angyen Posted October 14, 2021 Share Posted October 14, 2021 (edited) I am trying to make all devices on 3 different LANs on 3 different locations to be able to connect to each other via Tailscale. 2 location tailscale via this docker in unraid and another tailscale run over raspberry pi. Successfully advertise routes for 3 different LAN Subnets, and if I am running Tailscale on my PC I am able to connect to all devices from 3 different LAN Now what I would like to achieve is that for all devices under the 3 different LANs can connect to each other without running tailscale on the PC. I have setup static route at my router to point to the LAN address of Unraid, I executed the command "tailscale up --accept-routes --advertise-routes=LOCAL LAN/24". However, when I run tracert in windows, the connection stop at my local UNRAID IP and not being forwarded via Tailscale. May I know what setting do I missed up at my local UNRAID server or tailscale docker to make the connection possible? Edited October 14, 2021 by angyen Quote Link to comment
dsmith44 Posted October 14, 2021 Author Share Posted October 14, 2021 (edited) 1 hour ago, angyen said: I am trying to make all devices on 3 different LANs on 3 different locations to be able to connect to each other via Tailscale. 2 location tailscale via this docker in unraid and another tailscale run over raspberry pi. Successfully advertise routes for 3 different LAN Subnets, and if I am running Tailscale on my PC I am able to connect to all devices from 3 different LAN Now what I would like to achieve is that for all devices under the 3 different LANs can connect to each other without running tailscale on the PC. I have setup static route at my router to point to the LAN address of Unraid, I executed the command "tailscale up --accept-routes --advertise-routes=LOCAL LAN/24". However, when I run tracert in windows, the connection stop at my local UNRAID IP and not being forwarded via Tailscale. May I know what setting do I missed up at my local UNRAID server or tailscale docker to make the connection possible? This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale. My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best. Edit: If I had to guess, check if ip_forwarding is enabled, do you have a net.ipv4.ip_forward = 1 in /etc/sysctl.conf But I've never tested a setup like this, so shooting blind. Edited October 14, 2021 by dsmith44 Adding more info Quote Link to comment
angyen Posted October 14, 2021 Share Posted October 14, 2021 2 minutes ago, dsmith44 said: This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale. My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best. Thank you for the swift reply. I have setup wireguard in these 2 unraid server but now my ISP is migrating all public IP to private IP, which is why I need to deploy Tailscale as my wireguard will cease to function once I no longer have a public IP. Looks like I got to figure out another alternative way to install Tailscale, maybe through a VM under unraid. Quote Link to comment
angyen Posted October 14, 2021 Share Posted October 14, 2021 16 minutes ago, dsmith44 said: This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale. My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best. Edit: If I had to guess, check if ip_forwarding is enabled, do you have a net.ipv4.ip_forward = 1 in /etc/sysctl.conf But I've never tested a setup like this, so shooting blind. Yes. the setting for unraid and docker both for net.ipv4_forward = 1 but still it doesn't work. Thank you for the suggestion. Truly appreciate that. Quote Link to comment
angyen Posted October 14, 2021 Share Posted October 14, 2021 5 hours ago, angyen said: Thank you for the swift reply. I have setup wireguard in these 2 unraid server but now my ISP is migrating all public IP to private IP, which is why I need to deploy Tailscale as my wireguard will cease to function once I no longer have a public IP. Looks like I got to figure out another alternative way to install Tailscale, maybe through a VM under unraid. I just tried installing tailscale in debian VM with the --accept-routes command. while in the vm I can access to other LAN subnet, but when my router forward the route to by debian vm, the connection still not pass through and I can't connect to other LAN subnet. Tracert reveal that the connection broke at the debian VM. Looks like there is a setting that needed to be done. I got to study it futher. If anyone know what to change to make it work. Please let me know. Thank you. Quote Link to comment
