[Support] Tailscale Support Thread


Recommended Posts

I am trying to make all devices on 3 different LANs on 3 different locations to be able to connect to each other via Tailscale. 2 location tailscale via this docker in unraid and another tailscale run over raspberry pi.

Successfully advertise routes for 3 different LAN Subnets, and if I am running Tailscale on my PC I am able to connect to all devices from 3 different LAN

Now what I would like to achieve is that for all devices under the 3 different LANs can connect to each other without running tailscale on the PC.
I have setup static route at my router to point to the LAN address of Unraid, I executed the command "tailscale up --accept-routes --advertise-routes=LOCAL LAN/24".

However, when I run tracert in windows, the connection stop at my local UNRAID IP and not being forwarded via Tailscale.

May I know what setting do I missed up at my local UNRAID server or tailscale docker to make the connection possible?

Edited by angyen
Link to comment
1 hour ago, angyen said:

I am trying to make all devices on 3 different LANs on 3 different locations to be able to connect to each other via Tailscale. 2 location tailscale via this docker in unraid and another tailscale run over raspberry pi.

Successfully advertise routes for 3 different LAN Subnets, and if I am running Tailscale on my PC I am able to connect to all devices from 3 different LAN

Now what I would like to achieve is that for all devices under the 3 different LANs can connect to each other without running tailscale on the PC.
I have setup static route at my router to point to the LAN address of Unraid, I executed the command "tailscale up --accept-routes --advertise-routes=LOCAL LAN/24".

However, when I run tracert in windows, the connection stop at my local UNRAID IP and not being forwarded via Tailscale.

May I know what setting do I missed up at my local UNRAID server or tailscale docker to make the connection possible?

 

This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale.

 

My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best.

 

Edit:

If I had to guess, check if ip_forwarding is enabled, do you have a

net.ipv4.ip_forward = 1

in /etc/sysctl.conf

 

But I've never tested a setup like this, so shooting blind.

 

 

Edited by dsmith44
Adding more info
Link to comment
2 minutes ago, dsmith44 said:

 

This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale.

 

My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best.

 

Thank you for the swift reply.

 

I have setup wireguard in these 2 unraid server but now my ISP is migrating all public IP to private IP, which is why I need to deploy Tailscale as my wireguard will cease to function once I no longer have a public IP.

 

Looks like I got to figure out another alternative way to install Tailscale, maybe through a VM under unraid.

Link to comment
16 minutes ago, dsmith44 said:

 

This container is just not designed for that, it is designed to provide access to your Unraid server over tailscale.

 

My 2p worth is that site to site VPNs are best setup on your firewall/router anyway, bouncing traffic off your router to another machine in the same subnet is always going to be painful at best.

 

Edit:

If I had to guess, check if ip_forwarding is enabled, do you have a

net.ipv4.ip_forward = 1

in /etc/sysctl.conf

 

But I've never tested a setup like this, so shooting blind.

 

 

 

Yes. the setting for unraid and docker both for net.ipv4_forward = 1 but still it doesn't work. 

Thank you for the suggestion. Truly appreciate that.

Link to comment
5 hours ago, angyen said:

Thank you for the swift reply.

 

I have setup wireguard in these 2 unraid server but now my ISP is migrating all public IP to private IP, which is why I need to deploy Tailscale as my wireguard will cease to function once I no longer have a public IP.

 

Looks like I got to figure out another alternative way to install Tailscale, maybe through a VM under unraid.

I just tried installing tailscale in debian VM with the --accept-routes command. while in the vm I can access to other LAN subnet, but when my router forward the route to by debian vm, the connection still not pass through and I can't connect to other LAN subnet. 

Tracert reveal that the connection broke at the debian VM.
Looks like there is a setting that needed to be done.

I got to study it futher. If anyone know what to change to make it work. Please let me know.

Thank you.

Link to comment

Everything was working well yesterday but now I can't connect to my server via Tailscale (IP or MagicDNS).

I have removed and reinstalled the Docker, cleared the appdata, and re-authed several times.

The Tailscale admin shows as connected (and disconnected when I turn off the container or reboot the host machine).

In the Docker logs there are a lot of IPV6 errors: 

2021/10/15 16:31:19 [unexpected] peerapi listen("REDACTED") error: listen tcp6 [REDACTED]:0: bind: cannot assign requested address



Docker Container: `latest` 1.14.6 (but tailscale admin shows 1.16.0 being the actual latest
Unraid version: 6.9.2 2021-04-07

Edit: Randomly started working again after just leaving it alone for an few hours.

