dsmith44 Posted December 22, 2022 Author Share Posted December 22, 2022 19 hours ago, tmchow said: Found answer to my own question: https://gist.github.com/auth/github/callback?return_to=https://gist.github.com/shayne/25e194e068751e281937ef68edefb99b&browser_session_id=fd34397b87999ea789b8fe352a941bd934d618392aa50b2c010b21c5cc417eff&code=5e94e3bb523a98b3e868&state=64cadd3d745b45ef88123c51d63a6fa2cf87cda1cb9c517d93b4d6768ab1462a If you don't use Tailscale ssh then you will connect to the host and not the container, as the container is running in host networking mode. This is how I run it, so I can just ssh to my unraid server using the tailscale ip address. Quote Link to comment
dsmith44 Posted December 22, 2022 Author Share Posted December 22, 2022 On 12/11/2022 at 10:05 PM, Cyborg said: My goal is to host Nextcloud and Bitwarden local and make it available by Tailscale for me and my invited friends/family. I thought that I could use the cert in a reverie proxy and activate the Tailscale app + reverse proxy, then use Nextcloud from a mobile with Tailscale? I get this: /app # ./tailscale cert unraid.not-mine.ts.net 500 Internal Server Error: invalid domain "XXXXXXX.ts.net"; must be one of ["XXXXXX.ts.net" "XXXXXXXX.ts.net"] /app # Wrote public cert to unraid.not-mine.ts.net.crt sh: Wrote: not found /app # Wrote private key to unraid.not-mine.ts.net.key sh: Wrote: not found The domain must be the one you setup in the tailscale admin portal, under DNS->Tailnet name. Nothing else will work. Quote Link to comment
dsmith44 Posted December 22, 2022 Author Share Posted December 22, 2022 On 12/21/2022 at 6:39 PM, tmchow said: This is really just making sure you understand this that isn’t just exposing the container to your tailnet, but rather your entire Unraid server. That said, this should be expected in the way most, if not all, want tailscale to work on Unraid by installing this container anyways. As long as you are following the default configuration of your tailnet, or your customizations to your ACL config is secure, you should be fine. That's spot on. Security will be down to the ACLs you have setup in tailscale, which I think by default is any<>any, but doesn't have to be. This is a bit of a rabbit hole though, and not something we can really provide support on here. Tailscale ACL documentation Quote Link to comment
dsmith44 Posted December 22, 2022 Author Share Posted December 22, 2022 Latest = 1.34.1 = 1.34 Quote Link to comment
Oublieux Posted December 24, 2022 Share Posted December 24, 2022 (edited) On 11/23/2021 at 4:45 PM, dsmith44 said: Unless you are doing something funky and giving Docker containers their own IP address it should just work. Are you using the IP address of the tailscale interface, and not the one you see in the console? The links in the console won’t work as they assume you are on the LAN. It’ll start 100.x.x.x. If I am doing this funky thing and giving Docker containers their own IP address via the Unraid br0 network... is there a way I can still use Tailscale and access the Docker containers remotely? Edited December 24, 2022 by Oublieux Quote Link to comment
tmchow Posted December 24, 2022 Share Posted December 24, 2022 25 minutes ago, Oublieux said: If I am doing this funky thing and giving Docker containers their own IP address via the Unraid br0 network... is there a way I can still use Tailscale and access the Docker containers remotely? can you just access them via the unraid server’s iP with the port number mapped to the container? Quote Link to comment
dsmith44 Posted December 24, 2022 Author Share Posted December 24, 2022 If I am doing this funky thing and giving Docker containers their own IP address via the Unraid br0 network... is there a way I can still use Tailscale and access the Docker containers remotely?You are into advanced and unsupported, but if you add —advertise-routes= to the command line you will be acting as a router, then **probably**. Quote Link to comment
Jeryd Posted December 25, 2022 Share Posted December 25, 2022 On 12/11/2022 at 8:16 AM, dsmith44 said: Hi @ubermetroid & @Cyborg What are you trying to do here? If you open a console to the docker container, and have enabled HTTPS certs and magic DNS in you tailnet it will issue a cert. /app # ./tailscale cert unraid.not-mine.ts.net Wrote public cert to unraid.not-mine.ts.net.crt Wrote private key to unraid.not-mine.ts.net.key /app # What you are to do with this though I don't know, as it will just have unraid.not-mine.ts.net as a hostname. If you tried to use this for unraid itself you will get errors if you ever connect to it without using the full tailscale address. So while this works it's totally unsupported as has no sensible use case I can see. Interesting. I don't know why I could not get it to work before, but I got the public cert now. I'm trying to make it so I can connect to https:// (vs just http) and use a valid certificate. Quote Link to comment