Craig Dennis Posted October 15, 2021 Share Posted October 15, 2021 (edited) Everything was working well yesterday but now I can't connect to my server via Tailscale (IP or MagicDNS). I have removed and reinstalled the Docker, cleared the appdata, and re-authed several times. The Tailscale admin shows as connected (and disconnected when I turn off the container or reboot the host machine). In the Docker logs there are a lot of IPV6 errors: 2021/10/15 16:31:19 [unexpected] peerapi listen("REDACTED") error: listen tcp6 [REDACTED]:0: bind: cannot assign requested address Docker Container: `latest` 1.14.6 (but tailscale admin shows 1.16.0 being the actual latest Unraid version: 6.9.2 2021-04-07 Edit: Randomly started working again after just leaving it alone for an few hours. Edited October 15, 2021 by Craig Dennis Quote Link to comment
dsmith44 Posted October 18, 2021 Author Share Posted October 18, 2021 On 10/15/2021 at 5:51 PM, Craig Dennis said: Docker Container: `latest` 1.14.6 (but tailscale admin shows 1.16.0 being the actual latest Unraid version: 6.9.2 2021-04-07 I tend to wait for 1.x.y where y > 1 before doing an update as the .0 releases tend to be buggy and have a release every other day. Quote Link to comment
dsmith44 Posted October 19, 2021 Author Share Posted October 19, 2021 1.16.0 has been pushed and latest tag updated accordingly. After 17 days it seems we aren’t getting any 1.16.1 bug fixes. Sent from my iPhone using Tapatalk Quote Link to comment
FoxyNC Posted October 19, 2021 Share Posted October 19, 2021 Hi everyone, I'm not sure this concern has been addressed here but I'm trying to understand the way Tailscale (docker/linux version) can automatically receive files from other devices. From what I've experienced so far it seems I have to open the Console of the container and type the following command, EACH time I send a file to my Unraid/Tailscale server. Seems to be a "confirmation" to allow receiving the file. ./tailscale file get . Where "." can be any directory you’d like to copy files to It's pretty annoying since I'd like to receive files without confirming each time with the above command. Did you manage to do it? FYI this behavior is not the same on Android and Windows devices as they both automatically accept the files. On Android the files go to the /Download folder On Windows the files go the your Desktop (at least if a session is opened) Quote Link to comment
dsmith44 Posted October 19, 2021 Author Share Posted October 19, 2021 Hi everyone, I'm not sure this concern has been addressed here but I'm trying to understand the way Tailscale (docker/linux version) can automatically receive files from other devices. From what I've experienced so far it seems I have to open the Console of the container and type the following command, EACH time I send a file to my Unraid/Tailscale server. Seems to be a "confirmation" to allow receiving the file../tailscale file get . Where "." can be any directory you’d like to copy files to It's pretty annoying since I'd like to receive files without confirming each time with the above command. Did you manage to do it? FYI this behavior is not the same on Android and Windows devices as they both automatically accept the files. On Android the files go to the /Download folder On Windows the files go the your Desktop (at least if a session is opened) I had no idea this was a thing, and it’s certainly not something that I’d be planning on testing while it’s in alpha. If you are connected to tailscale you can just sftp to the server, or even connect to the actual shares?The instructions for taildrop do also seem to indicate that you have to accept every file on Linux. https://tailscale.com/kb/1106/taildrop/If this changes at a later date when out of alpha/beta perhaps we’ll revisit. Sent from my iPhone using Tapatalk 1 Quote Link to comment
