[Support] Tailscale Support Thread


Recommended Posts

3 hours ago, eric.frederich said:

I currently have WireGuard working with UnRaid via the Dynamix WireGuard plugin.

 

What do I need to do if I want to try out this TailScale?

Can both run at the same time or do I need to uninstall the WireGuard plugin?

 

I only have two clients, so I don't care if they're lost.

 

They can both run independently, so feel free to try it out!

Link to comment
1 hour ago, Alexstrasza said:

 

They can both run independently, so feel free to try it out!

 

Cool thanks for the reply.  Maybe you can clarify something for me then.  It's my understanding that:

  • WireGuard is baked into the Linux kernel
  • TailScale is built on top of WireGuard
  • The Dynamix WireGuard plugin for UnRaid simply provides a web-ui to manage the WireGuard already baked into the kernel.

Is all of that correct?  If so, I'm curious how they don't conflict with each other.

Link to comment
1 hour ago, eric.frederich said:

 

Cool thanks for the reply.  Maybe you can clarify something for me then.  It's my understanding that:

  • WireGuard is baked into the Linux kernel
  • TailScale is built on top of WireGuard
  • The Dynamix WireGuard plugin for UnRaid simply provides a web-ui to manage the WireGuard already baked into the kernel.

Is all of that correct?  If so, I'm curious how they don't conflict with each other.

 

Correct on all three counts! However there is a bit more nuance to it. Whilst Wireguard can be used with a kernel implementation (which I believe is more efficient, so less CPU usage) it can also be implemented in software. Tailscale at the moment exclusively uses the software implementation to ease cross-platform compatibility, although there are plans in the future to link in with the kernel system on systems with support. This means it's technically not speaking with the system implementation at all at the moment.

 

As for compatibility in general, as far as I'm aware any number of systems can use the underlying Wireguard technology, as long as they don't use conflicting address spaces (this is true with any VPN afaik and in my experience). Since Tailscale uses the rare 100. address range, it's incredibly unlikely to conflict with anything else provided you haven't manually specified that same range for the Unraid Wireguard tunnels.

Link to comment
  • 1 month later...

 

I'm having a hard time trying to get tailscale docker to run. I'm on UnRAID 6.9.2 and tailscale just crashes when I'm trying to start the container. I'm getting the following error message

 

2021/06/19 03:50:01 logtail started
2021/06/19 03:50:01 Program starting: vdate.20210316, Go 1.15.6: []string{"tailscaled", "--state=/state/tailscaled.state"}
2021/06/19 03:50:01 LogID: - zipped -
2021/06/19 03:50:01 logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.Read /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
2021/06/19 03:50:01 wgengine.NewUserspaceEngine(tun "tailscale0") ...
2021/06/19 03:50:01 Starting userspace wireguard engine with tun device "tailscale0"
2021/06/19 03:50:01 Linux kernel version: 5.10.28-Unraid

2021/06/19 03:50:01 is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with: modprobe: can't change directory to '/lib/modules': No such file or directory

2021/06/19 03:50:01 CreateTUN: operation not permitted
2021/06/19 03:50:01 wgengine.NewUserspaceEngine(tun "tailscale0") error: operation not permitted

2021/06/19 03:50:01 wgengine.New: operation not permitted
2021/06/19 03:50:01 flushing log.
2021/06/19 03:50:01 logger closing down
2021/06/19 03:50:01 logtail: dial "log.tailscale.io:443" failed: dial tcp 34.210.105.16:443: setting SO_MARK bypass: operation not permitted (in 35ms)

 

I tried downgrading all the way down to 1.6 but no dice. Console also crashes upon opening and it says the docker container isn't running

 

Any suggestions on how to proceed?

Edited by sdchew
Link to comment
  • 3 weeks later...

I recently awitch to this docker but I am still getting windows unspecified errors while transfer files.  I thought this would fix the samba errors I was getting because Windows start locking up SMB in recent updates.

 

 I even mounted the drive and still get this!

 

 

Why am I getting these error when using Tailscale is beyond me and GOOGLE is no help.

Edited by Bandit_King
Link to comment
3 minutes ago, Bandit_King said:

I recently awitch to this docker but I am still getting windows unspecified errors while transfer files.  I thought this would fix the samba errors I was getting because Windows start locking up SMB in recent updates.

 

 I even mounted the drive and still get this!

 

 

Why am I getting these error when using Tailscale is beyond me and GOOGLE is no help.

 

What exact error is it you are getting?

Link to comment
3 minutes ago, Bandit_King said:

Error 0x80004005: Unspecified error

 

File transfer and stops in the middle giving this error. 