Ustrombase Posted December 30, 2022 Share Posted December 30, 2022 Hi guys i read all the pages on this thread and I see 1 comment that says the SSL is fixed. Was this referring to using the myunraid.net SSL cert that the Limetech guys provide to us? i have 2 unRAID servers that have the https set to strict which issues out a TLS cert. I know when I visit http://<my server ip> it redirect to a myunraid.net url and on my pfsense box I had to add a private domain in the DNS resolved to make it work. However with this container when I visit the Tailscale IP it redirects to the myunraid url but it leads me nowhere. the only way it works is because I also have my pfsense box on the tail net and I have subnet routing setup so since my pfsense box runs on the same vlan as my unRAID it works but on my 2nd unRAID box it doesn’t as I don’t have my pfsense box advertising the vlan where my 2nd unRAID box lives in. is there a setup to make this work or do I have to resort to not using https strict in the unRAID networking settings? Quote Link to comment
plantsandbinary Posted January 2, 2023 Share Posted January 2, 2023 Can someone help with this? I am running the container in "host" mode so there should not be any port-forwarding needed? Yet I am getting these complaints in the logs: 2023/01/02 10:48:55 portmapper: failed to get PCP mapping: PCP response not ok, code 8 2023/01/02 10:48:55 magicsock: endpoints changed: 85.xxx.xxx.249:57588 (stun), [2001:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:f0e5]:51047 (stun), 172.17.0.1:54030 (local), 172.18.0.1:54030 (local), 192.168.1.50:54030 (local), [2001:999:484:47a3::19a]:54030 (local), [2001:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:2428]:54030 (local), [2001xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:f0e5]:54030 (local) 2023/01/02 10:48:55 portmapper: failed to get PCP mapping: PCP response not ok, code 8 2023/01/02 10:48:55 portmapper: PMP probe failed due result code: {OpCode:128 ResultCode:NetworkFailure SecondsSinceEpoch:2830 MappingValidSeconds:0 InternalPort:0 ExternalPort:0 PublicAddr:0.0.0.0} How do I fix this? Quote Link to comment
Trian1618 Posted January 6, 2023 Share Posted January 6, 2023 hi, i have Tailscale docker installed, i want to change the account i use in first place, how i logout/login? I know, noob question 😅 Quote Link to comment
nry320i Posted January 14, 2023 Share Posted January 14, 2023 How can I run the command tailscale cert in order to enable HTTPS according to https://tailscale.com/kb/1153/enabling-https/ I have tried running the above command inside the unRAID tailscale docker container, after enabling MagicDNS and HTTPS from inside the settings of my tailscale account but I'm not able to run the command from inside of docker. I'm using the option to click on the running container in UnRAID and open a console and then I try to run: /app # tailscale cert sh: tailscale: not found Do I need to SSH into the container and then run the command? If so how do I SSH into the container? Any help is very much appreciated! Quote Link to comment
Luca Vignati Posted January 17, 2023 Share Posted January 17, 2023 On 1/14/2023 at 3:57 AM, nry320i said: How can I run the command tailscale cert in order to enable HTTPS according to https://tailscale.com/kb/1153/enabling-https/ I have tried running the above command inside the unRAID tailscale docker container, after enabling MagicDNS and HTTPS from inside the settings of my tailscale account but I'm not able to run the command from inside of docker. I'm using the option to click on the running container in UnRAID and open a console and then I try to run: /app # tailscale cert sh: tailscale: not found Do I need to SSH into the container and then run the command? If so how do I SSH into the container? Any help is very much appreciated! Try: ./tailscale cert From what I can see, Tailscale is not installed "systemwide" inside this docker, instead there is the tailscale binary in the /app folder. For this reason, you need to prepone "./" before the name of the program, to tell the shell to run the program found in the current folder instead of looking for it inside the folders listed in the PATH environment variable. Quote Link to comment
