[Support] Tailscale Support Thread


Recommended Posts

Hello all. 

 

I'm trying to connect Frigate in my unraid server at home to my parents camera at my parents home.

 

I have Tailscale configured in my unraid server as a docker with working advertised routes. And I have a Raspbery pi with Tailscale at my parents home, also with working advertised routes. If I use my laptop with Tailscale i can connect to both networks from anywhere.

 

Sadly, Frigate can't connect to my parents camera using the advertised route. 

 

Should I also install tailscale inside Frigate Docker Container?? if so, how should I do it?, I just failed miserably to do so.

Link to comment
  • 2 weeks later...

Where are logs saved for this container? For some reason the connection between my two unraid servers keeps disconnecting and I want to find the moment that happens in the logs. Restarting the container fixes the problem but eventually i keep getting these.

2022/03/27 23:53:05 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=7s
2022/03/27 23:53:08 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=10s
2022/03/27 23:53:09 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=0s
2022/03/27 23:53:09 [RATELIMIT] format("open-conn-track: timeout opening %v to node %v; online=%v, lastRecv=%v")

Link to comment
On 2/9/2022 at 12:44 AM, dsmith44 said:


I think this shouldwork fine, but will need some command line stuff. I will investigate.


Sent from my iPad using Tapatalk

Hi

 

Were you able to get this working? 

 

I tried on the console:

 

./tailscale cert "unraid.###############.tailscale.net"

 

but I get the response:

 

unexpected output: no delimiter

 

Am I missing something simple, or could you please point me in the right direction?

 

Thanks

Link to comment
On 3/28/2022 at 1:49 AM, Viper-694 said:

Where are logs saved for this container? For some reason the connection between my two unraid servers keeps disconnecting and I want to find the moment that happens in the logs. Restarting the container fixes the problem but eventually i keep getting these.

2022/03/27 23:53:05 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=7s
2022/03/27 23:53:08 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=10s
2022/03/27 23:53:09 open-conn-track: timeout opening (TCP  => ) to node []; online=yes, lastRecv=0s
2022/03/27 23:53:09 [RATELIMIT] format("open-conn-track: timeout opening %v to node %v; online=%v, lastRecv=%v")

 

There is no logfile saved that I'm aware of, all logs go to stdout as per docker standard - so everything that's logged will be under the 'Logs' menu in unraid if you click on the container name.

Link to comment
On 3/28/2022 at 10:40 AM, hvddrift said:

Hi

 

Were you able to get this working? 

 

I tried on the console:

 

./tailscale cert "unraid.###############.tailscale.net"

 

but I get the response:

 

unexpected output: no delimiter

 

Am I missing something simple, or could you please point me in the right direction?

 

Thanks

I am getting the same thing I'm afraid.

 

I have filed a bug report, lets see what they say.

https://github.com/tailscale/tailscale/issues/4322

  • Like 1
Link to comment
15 hours ago, dsmith44 said:

 

There is no logfile saved that I'm aware of, all logs go to stdout as per docker standard - so everything that's logged will be under the 'Logs' menu in unraid if you click on the container name.

That explains why I couldn't find it. I did figure out the issue though. I was updating a few things that caused a short interruption in my internet connection and for what ever reason tailscale would fail to reconnect to my backup server. I quick restart of the container and everything has been fine since.

Link to comment
  • 2 weeks later...
  • 3 weeks later...
On 3/30/2022 at 7:56 AM, dsmith44 said:

I am getting the same thing I'm afraid.

 

I have filed a bug report, lets see what they say.

https://github.com/tailscale/tailscale/issues/4322

Seeing if this response on the github issue page may shed some light.

 

Quote

I don't remember what the issue was, and I'm using a different container-based setup, but I know I fixed it by setting both --state and --statedir. So if that's something that you can override, that might be a way to work around it.

 

Edited by hvddrift
Link to comment
On 4/25/2022 at 10:02 PM, dsmith44 said:


This is unfortunately a bug, I think, and is open with upstream.

https://github.com/tailscale/tailscale/issues/4322


Sent from my iPad using Tapatalk

 

I think the advice provided has fixed this, I see a key and crt file created, however am not sure how to use this feature.

 

Can someone who does please pull 

deasmi/unraid-tailscale:dev-1.24.2

and try it out. I'd like some people to check this before I promote to latest.

 

Thanks

  • Like 1
Link to comment

I set up this docker and it seems to work mostly fine with letting me connect to my server and it's dockers from anywhere, except seemingly for Plex. It would try to load but give me a could not connect error eventually.

 

I found out the only way to fix this was to set my unraid server up as a subnet router providing its own LAN address, then everything worked as it should.

 

I'm not sure why though Plex doesn't work without this change, and I'm concerned it won't let me share access to the Plex server to anyone else as according to tailscales documention, sharing quarantines the user into not having access to subnet routed devices.

 

Any insight into why this might be happening?

 

 

 

Link to comment
  • 3 weeks later...

I understand @dsmith44 that this is out of scope for the project and i'm not asking for this function to be supported by you :)

 

I'm trying to get access to my subnet and webgui while maintaining an HTTPS connection.

