own itch, wanting to access my

  • sdballer
    sdballer

    I had the same issue... The Log tells you what to update in the advanced setting: --advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering   newly added to mine.

Posted Images

a update where nice.

Thx 4 Your Work

Quote

Security update available

This machine is running a version with a known security vulnerability. It’s recommended to update to 1.66.1.

 

  • 2 weeks later...

1.66.4 won't stay running on my Unraid; not sure if just me or what...

 

1 hour ago, blaine07 said:

1.66.4 won't stay running on my Unraid; not sure if just me or what...

 

 

 

I had the same issue... The Log tells you what to update in the advanced setting:

--advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering

 

newly added to mine.

--stateful-filtering

 

working now.

 

Edited by sdballer

50 minutes ago, sdballer said:

 

 

I had the same issue... The Log tells you what to update in the advanced setting:

--advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering

 

newly added to mine.

--stateful-filtering

 

working now.

 

What exactly does stateful filtering do/is it for?

50 minutes ago, blaine07 said:

What exactly does stateful filtering do/is it for?

 

https://tailscale.com/security-bulletins

Description: Insufficient inbound packet filtering in subnet routers and exit nodes

May 8, 2024

TS-2024-005

 

Quote

Stateful packet filtering on packet-forwarding nodes

On Linux packet-forwarding nodes we added stateful packet filtering. This means that these nodes keep track of forwarded connections and only allow return packets for existing outbound connections. Inbound packets that don't belong to an existing connection are dropped.

Because routing is implemented differently on non-Linux platforms, this mitigation is only necessary on Linux.

Stateful filtering is enabled by default.......

 

Edited by sdballer

On 5/22/2024 at 4:50 AM, sdballer said:

 

 

I had the same issue... The Log tells you what to update in the advanced setting:

--advertise-exit-node --advertise-routes=192.168.1.0/24 --stateful-filtering

 

newly added to mine.

--stateful-filtering

 

working now.

 

Thanks mate!

The fix worked for me.

Edited by Degn

I’d like to ssh via Tailscale from a device on my tailnet (let’s call it “TN2”) into my Unraid server which is running the Tailscale plugin.  As expected, running

/app/tailscale set --ssh

from the Tailscale docker container’s CLI enables my Unraid server for ssh (confirmed at my Tailscale admin console "machines" page), but (also as expected), this only grants access to files INSIDE the Tailscale docker container.  As I would like access to other folders/files of my broader Unraid server array (i.e. for back-up to that other “TN2” tailnet device), does anyone have a best practice for opening up for broader array access?

 

I can swap the direction, having the Unraid system initiate the ssh to my other tailnet device (“TN2”), but I’d prefer to orchestrated from "TN2" side into the Unraid server.

 

Any suggestions?

On 5/24/2024 at 1:54 PM, Rothemich said:

I’d like to ssh via Tailscale from a device on my tailnet (let’s call it “TN2”) into my Unraid server which is running the Tailscale plugin.  As expected, running

/app/tailscale set --ssh

from the Tailscale docker container’s CLI enables my Unraid server for ssh (confirmed at my Tailscale admin console "machines" page), but (also as expected), this only grants access to files INSIDE the Tailscale docker container.  As I would like access to other folders/files of my broader Unraid server array (i.e. for back-up to that other “TN2” tailnet device), does anyone have a best practice for opening up for broader array access?

 

I can swap the direction, having the Unraid system initiate the ssh to my other tailnet device (“TN2”), but I’d prefer to orchestrated from "TN2" side into the Unraid server.

 

Any suggestions?


Nevermind ^^.  I conflated docker container and plugin.

  • Author

Hello everyone.

 

At this point I want to step back from supporting this docker container, I don't use it personally at all. That was clear with the recent update that I just pushed without testing it at all, sorry but as I said I don't use this and have no interest in it anymore.

 

For 99%+ of people the plugin is better and should be used. 

 

For the 1% of people doing odd things, you have some choices to make.

  • Some of you take over the management of this, it's easy, run a script, push to docker hub
    • I'l work with you and good folk at Unraid on how to best manage the transition as I have no idea
  • You individually use the script to build your own images
  • Something else - ideas on a postcard

I'm going to put a date of the end of June for the last updates I will push to this, so after that unless someone wants to pick this up it will go stale at that point.

 

  • 2 weeks later...

I added a template that installs the official Tailscale Docker container, it is available in CA as "Tailscale-Docker". The official container should be suitable for the advanced use cases which require a separate Tailscale instance.

 

 

  • Author

@EDACerton has suggested to me that his template that uses the official docker container becomes the replacement for my container. I think this is a good idea, and thank you.

 

We'll work together to test/document cut over and then I'll update the instructions for this to reference his.

 

 

  • 3 months later...

Is there a way to switch from this docker to the plugin without changing Tailscale creds and IP?

 

I have been using this docker and I have external services that depend on the Tailscale IP.

 

It's not going to be particularly easy to switch from one to the other without breaking connectivity for some remote services.

How do I access Unraid via hostname on my LAN?

Since I installed Tailscale, and Tailscale didn't like SMB, I disabled SMB.

