May 23, 20206 yr Author On 5/19/2020 at 7:22 PM, fserb said: I'm pretty sure there's an issue with Tailscale's iptables rules and Unraid's docker iptables. I've also tried using tailscale tip of tree, but no success there either. Someone who understands Unraid iptables better would have an easier time with this. dsmith, I have a suggestion for your docker-entrypoint.sh. Replace the bottom lines with: (sleep 10; tailscape up) & exec tailscaled --state=/state/tailscaled.state it's much nicer than your current while loop. I don't know what people have against the poor venerable while loop 😎, but I have changed to use a 'sleep infinity' instead which is slightly cleaner. Whilst your method will work, and is elegant, it's less 'obvious' about ordering, so I think I'll leave that alone.
May 24, 20206 yr Question... not sure if this is the right place to ask this. I have 2 Ethernet ports on my server. Eth1 is 10.0.0.8 (local traffic) Eth2 is running 10.1.0.5 (internet) do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1. This is kinda what I am aiming for: Edited May 24, 20206 yr by ghulican
May 24, 20206 yr Author 5 hours ago, ghulican said: Question... not sure if this is the right place to ask this. I have 2 Ethernet ports on my server. Eth1 is 10.0.0.8 (local traffic) Eth2 is running 10.1.0.5 (internet) do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1. This is kinda what I am aiming for: If the influx container is only listening on the ETH1 ip address, bridge mode, then I'm afraid this container probably isn't going to work for you. This will only allow you to access containers that listen on the tailscale interface ip address itself, not eth1, eth2 or any other interfaces. It is not providing a gateway to 'other networks' just exposing the Unraid server itself to tailscale.'other networks' in this context means absolutely anything that isn't the IP address of the tailscale interface. If you can make influxDB also bind to the tailscale interface then it will work. I'm not keen on trying to turn this into a VPN gateway solution, nor am I sure that's even possible with a docker container rather than a plugin.
May 25, 20206 yr Hey, great work here! Does anyone know how to change hostname? Not sure where I'd add the extra parameters. Thanks!
May 25, 20206 yr 4 minutes ago, yitzi said: Hey, great work here! Does anyone know how to change hostname? Not sure where I'd add the extra parameters. Thanks! Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want.
May 25, 20206 yr 3 minutes ago, fserb said: Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want. Thanks!! That basic switch gets me sometimes.
June 3, 20206 yr Do you know a way that we can use the ACL tags? I know this is a beta feature, but I assume it will be the same in prod? https://tailscale.com/kb/1068/acl-tags
June 5, 20206 yr Author On 6/3/2020 at 4:46 PM, ghulican said: Do you know a way that we can use the ACL tags? I know this is a beta feature, but I assume it will be the same in prod? https://tailscale.com/kb/1068/acl-tags I believe ACL support is only available in the paid version, which I do not have, nor have a need for. As such I am not planning to look at ACLs. Sorry.
June 7, 20206 yr After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker. So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard. Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure). Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured?
June 7, 20206 yr Author 2 hours ago, tillkrueger said: After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker. So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard. Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure). Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured? Looking at the Zerotier docker post that links here it looks like you got connectivity working, you can connect by IP to your unraid server's tailscale address. I do not believe that tailscale support multicast or broadcast traffic, so there won't be any way to get Bonjour working and have your Unraid appear as a browsable machine.
June 7, 20206 yr Ok, I guess I can’t have it all with this, but I am glad to have an easier method to administer and connect to my unRAID by means of your Docker.Thank you!Sent from my iPhone using Tapatalk
October 19, 20205 yr Author A couple of updates. I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate. Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this. Secondly I've merged in support for passing flags to tailscale. If you want to use this define a variable UP_FLAGS. These will be appended to the command that invokes tailscale. Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like. Thanks to @shayne for this. Dean
March 18, 20215 yr On 10/19/2020 at 6:30 PM, dsmith44 said: A couple of updates. I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate. Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this. Secondly I've merged in support for passing flags to tailscale. If you want to use this define a variable UP_FLAGS. These will be appended to the command that invokes tailscale. Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like. Thanks to @shayne for this. Dean Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point).
March 18, 20215 yr Also, please can you see if it's possible to support https://tailscale.com/kb/1103/exit-nodes? If I try to enable it, it informs me that IP forwarding is disabled and directs me to https://tailscale.com/kb/1104/enable-ip-forwarding. Thanks for the container 🐳❤️! EDIT: Huh, in actual testing it seems to work fine...? Tailscale bug perhaps? Edited March 18, 20215 yr by Alexstrasza
March 23, 20215 yr Author On 3/18/2021 at 11:14 PM, Alexstrasza said: Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point). I have no idea why you are seeing this, the repo with the template in has clear latest tag. I've just done a clean install and got latest tag. Can you totally remove the image and try? Latest tag in dockerhub tag is 1.6.0 - https://hub.docker.com/layers/deasmi/unraid-tailscale/latest/images/sha256-89c29de3e44120014a41b9399c09a97732794527b0aff5cc3fcd1d8bb28abd6d?context=repo
March 23, 20215 yr On 3/23/2021 at 9:46 AM, dsmith44 said: Can you totally remove the image and try? On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅? Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning. UPDATE: This turned out to be because I had IPv6 forwarding off on my host. Edited April 27, 20215 yr by Alexstrasza Explain reason for error
April 27, 20215 yr Quote Where can I find a setup guide for this? Also, do you need to download wireguard as well?
April 28, 20215 yr On 3/23/2021 at 5:34 PM, Alexstrasza said: On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅? Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning. UPDATE: This turned out to be because I had IPv6 forwarding off on my host. I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working?
April 29, 20215 yr 15 hours ago, Fillwe said: I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working? It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/ Edited April 29, 20215 yr by Alexstrasza
April 29, 20215 yr 10 hours ago, Alexstrasza said: It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/ Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow? I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation. If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears! Edited April 29, 20215 yr by Fillwe
April 30, 20215 yr 12 hours ago, Fillwe said: Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow? I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation. If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears! This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works!
May 1, 20215 yr On 4/30/2021 at 1:43 PM, Alexstrasza said: This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works! Ah i see, yes that worked! Thank you so much for the help!:-) Edited May 1, 20215 yr by Fillwe
May 1, 20215 yr 2 minutes ago, Fillwe said: Ah i see, yes that worked! Thank you so much for the help!:-) No problem, glad it was that setting and not something more messy!
May 9, 20215 yr On 4/30/2021 at 1:43 PM, Alexstrasza said: This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works! This helped me too, thanks! Maybe it should be added to the instructions?
May 18, 20215 yr I currently have WireGuard working with UnRaid via the Dynamix WireGuard plugin. What do I need to do if I want to try out this TailScale? Can both run at the same time or do I need to uninstall the WireGuard plugin? I only have two clients, so I don't care if they're lost.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.