dsmith44 Posted October 20, 2021 Author Share Posted October 20, 2021 (edited) 11 hours ago, dsmith44 said: I had no idea this was a thing, and it’s certainly not something that I’d be planning on testing while it’s in alpha. If you are connected to tailscale you can just sftp to the server, or even connect to the actual shares? The instructions for taildrop do also seem to indicate that you have to accept every file on Linux. https://tailscale.com/kb/1106/taildrop/ If this changes at a later date when out of alpha/beta perhaps we’ll revisit. @FoxyNC I had a bit more of a look at this today, and I can see why this would be useful but.... As they say themselves tailscale runs as root, so all files would be written as root if they allowed automatic downloads. It feels inherently a bad idea to allow files to drop with root ownership into a system, which is why you have to approve them currently I feel. Hopefully they'll fix this and support a second userid for file uploads and add options to support that. If/when that happens I'll take a look at this, as while ssh/sftp work fine from a PC/Mac that's not so useful form a mobile device, so I can see the use case here. Edit: I'll keep and eye on this https://github.com/tailscale/tailscale/issues/2312 Edited October 20, 2021 by dsmith44 1 Quote Link to comment
dsmith44 Posted October 20, 2021 Author Share Posted October 20, 2021 (edited) On 10/19/2021 at 10:19 AM, dsmith44 said: 1.16.0 has been pushed and latest tag updated accordingly. After 17 days it seems we aren’t getting any 1.16.1 bug fixes. Sent from my iPhone using Tapatalk Shouldn't have said that should I..... 1.16.1 has dropped, pushed and latest updated. Edited October 20, 2021 by dsmith44 1 Quote Link to comment
dsmith44 Posted October 30, 2021 Author Share Posted October 30, 2021 On 10/20/2021 at 11:32 AM, dsmith44 said: Shouldn't have said that should I..... 1.16.1 has dropped, pushed and latest updated. 1.16.2 now released - tagged as 1.16.2 1.16 latest Quote Link to comment
Pducharme Posted November 3, 2021 Share Posted November 3, 2021 Quick question, I tried finding here but cant. Is there a way to disable all the ipv6? Just want to prevent "spaming" of the logs : 2021/11/03 03:06:46 [unexpected] peerapi listen("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked") error: listen tcp6 [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked]:0: bind: cannot assign requested address Quote Link to comment
dsmith44 Posted November 14, 2021 Author Share Posted November 14, 2021 On 11/3/2021 at 3:19 AM, Pducharme said: Quick question, I tried finding here but cant. Is there a way to disable all the ipv6? Just want to prevent "spaming" of the logs : 2021/11/03 03:06:46 [unexpected] peerapi listen("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked") error: listen tcp6 [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked]:0: bind: cannot assign requested address There isn't to my knowledge, due to what tailscale is trying to do. I think this is by design and there are no options to disable either protocol in the underlying software. It will use any connection it can find to connect to the control plane, ipv4 or ipv6 and ideally both, so that when another host tries to connect it has the best chance of being able to connect. The log lines are totally harmless. Quote Link to comment
dsmith44 Posted November 14, 2021 Author Share Posted November 14, 2021 Hello everyone. Tailscale for unraid has become rather more popular than I ever imagined, when I started this it was in the great tradition of scratching my own itch, wanting to access my sever over tailscale. Since then there have been over 250,000 downloads, there are tutorials on youtube, and increasing numbers of requests for new features and support. So I think it might be time to open this up a little bit more and so I have a few asks. Firstly, if you want a new feature, or think you have found a bug please don't post them here - or at least not only here, please create an issue on github if at all possile. https://github.com/deasmi/unraid-tailscale Secondly I'm just one person and while this is a realatively simple thing, it's really just packaging tailscale, using it can get more complicated as new features are always being added. So if you'd like to get involved as a developer or tester for future things please let me know by sending me a DM along with how you'd like to help. Thank you Dean 3 Quote Link to comment
blaine07 Posted November 19, 2021 Share Posted November 19, 2021 With 1.18 just dropping I sure wish I was knowledgeable enough to help. I can barely be a user BUT @dsmith44 I am VERY appreciative of you keeping this together for us! 🙂 All the thanks! 1 Quote Link to comment