 

That's a pretty strange issue, that's not the error you should get if it's a SMBv1 problem from what I know, the error is normally much more specific. Have you tried posting a general thread in https://forums.unraid.net/forum/55-general-support/? They'll be much better prepared to help you there, this is more of a support thread for Tailscale-specific issues.

 

Unfortunately I think if your non-Tailscale file transfers don't work properly, they are unlikely to work within Tailscale, as the method is exactly the same.

Link to comment
23 hours ago, dsmith44 said:

Version 1.10.1 has been released and container updated.

  

23 hours ago, dsmith44 said:

Version 1.10.1 has been released and container updated.

Does anyone have issues with this release (1.10.1) stopping 5-10 seconds after starting? I tried removing everything and starting fresh with the same result.

 

Log shows a couple of errors:

health("dns"): error: rename /etc/resolv.conf /etc/resolv.pre-tailscale-backup.conf: device or resource busy

 

Received error: PollNetMap: EOF

 

peerapi listen("fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b") error: listen tcp6 [fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b]:0: bind: cannot assign requested address

Link to comment
1 hour ago, Ragemachinest said:

  

Does anyone have issues with this release (1.10.1) stopping 5-10 seconds after starting? I tried removing everything and starting fresh with the same result.

 

Log shows a couple of errors:

health("dns"): error: rename /etc/resolv.conf /etc/resolv.pre-tailscale-backup.conf: device or resource busy

 

Received error: PollNetMap: EOF

 

peerapi listen("fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b") error: listen tcp6 [fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b]:0: bind: cannot assign requested address

 

I am having the same issue, and have also tried removing the appdata/tailscale directory and starting from scratch with the same result. Restarting my server also had no effect.

Link to comment
1 hour ago, Ragemachinest said:

  

Does anyone have issues with this release (1.10.1) stopping 5-10 seconds after starting? I tried removing everything and starting fresh with the same result.

 

Log shows a couple of errors:

health("dns"): error: rename /etc/resolv.conf /etc/resolv.pre-tailscale-backup.conf: device or resource busy

 

Received error: PollNetMap: EOF

 

peerapi listen("fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b") error: listen tcp6 [fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b]:0: bind: cannot assign requested address

 

Apologies, very poor testing on my part - I will ensure a ten minute+ test in future before pushing.

 

I have rolled latest tag back to 1.8.3 and will investigate this.

Link to comment
11 hours ago, dsmith44 said:

 

Apologies, very poor testing on my part - I will ensure a ten minute+ test in future before pushing.

 

I have rolled latest tag back to 1.8.3 and will investigate this.


Updated back to 1.8.3 (and latest) but alas still getting

can't change --login-server without --force-reauth

as the final line then the container shuts down. Reauthing gets it back online as a new machine.

I've noticed i'm getting alot of ipv6 errors in the log, about being unable to bind.

Edited by Uirel
Link to comment
23 hours ago, Ragemachinest said:

  

Does anyone have issues with this release (1.10.1) stopping 5-10 seconds after starting? I tried removing everything and starting fresh with the same result.

 

Log shows a couple of errors:

health("dns"): error: rename /etc/resolv.conf /etc/resolv.pre-tailscale-backup.conf: device or resource busy

 

Received error: PollNetMap: EOF

 

peerapi listen("fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b") error: listen tcp6 [fd7a:115c:a1b0:ab12:4323:ad45:6351:1d6b]:0: bind: cannot assign requested address

 

I need to ask for everyone's forgiveness as I am an idiot.

 

At some point in the past I managed to change the build scripts so I was accidentally building HEAD instead of numbered versions of code.

 

HEAD points to a development control plane hence the issues here.

 

When they appear, which I hope will be this evening, please restore you saved state file and repoint to latest or 1.10.1.

I will also push 1.10.1-FIXED if you want to make sure you pull the fixed version.

 

I am now going back to git school, going to have lie down in a dark room and will then alter the build scripts to pull binaries instead of building from source.

 

Apologies for all the trouble here.

Edited by dsmith44
Link to comment

I have changed the build process for this container to pull binaries from tailscale instead of building from source.

 

This will prevent any future problems with versioning and means we are now using offical binaries.

 

1.10.1 is the first version where this is the case and is available as tags

1.10.1

1.10.1-BINARY

latest

 

latest will obviosuly move at a later date.

 

Can I encourage everyone to switch to this builds as prior builds were not inline with official versions.