I can no longer reach "http://tower" (because SMB is disabled).  I can reach "http://192.168.1.7".

 

Thank you.

On 10/11/2024 at 3:56 AM, warpspeed said:

I have been using this docker and I have external services that depend on the Tailscale IP.

1. Never use the IP addresses for anything, use host names instead

2. Assign the same IP once you move over to the plugin - you can do this in the admin console

 

35 minutes ago, Jaybau said:

I can no longer reach "http://tower" (because SMB is disabled).

 

SMB doesn't affect name resolution in general and certainly not over hhtp.

What about for machines where I do not have (cannot) Tailscale installed?

 

image.png.d753c4325b998b1b4c962744b8a9752f.png

1 hour ago, Jaybau said:

What about for machines where I do not have (cannot) Tailscale installed?

Doesn't really make a difference, IF....  If you can resolve those machines by hostname on your own private LAN, you can make that work with Tailscale. Use a subnet route on at least one LAN node, defined as the CIDR for your LAN (like 10.0.0.0/24). And make sure that system is also using your local DNS.

 

I've found the above is only needed for hosts that live outside your LAN to access your LAN as if they were local. Machines that are already inthe LAN shouldn't need the above. Example, I'm using the advertised subnet on TS running on a VPS in the US while my LAN is in Canada.

 

I've set my local DNS (AdGuard Home) as the Global DNS in the Tailscale admin console. I'm not using Tailscale DNS on any nodes.

 

This is what I've done to be able to access everything on my LAN. In addition however, I'm also running my own DNS resolver (upstream of AdGuard) where I give every machine and service a meaningful host name, so I don't rely only on mDNS. And for those that need it, for secure certificates on the web, I also use Nginx Proxy Manager to change ports and apply certificates. I've got Tailscale running along side that inside a container (LXC in my case) which also makes it so the tailnet sees all those proxies.

 

Practical examples of devices I can access which don't have Tailscale:

  • Any of my managed switches
  • My Jailbroken PS3 and PS4
  • Wii-U
  • IP cameras
  • Commercial NVR
  • Any of my Wifi-based home automation devices
  • Home Assistant VM - via web or via Home Assistant app
  • CNC controller
  • etc

 

 

 

Edited by Espressomatic

On machines within Tailscale, I can resolve hostnames.

On a machine outside of Tailscale, I cannot resolve hostnames.

 

I setup subnet using the IP address range of my  local LAN (without Tailscale):

image.png.ef8dd75c9e9a990c16ca9aa401c8828a.png

 

My goal is to get the machine outside of Tailscale to resolve the hosname "tower" to 192.168.1.7.

Something similar to what SMB was doing for me before I disabled SMB.

Easiest way: Give all those machines names via DHCP

 

Additional suggestion: put a FQDN onto your LAN.  Like "mylan.tld" - it has to be a real TLD if you want to use it from a web browser easily. Best to have your own registered domain, but you can obviously just make one up if you're not going to need to resolve it from an outside public network.

 

Then every machine you create a name for will be reachable via name.domain.tld

 

This all has to work on your LAN before it can work through your tailnet

 

Like I said earlier, I don't rely on mDNS advertisements from the individual machines - that's setting an Unraid machine name inside Unraid itself like your "Tower" example and then being able to resolve that as tower.local from other LAN devices.

Edited by Espressomatic

3 hours ago, Espressomatic said:

1. Never use the IP addresses for anything, use host names instead

2. Assign the same IP once you move over to the plugin - you can do this in the admin console

Thanks, in regards to 1. I would do that but the config files only accept IP addresses.

In regards to 2. I wasn't aware we could do that now, must be a recent new Tailscale feature - that'd certainly solve my problem then. Thanks!

3 minutes ago, warpspeed said:

Thanks, in regards to 1. I would do that but the config files only accept IP addresses.

Then I'd make sure you advertise your LAN route(s) to the tailnet from at least one machine and use the routes on any machine that can't normally access those ranges. Then use your LAN IPs instead of the Tailnet IPs, so long as they're reserved/static.

 

 

Edited by Espressomatic

2 minutes ago, Espressomatic said:

Then I'd make sure you advertise your LAN route(s) to the tailnet from at least one machine and use the routes on any machine that can't normally access those ranges. Then use your LAN IPs instead of the Tailnet IPs, so long as they're reserved/static.

Good idea, I definitely could do that. But I'd prefer not to as it's high traffic and I'd rather it not loop through my subnet routers. :)

I suppose I wouldn't run a botnet back through my LAN IPs either. :)

Hello the latest update breaks the docker, it has the wrong os/arch version declared. Its linux/arm64/v8 instead of the correct linux/amd64.

 

https://hub.docker.com/r/deasmi/unraid-tailscale/tags

 

Dont update the docker till it is fixed, in case you already updated the docker you will need to rollback.

Open the docker properties, at the top of docker properties enter the following and for the repository field: apply: deasmi/unraid-tailscale:1.78

  • Author

DO NOT USE - SEE FIRST PAGE

 

This docker container is deprecated

 

This is now fixed, but this is the last ever update.

 

SIX MONTHS FROM NOW DOCKER HUB IMAGES WILL BE REMOVED

 

 

Edited by dsmith44

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.