dsmith44 Posted May 23, 2020 Author Share Posted May 23, 2020 On 5/19/2020 at 7:22 PM, fserb said: I'm pretty sure there's an issue with Tailscale's iptables rules and Unraid's docker iptables. I've also tried using tailscale tip of tree, but no success there either. Someone who understands Unraid iptables better would have an easier time with this. dsmith, I have a suggestion for your docker-entrypoint.sh. Replace the bottom lines with: (sleep 10; tailscape up) & exec tailscaled --state=/state/tailscaled.state it's much nicer than your current while loop. I don't know what people have against the poor venerable while loop 😎, but I have changed to use a 'sleep infinity' instead which is slightly cleaner. Whilst your method will work, and is elegant, it's less 'obvious' about ordering, so I think I'll leave that alone. Quote Link to comment
ghulican Posted May 24, 2020 Share Posted May 24, 2020 (edited) Question... not sure if this is the right place to ask this. I have 2 Ethernet ports on my server. Eth1 is 10.0.0.8 (local traffic) Eth2 is running 10.1.0.5 (internet) do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1. This is kinda what I am aiming for: Edited May 24, 2020 by ghulican Quote Link to comment
dsmith44 Posted May 24, 2020 Author Share Posted May 24, 2020 5 hours ago, ghulican said: Question... not sure if this is the right place to ask this. I have 2 Ethernet ports on my server. Eth1 is 10.0.0.8 (local traffic) Eth2 is running 10.1.0.5 (internet) do you know a way I can use TailScale to work on Eth 2, but access docker containers I have on Eth1 network? I am trying to use InfluxDB to receive info from different endpoints through port 8086 on Eth1, but run Tailscale through the internet on Eth2 and allow port 8086 on Eth1. This is kinda what I am aiming for: If the influx container is only listening on the ETH1 ip address, bridge mode, then I'm afraid this container probably isn't going to work for you. This will only allow you to access containers that listen on the tailscale interface ip address itself, not eth1, eth2 or any other interfaces. It is not providing a gateway to 'other networks' just exposing the Unraid server itself to tailscale.'other networks' in this context means absolutely anything that isn't the IP address of the tailscale interface. If you can make influxDB also bind to the tailscale interface then it will work. I'm not keen on trying to turn this into a VPN gateway solution, nor am I sure that's even possible with a docker container rather than a plugin. Quote Link to comment
yitzi Posted May 25, 2020 Share Posted May 25, 2020 Hey, great work here! Does anyone know how to change hostname? Not sure where I'd add the extra parameters. Thanks! Quote Link to comment
fserb Posted May 25, 2020 Share Posted May 25, 2020 4 minutes ago, yitzi said: Hey, great work here! Does anyone know how to change hostname? Not sure where I'd add the extra parameters. Thanks! Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want. 1 Quote Link to comment
yitzi Posted May 25, 2020 Share Posted May 25, 2020 3 minutes ago, fserb said: Go on the container Edit page, on the top right, press on "basic view" (to switch to advanced). Find the "Extra Parameters" field. Either add or edit the `--hostname` to use the hostname you want. Thanks!! That basic switch gets me sometimes. Quote Link to comment
ghulican Posted June 3, 2020 Share Posted June 3, 2020 Do you know a way that we can use the ACL tags? I know this is a beta feature, but I assume it will be the same in prod? https://tailscale.com/kb/1068/acl-tags Quote Link to comment
dsmith44 Posted June 5, 2020 Author Share Posted June 5, 2020 On 6/3/2020 at 4:46 PM, ghulican said: Do you know a way that we can use the ACL tags? I know this is a beta feature, but I assume it will be the same in prod? https://tailscale.com/kb/1068/acl-tags I believe ACL support is only available in the paid version, which I do not have, nor have a need for. As such I am not planning to look at ACLs. Sorry. Quote Link to comment
tillkrueger Posted June 7, 2020 Share Posted June 7, 2020 After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker. So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard. Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure). Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured? Quote Link to comment