Edited by Craig Dennis
Link to comment
On 10/15/2021 at 5:51 PM, Craig Dennis said:

Docker Container: `latest` 1.14.6 (but tailscale admin shows 1.16.0 being the actual latest
Unraid version: 6.9.2 2021-04-07
 

 

I tend to wait for 1.x.y where y > 1 before doing an update as the .0 releases tend to be buggy and have a release every other day.

 

 

Link to comment

Hi everyone,

I'm not sure this concern has been addressed here but I'm trying to understand the way Tailscale (docker/linux version) can automatically receive files from other devices.

From what I've experienced so far it seems I have to open the Console of the container and type the following command, EACH time I send a file to my Unraid/Tailscale server.

Seems to be a "confirmation" to allow receiving the file.

./tailscale file get .

Where "." can be any directory you’d like to copy files to

 

It's pretty annoying since I'd like to receive files without confirming each time with the above command.

Did you manage to do it?

 

FYI this behavior is not the same on Android and Windows devices as they both automatically accept the files.

On Android the files go to the /Download folder

On Windows the files go the your Desktop (at least if a session is opened)

 

 

Link to comment
Hi everyone,
I'm not sure this concern has been addressed here but I'm trying to understand the way Tailscale (docker/linux version) can automatically receive files from other devices.
From what I've experienced so far it seems I have to open the Console of the container and type the following command, EACH time I send a file to my Unraid/Tailscale server.
Seems to be a "confirmation" to allow receiving the file.
./tailscale file get .

Where "." can be any directory you’d like to copy files to
 
It's pretty annoying since I'd like to receive files without confirming each time with the above command.
Did you manage to do it?
 
FYI this behavior is not the same on Android and Windows devices as they both automatically accept the files.
On Android the files go to the /Download folder
On Windows the files go the your Desktop (at least if a session is opened)
 
 


I had no idea this was a thing, and it’s certainly not something that I’d be planning on testing while it’s in alpha.

If you are connected to tailscale you can just sftp to the server, or even connect to the actual shares?

The instructions for taildrop do also seem to indicate that you have to accept every file on Linux.
https://tailscale.com/kb/1106/taildrop/

If this changes at a later date when out of alpha/beta perhaps we’ll revisit.


Sent from my iPhone using Tapatalk
  • Like 1
Link to comment
11 hours ago, dsmith44 said:


I had no idea this was a thing, and it’s certainly not something that I’d be planning on testing while it’s in alpha.

If you are connected to tailscale you can just sftp to the server, or even connect to the actual shares?

The instructions for taildrop do also seem to indicate that you have to accept every file on Linux.
https://tailscale.com/kb/1106/taildrop/

If this changes at a later date when out of alpha/beta perhaps we’ll revisit.
 

 

@FoxyNC I had a bit more of a look at this today, and I can see why this would be useful but....

 

As they say themselves tailscale runs as root, so all files would be written as root if they allowed automatic downloads. It feels inherently a bad idea to allow files to drop with root ownership into a system, which is why you have to approve them currently I feel.

 

Hopefully they'll fix this and support a second userid for file uploads and add options to support that.

If/when that happens I'll take a look at this, as while ssh/sftp work fine from a PC/Mac that's not so useful form a mobile device, so I can see the use case here.

 

Edit: I'll keep and eye on this

https://github.com/tailscale/tailscale/issues/2312

Edited by dsmith44
  • Like 1
Link to comment
On 10/19/2021 at 10:19 AM, dsmith44 said:

1.16.0 has been pushed and latest tag updated accordingly.

After 17 days it seems we aren’t getting any 1.16.1 bug fixes.


Sent from my iPhone using Tapatalk

 

Shouldn't have said that should I..... 1.16.1 has dropped, pushed and latest updated.

Edited by dsmith44
  • Like 1
Link to comment

Quick question, I tried finding here but cant.  Is there a way to disable all the ipv6? Just want to prevent "spaming" of the logs :

 

2021/11/03 03:06:46 [unexpected] peerapi listen("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked") error: listen tcp6 [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked]:0: bind: cannot assign requested address

 

Link to comment
  • 2 weeks later...
On 11/3/2021 at 3:19 AM, Pducharme said:

Quick question, I tried finding here but cant.  Is there a way to disable all the ipv6? Just want to prevent "spaming" of the logs :

 

2021/11/03 03:06:46 [unexpected] peerapi listen("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked") error: listen tcp6 [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:masked:masked]:0: bind: cannot assign requested address

 

 

There isn't to my knowledge, due to what tailscale is trying to do. I think this is by design and there are no options to disable either protocol in the underlying software.

