[Support] Tailscale Support Thread


Recommended Posts

On 8/18/2022 at 6:59 PM, diehardbattery said:

Apologies if this has been asked, but I just setup tailscale, and I can't access anything.  Since I also use pihole, I followed these directions.  My pihole DNS points to my opnsense router running unbound.  I'm not sure if unbound is interfering, but I don't know how to check.  Any help would be appreciated.

What do you mean by 'I can't access anytbing'?

Can you ping the IP address of the unraid box over tailscale ( the 100.x.x.x adress ) ?

Link to comment
  • 3 weeks later...

I have two Unraid machines, both with Tailscale installed.  I can connect to the Unraid GUI from either location to the other using the Tailscale IP address.  I am trying to add a Remote NFS Share with no luck.  I put in the Tailscale IP and hit Search for Servers but it only returns the Unraid machine I am on, not the remote machine with the Share on it...  I know the Tailscale docker is working fine, just don't know if I have missed a setting or UP flag, etc... that might allow this to work.  Thx!

Link to comment
2 hours ago, RyanRoberts210 said:

I have two Unraid machines, both with Tailscale installed.  I can connect to the Unraid GUI from either location to the other using the Tailscale IP address.  I am trying to add a Remote NFS Share with no luck.  I put in the Tailscale IP and hit Search for Servers but it only returns the Unraid machine I am on, not the remote machine with the Share on it...  I know the Tailscale docker is working fine, just don't know if I have missed a setting or UP flag, etc... that might allow this to work.  Thx!

Not sure you can achieve it that way since Tailscale creates a tunnel from the container itself, not the host... but I can be wrong.

 

I guess you'll have more chance using the VPN Manager integrated into the last versions of Unraid.

Link to comment
On 9/19/2022 at 8:09 PM, FoxyNC said:

Not sure you can achieve it that way since Tailscale creates a tunnel from the container itself, not the host... but I can be wrong.

 

I guess you'll have more chance using the VPN Manager integrated into the last versions of Unraid.

 

That's not quite true. The tailscale daemon runs in the container, but as the container is set to use host networking it's using the unraid network stack.

 

@RyanRoberts210 try using the tailscale ip addresses directly instead of discovery, that should work to my mind.

Link to comment

YO!
Got a strange issue with tailscale. I followed strictly the ibracorp tutorial.
I'm connected with my phone (Android / LTE) and the connection, even as an exit node, is totally fine since i can ping my unraid box and connect to services manually (see below)

 

Furthermore i have a domain on Ionos but lack with dyndns support, so i set up everything wia cloudflare and nginx (everything is working).

 

While connected with tailscale i can not just type www.domain.it and get redirected to my "mapped" service in nginx. I just get a timeout.

If i copy the tailscale ip, paste it in the browser and add the port i can access flawlessly.

 

 

I really don't know where the error is. Can someone point me out?

 

Thanks!

Edited by maxik
Link to comment
On 9/25/2022 at 4:45 PM, maxik said:

YO!
Got a strange issue with tailscale. I followed strictly the ibracorp tutorial.
I'm connected with my phone (Android / LTE) and the connection, even as an exit node, is totally fine since i can ping my unraid box and connect to services manually (see below)

 

Furthermore i have a domain on Ionos but lack with dyndns support, so i set up everything wia cloudflare and nginx (everything is working).

 

While connected with tailscale i can not just type www.domain.it and get redirected to my "mapped" service in nginx. I just get a timeout.

If i copy the tailscale ip, paste it in the browser and add the port i can access flawlessly.

 

 

I really don't know where the error is. Can someone point me out?

 

Thanks!

If you can connect with 100.x.x.x:port then tailscale is working, so not sure this is the right place to ask I'm afraid.

Link to comment
  • 4 weeks later...
  • 2 weeks later...
  • 2 weeks later...
  • 2 weeks later...

Has anyone tried to have Tailscale route it's traffic through a VPN container (e.g. --net=container:passthroughvpn)? You could then use Tailscale on unraid as an exit node. That way, all devices connected on Tailscale and using unraid as the exit node would be using a commercial VPN to connect to WAN. I have a current solution for this, but what I'm proposing here would be more elegant.

Link to comment
Has anyone tried to have Tailscale route it's traffic through a VPN container (e.g. --net=container:passthroughvpn)? You could then use Tailscale on unraid as an exit node. That way, all devices connected on Tailscale and using unraid as the exit node would be using a commercial VPN to connect to WAN. I have a current solution for this, but what I'm proposing here would be more elegant.

The purpose of this container is to allow access to unraid itself over tailscale and as such uses host based networking.

If you did manage to get this working you would be somewhat on your own.
  • Like 1
  • Thanks 1
Link to comment
On 11/24/2022 at 1:34 AM, ubermetroid said:

Good evening. I can't figure out how to get a https cert for my machine using this docker. Has anyone been able to figure this out?

 

Hi @ubermetroid@Cyborg

 

What are you trying to do here?

 

If you open a console to the docker container, and have enabled HTTPS certs and magic DNS in you tailnet it will issue a cert.

 

/app # ./tailscale  cert unraid.not-mine.ts.net
Wrote public cert to unraid.not-mine.ts.net.crt
Wrote private key to unraid.not-mine.ts.net.key
/app # 

 

What you are to do with this though I don't know, as it will just have unraid.not-mine.ts.net as a hostname.