dsmith44 Posted June 7, 2020 Author Share Posted June 7, 2020 2 hours ago, tillkrueger said: After ZeroTier stopped working for me for some reason, I was advised to try your Tailscale Docker. So I installed the Tailscale Docker, got the network ID via Ragemachinest instructions and registered it via the link in the console, and now see it in my Tailscale Dashboard. Then installed Tailscale on my MBP. Still no sight of my unRAID system in my Network, though. Maybe I will first need to register my MBP with my Tailscale account as well? I don't see it in my Dashboard. Maybe I don't correctly understand the purpose of Tailscale, but since it was recommended to me as an alternative to ZeroTier, which after first configured showed my unRAID system in my Finder Network, I thought that Tailscale will also server this purpose (amongst other much more lower-level functions, I am sure). Am I misunderstanding what this Docker allows me to do? If the main function I want is to implement unRAID in my local network via the Finder Network *and* get to the unRAID webUI, will this work when correctly configured? Looking at the Zerotier docker post that links here it looks like you got connectivity working, you can connect by IP to your unraid server's tailscale address. I do not believe that tailscale support multicast or broadcast traffic, so there won't be any way to get Bonjour working and have your Unraid appear as a browsable machine. Quote Link to comment
tillkrueger Posted June 7, 2020 Share Posted June 7, 2020 Ok, I guess I can’t have it all with this, but I am glad to have an easier method to administer and connect to my unRAID by means of your Docker.Thank you!Sent from my iPhone using Tapatalk Quote Link to comment
dsmith44 Posted October 19, 2020 Author Share Posted October 19, 2020 A couple of updates. I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate. Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this. Secondly I've merged in support for passing flags to tailscale. If you want to use this define a variable UP_FLAGS. These will be appended to the command that invokes tailscale. Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like. Thanks to @shayne for this. Dean Quote Link to comment
Alexstrasza Posted March 18, 2021 Share Posted March 18, 2021 On 10/19/2020 at 6:30 PM, dsmith44 said: A couple of updates. I have changed the template to pull latest rather than versioned builds, tailscale itself is developing more slowly now so this feels appropriate. Please change the 'Repository' to deasmi/unraid-tailscale:latest to use this. Secondly I've merged in support for passing flags to tailscale. If you want to use this define a variable UP_FLAGS. These will be appended to the command that invokes tailscale. Please note if you are using UP_FLAGS I cannot provide support until it is removed, but I recognise some people may want to try subnet routing and the like. Thanks to @shayne for this. Dean Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point). Quote Link to comment
Alexstrasza Posted March 18, 2021 Share Posted March 18, 2021 (edited) Also, please can you see if it's possible to support https://tailscale.com/kb/1103/exit-nodes? If I try to enable it, it informs me that IP forwarding is disabled and directs me to https://tailscale.com/kb/1104/enable-ip-forwarding. Thanks for the container 🐳❤️! EDIT: Huh, in actual testing it seems to work fine...? Tailscale bug perhaps? Edited March 18, 2021 by Alexstrasza Quote Link to comment
dsmith44 Posted March 23, 2021 Author Share Posted March 23, 2021 On 3/18/2021 at 11:14 PM, Alexstrasza said: Hi Dean, can you double check the template is set to use :latest? I did a fresh install from community apps today and it defaulted to a versioned tag (which is quite out of date at this point). I have no idea why you are seeing this, the repo with the template in has clear latest tag. I've just done a clean install and got latest tag. Can you totally remove the image and try? Latest tag in dockerhub tag is 1.6.0 - https://hub.docker.com/layers/deasmi/unraid-tailscale/latest/images/sha256-89c29de3e44120014a41b9399c09a97732794527b0aff5cc3fcd1d8bb28abd6d?context=repo Quote Link to comment
Alexstrasza Posted March 23, 2021 Share Posted March 23, 2021 (edited) On 3/23/2021 at 9:46 AM, dsmith44 said: Can you totally remove the image and try? On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅? Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning. UPDATE: This turned out to be because I had IPv6 forwarding off on my host. Edited April 27, 2021 by Alexstrasza Explain reason for error Quote Link to comment