 

Thank you

  • Like 1
Link to comment
On 5/23/2020 at 5:41 AM, dsmith44 said:

Re: host vs bridge mode

 

Having thought this through I feel host is the correct mode for this to operate in.

 

Host means the networking is part of the base host networking so if the host can see the port tailscale will be able to as well.

However that relies on the mapped ports listening on all addresses, which if I check my unraid server they do. 


root@unraid:~# ss -ltu
Netid              State               Recv-Q              Send-Q                                                   Local Address:Port                                     Peer Address:Port              Process
..
tcp                LISTEN              0                   128                                                                  *:8200                                                *:*
..

 

Snap1.thumb.png.2d4734afc04bea5047011a8d1d6f36c9.png

 

However the only IP address that you'll be able to access through tailscale will be the tailscale ip address itself, trying to use a LAN address, a docker bridge network address or any other address is going to fail as we aren't doing subnet forwarding.

 

I am not currently keen on even trying to add subnet forwarding to this container as it was never my intention to create a VPN gateway, just to allow access to Unraid services from tailscale.

 

I am also not sure if this is even necessarily possible without additional steps outside of the container itself; if I look in the Apps list OpenVPN server is available as a plugin but not as a container. So building a plugin is likely a better route for someone to look at, but not something I'm going to get into.

 

I would suggest using the built in wireshark support if you want to get a VPN connection to the whole network.

 

Latest version appears to be working as expected now. I appreciate the work this. Thank you!

Link to comment
  • 2 weeks later...

Just trying to set this up followed all the steps and have magic dns enabled but eveytime i try to pt the ip address tailscale gives or the local ip for the server it times out, when i start the container at the top i get this in yellow,

 

2021/07/24 10:44:58 router: disabling tunneled IPv6 due to system IPv6 config: kernel doesn't support IPv6 policy routing: ip -6 rule failed: RTNETLINK answers: Address family not supported by protocol

 

and when i try to do some with my phone or laptop i get this in red,

 

2021/07/24 10:44:59 [unexpected] peerapi listen("fd7a:115c:a1e0:ab12:4843:cd96:6268:1e33") error: listen tcp6 [fd7a:115c:a1e0:ab12:4843:cd96:6268:1e33]:0: bind: cannot assign requested address

 

Any clue ? anyone else come accross this ? 

Link to comment
14 hours ago, ThEdOtOr said:

Just trying to set this up followed all the steps and have magic dns enabled but eveytime i try to pt the ip address tailscale gives or the local ip for the server it times out, when i start the container at the top i get this in yellow,

 

2021/07/24 10:44:58 router: disabling tunneled IPv6 due to system IPv6 config: kernel doesn't support IPv6 policy routing: ip -6 rule failed: RTNETLINK answers: Address family not supported by protocol

 

and when i try to do some with my phone or laptop i get this in red,

 

2021/07/24 10:44:59 [unexpected] peerapi listen("fd7a:115c:a1e0:ab12:4843:cd96:6268:1e33") error: listen tcp6 [fd7a:115c:a1e0:ab12:4843:cd96:6268:1e33]:0: bind: cannot assign requested address

 

Any clue ? anyone else come accross this ? 

Followed the video tutorial and everything seems to be setup but it's not working and when I check the log I get this

 

2021/07/25 01:36:49 [unexpected] peerapi listen("fd7a:115c:a1e0:ab13:4843:cd96:625c:200d") error: listen tcp6 [fd7a:115c:a1e0:ab13:4843:cd96:625c:200d]:0: bind: cannot assign requested address

Link to comment
14 hours ago, hgelpke said:

Followed the video tutorial and everything seems to be setup but it's not working and when I check the log I get this

 

2021/07/25 01:36:49 [unexpected] peerapi listen("fd7a:115c:a1e0:ab13:4843:cd96:625c:200d") error: listen tcp6 [fd7a:115c:a1e0:ab13:4843:cd96:625c:200d]:0: bind: cannot assign requested address

 

What video are you refering to?

I've never made a setup video.

 

That error is almost certainly not important, it is trying to get an IPv6 address as well as IPv4 and failing - I have that all the time without issue.

I have never looked into providing IPv6 to docker containers on Unraid.

 

Can you post more of your logfile?

 

 

Link to comment
1 hour ago, dsmith44 said:

 

What video are you refering to?

I've never made a setup video.

 

That error is almost certainly not important, it is trying to get an IPv6 address as well as IPv4 and failing - I have that all the time without issue.

I have never looked into providing IPv6 to docker containers on Unraid.

 

Can you post more of your logfile?

 

 

 The video I mentioned. I'll get my log

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.