nry320i Posted January 17, 2023 Share Posted January 17, 2023 44 minutes ago, Luca Vignati said: Try: ./tailscale cert From what I can see, Tailscale is not installed "systemwide" inside this docker, instead there is the tailscale binary in the /app folder. For this reason, you need to prepone "./" before the name of the program, to tell the shell to run the program found in the current folder instead of looking for it inside the folders listed in the PATH environment variable. That worked thanks! ./ makes sense now that I think about it because ./ is used in Linux to run a locally executable file. Quote Link to comment
karldonteljames Posted January 22, 2023 Share Posted January 22, 2023 (edited) Hi, I’ve setup Tailscale on my unraid server and I’m also running the Up_flags: --advertise-ex-route --advertise-routes=HomeVlan,IoTVlan I’ve enabled the routes and the exit node in the admin console. I’ve also installed Tailscale on my laptop. From my laptop (remotely) I can get to physical devices on my ‘IoTvlan’ and my 'HomeVlan' however I’m not able to access any of the docker containers running in unraid on the either of the vlans. e.g from my laptop I can access my smart switches directly, but I’m not able to access HomeAssistant or Sonarr / Radarr etc. Each of my docker containers are assigned their own IP address on interface either br0 (safe vlan), or br0.12, my IoT vlan) - Locally this works with no issues. I use individual ip's on each of the dockers so that I can use port forwarding and firewall rules on my UDMP accordingly. I’ve tried: Assigning Tailscale it’s own ip in both vlans (one at a time) Running Tailscale as Bridge and hosts (Both of the options above throw a warning about IPv6 routing not working - despite being able to access physical device.) I’ve enabled host device has access to custom networks. I've ensured that the subnets are enabled in tailscale admin. I've enabled the exit route on the remote device. From the tailscale docker container console I’m able to ping all of the containers and physical devices on both vlan's by their IP addresses with no issues, from the connected clients I can ping other devices on the two subnets / vlands, but none of the docker containers. I assume that any traffic coming from the tailscale network will appear to be coming from the unraid server if being looked at internally (i.e. from the perspective of the UDMP); so I do not believe this is a UDMP/Firewall issue. I’m now out of ideas. - Can anyone advise how I might be able to fix this please? Thank you. Edited January 23, 2023 by karldonteljames Missing key information. Quote Link to comment
coasterman Posted January 23, 2023 Share Posted January 23, 2023 I have tailscale instal;ed and all working on various clients but a side effect my remote Plex users can no longer access my Plex server content. Plex and Tailscale are bothe installed on 'host' network Is there any way to make Plex an exception so Plex would be accessible as before? Willing to dig into this if anyone can give me some basic instructions to get me started Quote Link to comment
karldonteljames Posted January 28, 2023 Share Posted January 28, 2023 On 1/23/2023 at 5:36 PM, coasterman said: I have tailscale instal;ed and all working on various clients but a side effect my remote Plex users can no longer access my Plex server content. Plex and Tailscale are bothe installed on 'host' network Is there any way to make Plex an exception so Plex would be accessible as before? Willing to dig into this if anyone can give me some basic instructions to get me started I think this is similar to the issue i have above. Quote Link to comment
karldonteljames Posted February 2, 2023 Share Posted February 2, 2023 Is there no solution or support to this particular issue? Quote Link to comment
dsmith44 Posted February 2, 2023 Author Share Posted February 2, 2023 (edited) 3 hours ago, karldonteljames said: Is there no solution or support to this particular issue? Ok, anything to do with advertise routes is specifically unsupported. It's custom networking, and at that point you need the tailscale forums, not unraid. I've added some more info to the front page to make this clear. However on the plex front I'm not even sure what you are saying exactly. Are you saying with a vanilla tailscale setup, no routes, no extra flags, when tailscale is running remote users can't use plex ? They wouldn't be going over tailscale in this instance anyway. Mine works completly fine in this situation, so if your install isn't we can try and debug that, but not with routes, sorry. Edited February 2, 2023 by dsmith44 Quote Link to comment