bheast Posted April 27, 2021 Share Posted April 27, 2021 Quote Where can I find a setup guide for this? Also, do you need to download wireguard as well? Quote Link to comment
Fillwe Posted April 28, 2021 Share Posted April 28, 2021 On 3/23/2021 at 5:34 PM, Alexstrasza said: On a fresh reinstall I can confirm the template picked up had :latest, so I have no idea why I got an old 2020 build when I first downloaded. My best guess is some cursed CA caching or something, but it doesn't seem to be happening any more so I guess it's fixed 😅? Did you have a chance to look into the warning about exit nodes I mentioned above? I'm definitely still getting this on the container vs my Raspberry Pi, but the subnet and exit route features are 100% working, so I'm not sure the cause for the warning. UPDATE: This turned out to be because I had IPv6 forwarding off on my host. I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working? Quote Link to comment
Alexstrasza Posted April 29, 2021 Share Posted April 29, 2021 (edited) 15 hours ago, Fillwe said: I've been trying to get subnet relay to work, have added a flag with --advertise-routes=192.168.5.0/24 (This is the subnet my unraid box is on). And it shows up in the tailscale dashboard, but after i have enabled it i can't ping any of my devices on that subnet. Did you have to change any other settings in Unraid to get it working? It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/ Edited April 29, 2021 by Alexstrasza Quote Link to comment
Fillwe Posted April 29, 2021 Share Posted April 29, 2021 (edited) 10 hours ago, Alexstrasza said: It should just work, because I believe UnRaid IPv4 forwarding is on by default (it did and was for me). Try double checking with https://tailscale.com/kb/1104/enable-ip-forwarding/ Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow? I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation. If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears! Edited April 29, 2021 by Fillwe Quote Link to comment
Alexstrasza Posted April 30, 2021 Share Posted April 30, 2021 12 hours ago, Fillwe said: Yeah sorry never mind, it was working without any further configuration. I can reach other devices on the subnet and my containers running as bridge/host. But as soon as I turn on the subnet routing I can’t seem to be able the reach my Pi-Hole container. It’s configured with its own ip on that subnet. But I suspect it clashes somehow? I have another network card on the way though which I was planning on using mostly for the Pihole container. Hopefully that might help the situation. If anybody else has gotten Pi-Hole and this container to work when both are hosted on Unraid, I’m all ears! This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works! 1 Quote Link to comment
Fillwe Posted May 1, 2021 Share Posted May 1, 2021 (edited) On 4/30/2021 at 1:43 PM, Alexstrasza said: This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works! Ah i see, yes that worked! Thank you so much for the help!:-) Edited May 1, 2021 by Fillwe Quote Link to comment
Alexstrasza Posted May 1, 2021 Share Posted May 1, 2021 2 minutes ago, Fillwe said: Ah i see, yes that worked! Thank you so much for the help!:-) No problem, glad it was that setting and not something more messy! Quote Link to comment
captainfeeny Posted May 9, 2021 Share Posted May 9, 2021 On 4/30/2021 at 1:43 PM, Alexstrasza said: This is probably due to the fact that Docker containers are prevented from talking to the host by default. So the traffic will be trying to do this: You -> Tailscale tunnel -> Tailscale Docker on Unraid Host -x> Pihole container Before it was doing this: You -> LAN -> Directly in the network interface of the Unraid host and routed to the PiHole To fix, try going to Settings -> Docker and changing "Host access to custom networks" to "Enabled". You'll have to temporarily disable Docker to do this and then restart it. Let me know if that works! This helped me too, thanks! Maybe it should be added to the instructions? 1 Quote Link to comment
eric.frederich Posted May 18, 2021 Share Posted May 18, 2021 I currently have WireGuard working with UnRaid via the Dynamix WireGuard plugin. What do I need to do if I want to try out this TailScale? Can both run at the same time or do I need to uninstall the WireGuard plugin? I only have two clients, so I don't care if they're lost. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.