[Support] Tailscale Support Thread


Recommended Posts

On 5/19/2020 at 7:22 PM, fserb said:

I'm pretty sure there's an issue with Tailscale's iptables rules and Unraid's docker iptables.

I've also tried using tailscale tip of tree, but no success there either.

Someone who understands Unraid iptables better would have an easier time with this.

 

dsmith, I have a suggestion for your docker-entrypoint.sh. Replace the bottom lines with:


(sleep 10; tailscape up) &

exec tailscaled --state=/state/tailscaled.state

it's much nicer than your current while loop. ;)

 

 

 

I don't know what people have against the poor venerable while loop 😎, but I have changed to use a 'sleep infinity' instead which is slightly cleaner.

 

Whilst your method will work, and is elegant, it's less 'obvious' about ordering, so I think I'll leave that alone.

 

 

 

 

Link to comment

Question... not sure if this is the right place to ask this. 

I have 2 Ethernet ports on my server. 
Eth1 is 10.0.0.8 (local traffic)

Eth2 is running 10.1.0.5 (internet)

 

do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? 
 

I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1.

 

This is kinda what I am aiming for: 

DXuhlCy.png

Edited by ghulican
Link to comment
5 hours ago, ghulican said:

Question... not sure if this is the right place to ask this. 

I have 2 Ethernet ports on my server. 
Eth1 is 10.0.0.8 (local traffic)

Eth2 is running 10.1.0.5 (internet)

 

do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? 
 

I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1.

 

This is kinda what I am aiming for: 

DXuhlCy.png

If the influx container is only listening on the ETH1 ip address, bridge mode, then I'm afraid this container probably isn't going to work for you.

 

This will only allow you to access containers that listen on the tailscale interface ip address itself, not eth1, eth2 or any other interfaces. It is not providing a gateway to 'other networks' just exposing the Unraid server itself to tailscale.'other networks' in this context means absolutely anything that isn't the IP address of the tailscale interface.

 

If you can make influxDB also bind to the tailscale interface then it will work.

 

I'm not keen on trying to turn this into a VPN gateway solution, nor am I sure that's even possible with a docker container rather than a plugin.

 

 

Link to comment
4 minutes ago, yitzi said:

Hey, great work here! Does anyone know how to change hostname? Not sure where I'd add the extra parameters. Thanks!

Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want.

  • Like 1
Link to comment
3 minutes ago, fserb said:

Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want.

Thanks!! That basic switch gets me sometimes.

Link to comment

After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker.

So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard.

Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure).

Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured?

Link to comment
2 hours ago, tillkrueger said:

After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker.

So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard.

Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure).

Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured?

Looking at the Zerotier docker post that links here it looks like you got connectivity working, you can connect by IP to your unraid server's tailscale address.

 

I do not believe that tailscale support multicast or broadcast traffic, so there won't be any way to get Bonjour working and have your Unraid appear as a browsable machine.

 

Link to comment
  • 4 months later...

A couple of updates.

 

I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate.

Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this.

 

Secondly I've merged in support for passing flags to tailscale. 

If you want to use this define a variable UP_FLAGS.

These will be appended to the command that invokes tailscale.

 

Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like.

Thanks to @shayne for this.

 

Dean

Link to comment
  • 2 weeks later...
On 10/19/2020 at 6:30 PM, dsmith44 said:

A couple of updates.

 

I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate.

Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this.

 

Secondly I've merged in support for passing flags to tailscale. 

If you want to use this define a variable UP_FLAGS.

These will be appended to the command that invokes tailscale.

 

Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like.

Thanks to @shayne for this.

 

Dean

 

Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point).

Link to comment

Also, please can you see if it's possible to support https://tailscale.com/kb/1103/exit-nodes? If I try to enable it, it informs me that IP forwarding is disabled and directs me to https://tailscale.com/kb/1104/enable-ip-forwarding. Thanks for the container 🐳❤️!

 

image.png.7871475e020febbf7426976a2cce698f.png

 

EDIT: Huh, in actual testing it seems to work fine...? Tailscale bug perhaps?

Edited by Alexstrasza
Link to comment
On 3/18/2021 at 11:14 PM, Alexstrasza said:

 

Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point).

 

I have no idea why you are seeing this, the repo with the template in has clear latest tag. I've just done a clean install and got latest tag. Can you totally remove the image and try?

 

Latest tag in dockerhub tag is 1.6.0 - https://hub.docker.com/layers/deasmi/unraid-tailscale/latest/images/sha256-89c29de3e44120014a41b9399c09a97732794527b0aff5cc3fcd1d8bb28abd6d?context=repo

 

Link to comment
On 3/23/2021 at 9:46 AM, dsmith44 said:

Can you totally remove the image and try?

 

On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅?

 

Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning.

 

UPDATE: This turned out to be because I had IPv6 forwarding off on my host.

 

image.png.cb345ec11f120f33c4d0bac674d700ec.png

Edited by Alexstrasza
Explain reason for error
Link to comment
  • 1 month later...
On 3/23/2021 at 5:34 PM, Alexstrasza said:

On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅?

 

Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning.

 

UPDATE: This turned out to be because I had IPv6 forwarding off on my host.

 

image.png.cb345ec11f120f33c4d0bac674d700ec.png

 

I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working?

 

Link to comment
15 hours ago, Fillwe said:

 

I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working?

 

 

It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/

Edited by Alexstrasza
Link to comment

 

10 hours ago, Alexstrasza said:

 

It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/

Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow?

 

I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation.

 

If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears!

Edited by Fillwe
Link to comment
12 hours ago, Fillwe said:

 

Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow?

 

I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation.

 

If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears!

 

This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this:

 

You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container

 

Before it was doing this:

 

You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole

 

To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it.

 

Let me know if that works!

  • Like 1
Link to comment
On 4/30/2021 at 1:43 PM, Alexstrasza said:

 

This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this:

 

You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container

 

Before it was doing this:

 

You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole

 

To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it.

 

Let me know if that works!

Ah i see, yes that worked! Thank you so much for the help!:-)

Edited by Fillwe
Link to comment
On 4/30/2021 at 1:43 PM, Alexstrasza said:

 

This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this:

 

You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container

 

Before it was doing this:

 

You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole

 

To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it.

 

Let me know if that works!

This helped me too, thanks! 

 

Maybe it should be added to the instructions?

  • Like 1
Link to comment
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.