ldog88 Posted November 23, 2021 Share Posted November 23, 2021 Hi, I've managed to set up tailscale so I can access my unraid web UI from outside my home however I cannot then access the individual docker containers from here. Please can someone point me in the right direction for finding instructions on how to set this up? Thanks Quote Link to comment
Alexstrasza Posted November 23, 2021 Share Posted November 23, 2021 37 minutes ago, ldog88 said: Hi, I've managed to set up tailscale so I can access my unraid web UI from outside my home however I cannot then access the individual docker containers from here. Please can someone point me in the right direction for finding instructions on how to set this up? Thanks Quote Link to comment
dsmith44 Posted November 23, 2021 Author Share Posted November 23, 2021 Hi, I've managed to set up tailscale so I can access my unraid web UI from outside my home however I cannot then access the individual docker containers from here. Please can someone point me in the right direction for finding instructions on how to set this up? ThanksUnless you are doing something funky and giving Docker containers their own IP address it should just work. Are you using the IP address of the tailscale interface, and not the one you see in the console? The links in the console won’t work as they assume you are on the LAN. It’ll start 100.x.x.x. Sent from my iPhone using Tapatalk Quote Link to comment
dsmith44 Posted November 28, 2021 Author Share Posted November 28, 2021 (edited) 1.18.1 has been released and tagged as 1.18.1, 1.18 and latest. Edited November 28, 2021 by dsmith44 2 Quote Link to comment
blaine07 Posted December 1, 2021 Share Posted December 1, 2021 (edited) On 11/28/2021 at 3:15 PM, dsmith44 said: 1.18.1 has been released and tagged as 1.18.1, 1.18 and latest. Thank you, all the thanks! Has anyone ran into issues using more than "20 free" devices Tailscale limits too? Or is it unlimited since self-hosted? Would or is it possible to run a second instance of Tailscale on Unraid server? See refernced pic attached. Edited December 1, 2021 by blaine07 Quote Link to comment
dsmith44 Posted December 2, 2021 Author Share Posted December 2, 2021 Thank you, all the thanks! Has anyone ran into issues using more than "20 free" devices Tailscale limits too? Or is it unlimited since self-hosted? Would or is it possible to run a second instance of Tailscale on Unraid server? See refernced pic attached. I don’t think you can use more than 20 devices without a separate account, and therefore network. You aren’t self hosting either as all the clever stuff is in their cloud. This is just an end point. Running another instance on the same server would therefore be pointless. I think they do have a free multi user as well, I’ve just noticed, bottom of this page. https://tailscale.com/pricing/ 1 Quote Link to comment
FoxyNC Posted December 2, 2021 Share Posted December 2, 2021 2 hours ago, dsmith44 said: I think they do have a free multi user as well, I’ve just noticed, bottom of this page. https://tailscale.com/pricing/ I couldn't find that information but I saw you can share a device with your Tailscale network to another user. That user will only have access to that specific device you shared. And that works with the personal free plan. 1 Quote Link to comment
maha Posted December 9, 2021 Share Posted December 9, 2021 On 4/17/2020 at 9:11 AM, Ragemachinest said: Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set to "bridge". I went in to the console for the Tailscale docker container and ran the following (my home network is 192.168.1.0/24 - change this to match your network): tailscale up --advertise-routes=192.168.1.0/24 After running this, I logged in to the Tailscale admin portal at https://login.tailscale.com/admin/machines and for my unraid box clicked the ... on the menu on the far right and click "Enable subnet routes" Back in the docker console I ran: vi /etc/sysctl.d/00-alpine.conf I added a line: net.ipv4.ip_forward=1 then saved the file. I ran the command: echo 0 | tee /proc/sys/net/ipv4/conf/tailscale0/rp_filter I ran the command: iptables -t nat -A POSTROUTING -j MASQUERADE I could then hit my internal IPs from an iPhone on LTE e.g. http://192.168.1.145 let me hit my IP cams web interface I rebooted and the settings persisted, so it seems to be a permanent setup now. Trying to do the same as in the quoted posted. But i'm getting this in the console? what am i doing wrong? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.