If you tried to use this for unraid itself you will get errors if you ever connect to it without using the full tailscale address.

 

So while this works it's totally unsupported as has no sensible use case I can see.

Link to comment
5 hours ago, dsmith44 said:

 

Hi @ubermetroid@Cyborg

 

What are you trying to do here?

 

If you open a console to the docker container, and have enabled HTTPS certs and magic DNS in you tailnet it will issue a cert.

 

/app # ./tailscale  cert unraid.not-mine.ts.net
Wrote public cert to unraid.not-mine.ts.net.crt
Wrote private key to unraid.not-mine.ts.net.key
/app # 

 

What you are to do with this though I don't know, as it will just have unraid.not-mine.ts.net as a hostname.

If you tried to use this for unraid itself you will get errors if you ever connect to it without using the full tailscale address.

 

So while this works it's totally unsupported as has no sensible use case I can see.


My goal is to host Nextcloud and Bitwarden local and make it available by Tailscale for me and my invited friends/family. 

I thought that I could use the cert in a reverie proxy and activate the Tailscale app + reverse proxy, then use Nextcloud from a mobile with Tailscale? 

I get this: 
/app # ./tailscale  cert unraid.not-mine.ts.net
500 Internal Server Error: invalid domain "XXXXXXX.ts.net"; must be one of ["XXXXXX.ts.net" "XXXXXXXX.ts.net"]
/app # Wrote public cert to unraid.not-mine.ts.net.crt
sh: Wrote: not found
/app # Wrote private key to unraid.not-mine.ts.net.key
sh: Wrote: not found

Edited by Cyborg
Link to comment
  • 2 weeks later...

thanks for your work

 

** Note that this will expose your whole server into your tailscale VPN network **

 

can you elaborate more? do you only main it will expose it other devices connected to the same tailnet? this is my use case

 

or u meant beyond that? like if there is something i don't know about the security of tailscale (which i really don't know much about it)

Link to comment
18 hours ago, iEusKid said:

thanks for your work

 

** Note that this will expose your whole server into your tailscale VPN network **

 

can you elaborate more? do you only main it will expose it other devices connected to the same tailnet? this is my use case

 

or u meant beyond that? like if there is something i don't know about the security of tailscale (which i really don't know much about it)

 

This is really just making sure you understand this that isn’t just exposing the container to your tailnet, but rather your entire Unraid server.  That said, this should be expected in the way most, if not all, want tailscale to work on Unraid by installing this container anyways.

 

As long as you are following the default configuration of your tailnet, or your customizations to your ACL config is secure, you should be fine.

Link to comment

Thanks @dsmith44 for this container. Works great for my clients on my tailnet to access my Unraid server more securely when I’m not at home without worrying about wireguard or other clunky VPN setup!

 

I’ve got a 2 questions about something I”m trying to accomplish:

 

  1. I just got Tailscale SSH setup by going into the container command line, and running “/app/tailscale up --ssh”.  However, should I be running that by adding the “--ssh” command into the UP arguments of the container config to account for container restarts? Or is it sufficient that it’s done only once via command line and this will persist across container restarts?
  2. Larger problem related to #1, is that when I get Tailscale SSH running, if I SSH into my Unraid server, I”m actually connecting to the container itself instead of the Unraid host. Any way around this?  I want to eliminate all this SSH key management.  I think the only way to potentially do this is to figure out installing Tailscale natively into Unraid and not within a container?
  3. One thing I’d like to do is from the Unraid command line, to SSH into another server on my tailnet.  Is this possible?  Since tailscale is running within the container, the tailscale binary itself isn’t available to Unraid directly, so not sure if this is possible as I don’t think the tailscale magicDNS stuff is recognized at the Unraid level outside the container. 
Edited by tmchow
Link to comment
5 hours ago, tmchow said:

Thanks @dsmith44 for this container. Works great for my clients on my tailnet to access my Unraid server more securely when I’m not at home without worrying about wireguard or other clunky VPN setup!

 

I’ve got a 2 questions about something I”m trying to accomplish:

 

  1. I just got Tailscale SSH setup by going into the container command line, and running “/app/tailscale up --ssh”.  However, should I be running that by adding the “--ssh” command into the UP arguments of the container config to account for container restarts? Or is it sufficient that it’s done only once via command line and this will persist across container restarts?
  2. Larger problem related to #1, is that when I get Tailscale SSH running, if I SSH into my Unraid server, I”m actually connecting to the container itself instead of the Unraid host. Any way around this?  I want to eliminate all this SSH key management.  I think the only way to potentially do this is to figure out installing Tailscale natively into Unraid and not within a container?
  3. One thing I’d like to do is from the Unraid command line, to SSH into another server on my tailnet.  Is this possible?  Since tailscale is running within the container, the tailscale binary itself isn’t available to Unraid directly, so not sure if this is possible as I don’t think the tailscale magicDNS stuff is recognized at the Unraid level outside the container. 


Found answer to my own question:

https://gist.github.com/auth/github/callback?return_to=https://gist.github.com/shayne/25e194e068751e281937ef68edefb99b&browser_session_id=fd34397b87999ea789b8fe352a941bd934d618392aa50b2c010b21c5cc417eff&code=5e94e3bb523a98b3e868&state=64cadd3d745b45ef88123c51d63a6fa2cf87cda1cb9c517d93b4d6768ab1462a

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.