 

It will use any connection it can find to connect to the control plane, ipv4 or ipv6 and ideally both, so that when another host tries to connect it has the best chance of being able to connect.

 

The log lines are totally harmless.

 

Link to comment

Hello everyone.

 

Tailscale for unraid has become rather more popular than I ever imagined, when I started this it was in the great tradition of scratching my own itch, wanting to access my sever over tailscale.

 

Since then there have been over 250,000 downloads, there are tutorials on youtube, and increasing numbers of requests for new features and support.

 

So I think it might be time to open this up a little bit more and so I have a few asks.

 

Firstly, if you want a new feature, or think you have found a bug please don't post them here - or at least not only here, please create an issue on github if at all possile. https://github.com/deasmi/unraid-tailscale

 

Secondly I'm just one person and while this is a realatively simple thing, it's really just packaging tailscale, using it can get more complicated as new features are always being added. So if you'd like to get involved as a developer or tester for future things please let me know by sending me a DM along with how you'd like to help.

 

Thank you

 

Dean

  • Like 3
Link to comment
Hi, I've managed to set up tailscale so I can access my unraid web UI from outside my home however I cannot then access the individual docker containers from here.
Please can someone point me in the right direction for finding instructions on how to set this up?
Thanks

Unless you are doing something funky and giving Docker containers their own IP address it should just work.

Are you using the IP address of the tailscale interface, and not the one you see in the console? The links in the console won’t work as they assume you are on the LAN.

It’ll start 100.x.x.x.


Sent from my iPhone using Tapatalk
Link to comment
On 11/28/2021 at 3:15 PM, dsmith44 said:

1.18.1 has been released and tagged as 1.18.1, 1.18 and latest.

Thank you, all the thanks!

 

Has anyone ran into issues using more than "20 free" devices Tailscale limits too? Or is it unlimited since self-hosted? Would or is it possible to run a second instance of Tailscale on Unraid server?

 

See refernced pic attached.

 

 

tail.thumb.jpg.f523a2592f581685b4f220e0bde55597.jpg

Edited by blaine07
Link to comment
Thank you, all the thanks!
 
Has anyone ran into issues using more than "20 free" devices Tailscale limits too? Or is it unlimited since self-hosted? Would or is it possible to run a second instance of Tailscale on Unraid server?
 
See refernced pic attached.
 
 
tail.thumb.jpg.f523a2592f581685b4f220e0bde55597.jpg

I don’t think you can use more than 20 devices without a separate account, and therefore network.

You aren’t self hosting either as all the clever stuff is in their cloud. This is just an end point. Running another instance on the same server would therefore be pointless.

I think they do have a free multi user as well, I’ve just noticed, bottom of this page.

https://tailscale.com/pricing/
  • Like 1
Link to comment
On 4/17/2020 at 9:11 AM, Ragemachinest said:

Adding on from my previous post, I wanted to access to other machines in my home network that I can't install tailscale on (IP cameras, etc). To solve for this, I made sure the "Network Type" was set to "bridge". I went in to the console for the Tailscale docker container and ran the following (my home network is 192.168.1.0/24 - change this to match your network):

tailscale up --advertise-routes=192.168.1.0/24

 

After running this, I logged in to the Tailscale admin portal at https://login.tailscale.com/admin/machines and for my unraid box clicked the ... on the menu on the far right and click "Enable subnet routes"

 

Back in the docker console I ran: vi /etc/sysctl.d/00-alpine.conf

I added a line: net.ipv4.ip_forward=1 then saved the file.

 

I ran the command: echo 0 | tee /proc/sys/net/ipv4/conf/tailscale0/rp_filter

 

I ran the command: iptables -t nat -A POSTROUTING -j MASQUERADE

 

I could then hit my internal IPs from an iPhone on LTE e.g. http://192.168.1.145 let me hit my IP cams web interface

 

I rebooted and the settings persisted, so it seems to be a permanent setup now.

 

Trying to do the same as in the quoted posted.

 

But i'm getting this in the console?

what am i doing wrong?

billede.thumb.png.baef3c8e3b76e4834f56b1466de92367.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.