 

On 4/17/2020 at 7:11 PM, Ragemachinest said:

Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set to "bridge". I went in to the console for the Tailscale docker container and ran the following (my home network is 192.168.1.0/24 - change this to match your network):

tailscale up --advertise-routes=192.168.1.0/24

 

After running this, I logged in to the Tailscale admin portal at https://login.tailscale.com/admin/machines and for my unraid box clicked the ... on the menu on the far right and click "Enable subnet routes"

 

Back in the docker console I ran: vi /etc/sysctl.d/00-alpine.conf

I added a line: net.ipv4.ip_forward=1 then saved the file.

 

I ran the command: echo 0 | tee /proc/sys/net/ipv4/conf/tailscale0/rp_filter

 

I ran the command: iptables -t nat -A POSTROUTING -j MASQUERADE

 

I could then hit my internal IPs from an iPhone on LTE e.g. http://192.168.1.145 let me hit my IP cams web interface

 

I rebooted and the settings persisted, so it seems to be a permanent setup now.

 

 

I followed all these steps (My ISP also uses CGNAT). I am yet to be able to access the webGUI or local devices via tailscale. I can however, ping and make an SSH connection to the tailscale unraid server IP. I am currently using the provisioned TLS certification in the unraid Access Management console (set to auto) which is probably the issue. I'd like to keep my HTTPS enabled if there is a way. Do you have SSL/TLS enabled @Ragemachinest?

 

Has anyone figured out how to set up Tailscale with the Unraid TLS certification and provide access to the local subnet?

 

Thanks

Edited by wolfNZ
Link to comment

A quick update for people on two open issues.

 

Firstly the TSL certificate issues, this all seems happily fixed now.

 

I'm also happy to report that the download feature can now be used as well.

 

I will be pushing these features as latest tag as well as 1.24.2-downloads, as there is already a 1.24.2.

Latest now has this supported pease use that ongoing.

 

Please see instructions at the top of this thread.

 

@martial @hvddrift @plantsandbinary @Rocka374 @wolfNZ I think you were all looking for a soltion to the certificate issue, hope this helps.

@FoxyNC Your downloads can now work !

 

I'd also like to thank https://github.com/hugochinchilla for beta testing the downloads

Edited by dsmith44
  • Thanks 2
Link to comment
2 hours ago, JM2005 said:

What happened to your deasmi/unraid-tailscale docker in the unraid app store?   I just looked and its gone.

Thank you for spotting. 

 

With the XML changes needed for the new version I'd uploaded an invalid file. I'm hoping now fixed and will re-appear.

 

 

Link to comment
  • 2 weeks later...

Hello,

I just configured tailscale. It's very easy to use but i've a little problem when I want open gui  of a service...
Ie : My ip connection is 10.100.23.9:1234
I want to open my torrent docker (clicking  on gui link) but It doesn't go to 10.100.23.9:8080 but to 192.168.23.9:8080... So it's not ok.
If I type 10.100.23.9:8080 in my browser it's ok. How to fix it ?

Thanks.

Link to comment
10 hours ago, Auden69 said:

Hello,

I just configured tailscale. It's very easy to use but i've a little problem when I want open gui  of a service...
Ie : My ip connection is 10.100.23.9:1234
I want to open my torrent docker (clicking  on gui link) but It doesn't go to 10.100.23.9:8080 but to 192.168.23.9:8080... So it's not ok.
If I type 10.100.23.9:8080 in my browser it's ok. How to fix it ?

Thanks.

 

I am not entirely clear this is anything to do with tailscale, as the address of the server over tailscale is going to start 100.x.x.x not 10. or 192.

 

If you are running a container in bridge mode and it listens on port 8080 for example then you should be able to connect to http://100.x.x.x:8080 from any tailscale connected device.

Link to comment

I am on 1.24.2 and downloads aren't working correctly. I'll send something to Unraid server, Tailscale log shows receiving it, but the file is never in destination I pointed it to on Unraid Server. Any ideas?

673481142_ScreenShot2022-06-13at8_48_15PM.thumb.png.cbd743c9a86d2353bdf642f167e229ac.png

 

 

EDIT: Upgraded to 1.26.0 and all the files appeared; even the ones that weren't showing up earlier. It's like the upgrade forced them all to show up from hours ago today when I was mucking with it. ODD.

Edited by blaine07
Link to comment
2 hours ago, thewave said:

So I’ve recently discovered and installed Tailscale and it seems great, but I do have some concerns about security. It seems that if someone has access to my google account they now have ssh access to my entire unraid server.. is this not 

I would suggest creating a dedicated email address for this specific use. That would limit the risk.

In my case I use Microsoft authentication with 2FA when connecting to Tailscale so it's more secure.

You can do it with Google too.

Link to comment
7 hours ago, FoxyNC said:

I would suggest creating a dedicated email address for this specific use. That would limit the risk.

In my case I use Microsoft authentication with 2FA when connecting to Tailscale so it's more secure.

You can do it with Google too.

I use 2FA with my google account - how do I enable it for Tailscale?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.