karldonteljames Posted February 3, 2023 Share Posted February 3, 2023 Yes I am using routes, but i'm not having issues with plex. My issue is the inability to access ANY docker images via their ip address, but I CAN access other physical devices on the network. (As outlined above on the 22nd January) The issue I am having seems to be very similar to the one posted after with the plex issue and being able access docker images. Quote Link to comment
dsmith44 Posted February 3, 2023 Author Share Posted February 3, 2023 2 hours ago, karldonteljames said: Yes I am using routes, but i'm not having issues with plex. My issue is the inability to access ANY docker images via their ip address, but I CAN access other physical devices on the network. (As outlined above on the 22nd January) The issue I am having seems to be very similar to the one posted after with the plex issue and being able access docker images. If you want to use routes, and get onto you network, I can only advise not using unraid as the place to run tailscale, put it on your firewall or even a raspberry pi. It's not the inteded use. If someone wanted to add tailscale network vpn to unraid, should be in a plugin, not a container. Running a vpn endpoint, inside a docker container, on a NAS, is asking for trouble/complexity. I would connect to the console of the tailscale docker, and see if you can ping the other thing, if you can't this isn't a tailscale issue, it's a docker networking issue. This may also be a place to start to get it running outside of docker. https://gist.github.com/shayne/25e194e068751e281937ef68edefb99b Quote Link to comment
dsmith44 Posted February 3, 2023 Author Share Posted February 3, 2023 4 hours ago, dsmith44 said: If you want to use routes, and get onto you network, I can only advise not using unraid as the place to run tailscale, put it on your firewall or even a raspberry pi. It's not the inteded use. If someone wanted to add tailscale network vpn to unraid, should be in a plugin, not a container. Running a vpn endpoint, inside a docker container, on a NAS, is asking for trouble/complexity. I would connect to the console of the tailscale docker, and see if you can ping the other thing, if you can't this isn't a tailscale issue, it's a docker networking issue. This may also be a place to start to get it running outside of docker. https://gist.github.com/shayne/25e194e068751e281937ef68edefb99b Last follow up on this, I connected to the console of my tailscale docker container and tried to ping another container that I have with a static ip address on my lan. I cannot ping this, and so there is no hope of tailscale being able to route traffic to it. I think the reason for this is:- arp packets will be sent onto the ethernet from tailscale to get the mac address of the host with the ip addres, these arp packets will hit your ethernet switch, where it will broadcast them to all ports, except will not send them back the way they came and so the docker container never sees them, and doesn't respond. So the tailscale docker never sees an arp response, so can't send the packet to the right mac address, so cannot connect to it. As I said, this isn't supported, and in fact cannot ever work now I've thought about it. Quote Link to comment
dsmith44 Posted February 3, 2023 Author Share Posted February 3, 2023 For those that would like it you can pull 1.36.(0), I will tag latest in a few weeks if there isn't a 1.36.1 1 Quote Link to comment
sammyxd98 Posted February 5, 2023 Share Posted February 5, 2023 On 2/4/2023 at 4:54 AM, dsmith44 said: For those that would like it you can pull 1.36.(0), I will tag latest in a few weeks if there isn't a 1.36.1 how do i do that? Quote Link to comment
dsmith44 Posted February 7, 2023 Author Share Posted February 7, 2023 On 2/5/2023 at 8:36 AM, sammyxd98 said: how do i do that? You can change the version of any docker container you pull in the settings. Where it says deasmi/unraid-tailscale or deasmi/unraid-tailscale:latest change it to deasmi/unraid-tailscale:<VERSION> Note that you will not get updates if you do that without manually changing it again. Unless there is something in 1.36 you desperately need, and looking at the release notes I'm not sure what that could be, I would leave it alone and you'll get it after a few weeks anyway. 2 Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.