Trying to get Tailscale Docker running ...

Ixian · Feb 22, 2022

Trexx said:
Better suggest would be to put TailScale on something like a Raspberry Pi and config TailScale to allow access to the rest of your network. Then you can jump from the RPI box into your TrueNas gui, any of your containers on it, etc.

I second this approach - a cheap jump-box for this kind of thing is common and easy to deal with.

Otherwise, I figured out that the kernel module issue was a problem with RC2 that was fixed sometime after RC2 was released which is why I got it working with my test system on nightlies. It appears to work in the new release version as well. However for it to work like you want you'd need to run the container with Host networking and I don't think the SCALE feature to launch a docker container allows for that.

I haven't tried it but it's possible the "External Services" App in the Truecharts catalog will allow this though I think that may be just there to integrate pre-existing stuff in to their ingress model.

Ixian · Feb 22, 2022

Also, while you won't be able to manage it in the Apps section this way, for something as straightforward as Tailscale you could just run it from the CLI:

docker run -d --name=tailscaled -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun --network=host --privileged tailscale/tailscale tailscaled

and then:

docker exec tailscaled tailscale up

You'll get the authorization url link back as a response; go there, have it authorize, and you're set.

Then you can check the container by:

docker exec -it tailscaled sh

And inside the container run tailscale status to check.

I just did this and it works, tailscale status shows me connected and I'm able to access the server this way.

Since tailscale doesn't require persistant storage or even inbound ports to be forwarded you don't have to do anything funny, it just works.

briancmoses · Feb 22, 2022

This isn't exactly on-topic of this post, but a feature request has been submitted to make support of Tailscale (and hopefully other zero-config VPNs like it) built-in to the TrueNAS products:

https://jira.ixsystems.com/browse/NAS-110540

It'd be nice if all Tailscale fans upvote this ;)

pixelwave · Feb 22, 2022

Ixian said:
Also, while you won't be able to manage it in the Apps section this way, for something as straightforward as Tailscale you could just run it from the CLI:

docker run -d --name=tailscaled -v /var/lib:/var/lib -v /dev/net/tun:/dev/net/tun --network=host --privileged tailscale/tailscale tailscaled

and then:

docker exec tailscaled tailscale up

You'll get the authorization url link back as a response; go there, have it authorize, and you're set.

Then you can check the container by:

docker exec -it tailscaled sh

And inside the container run tailscale status to check.

I just did this and it works, tailscale status shows me connected and I'm able to access the server this way.

Since tailscale doesn't require persistant storage or even inbound ports to be forwarded you don't have to do anything funny, it just works.

That's what I was thinking browsing the official Tailscale site. Maybe even just to use the commandline:
"curl -fsSL https://tailscale.com/install.sh | sh"

But I will try your solution with the docker install command via Shell.

What I read about this way is that with a potential Scale Update this might break .. but worst thing that can happen is that you then have to reinstall the tailscale docker again right?

Until there is an official app package (maybe from truecharts) this seems to be the best option now. Only downside not having the GUI App Management.

Fortunately I am a bit more confident with using the Shell after the Network Chuck Series yesterday ... x)

pixelwave · Feb 22, 2022

briancmoses said:
This isn't exactly on-topic of this post, but a feature request has been submitted to make support of Tailscale (and hopefully other zero-config VPNs like it) built-in to the TrueNAS products:

https://jira.ixsystems.com/browse/NAS-110540

It'd be nice if all Tailscale fans upvote this ;)

Yes I saw the request in my research as well! Would be great to have some kind of official support.

Totally support this - but can not open the link?

pixelwave · Feb 23, 2022

Ok .. so it is up and running and I can access the <tailscaleip> and reach the truenas server remotely via VPN.

What does not work ... is <tailscaleip>:<homeassistantport> (x.x.x.x:8123) to reach the homeassistant install?

UPDATE:

In general only the "main ip" works. If I try to access anything with an additional port (like deconz <tailscaleip>:9080) it does not work ...

That is strange .. with my Synology deployment having tailscale installed I was able to access the systemip and all docker container using custom port assignments as well ...

briancmoses · Feb 23, 2022

pixelwave said:
Ok .. so it is up and running and I can access the <tailscaleip> and reach the truenas server remotely via VPN.

What does not work ... is <tailscaleip>:<homeassistantport> (x.x.x.x:8123) to reach the homeassistant install?

UPDATE:

In general only the "main ip" works. If I try to access anything with an additional port (like deconz <tailscaleip>:9080) it does not work ...

That is strange .. with my Synology deployment having tailscale installed I was able to access the systemip and all docker container using custom port assignments as well ...

I don't have much help to share, this is about as far as I got--but via a different method. I used apt to install the Tailscale package (Don't do this--it caused lots of other problems), but found that I could access things running directly on the host (the TrueNAS interface, Samba, etc...) using the Tailscale IP. It seems like there's some missing network configuration for the containers. When I asked around about this, I was told what I wanted to do was "hacky and unsupported", which lead for me to upvote that feature request.

I'm still able to use Tailscale to access everything on my NAS, though. But I did it using another machine (a VM or my OpenWRT router) and Tailscale's Relay Node feature to route traffic from my Tailnet to NAS' IP address.

Totally support this - but can not open the link?

I think that you'll need to create an account on iXsystem's JIRA in order to upvote / follow that Feature Request.

Ixian · Feb 23, 2022

pixelwave said:
Ok .. so it is up and running and I can access the <tailscaleip> and reach the truenas server remotely via VPN.

What does not work ... is <tailscaleip>:<homeassistantport> (x.x.x.x:8123) to reach the homeassistant install?

UPDATE:

In general only the "main ip" works. If I try to access anything with an additional port (like deconz <tailscaleip>:9080) it does not work ...

That is strange .. with my Synology deployment having tailscale installed I was able to access the systemip and all docker container using custom port assignments as well ...

Yeah, that's where things get tricky. Your Tailscale container needs to be part of the same network as your other apps. If you are running Homeassistant, et. all via SCALE's apps/Truecharts that could be a challenge. The Truecharts folks may be able to offer some advice, or you might be able to get them to add a Tailscale "app" to Truecharts which is a lot simpler than asking for official host-level support from Ix Systems.

Otherwise, it feels like it's getting to the point where it'd just be a lot simpler to set up a Tailscale instance somewhere else - on a Pi if you have one, or another machine - and use the relay feature to access your SCALE host and services.

briancmoses · Feb 23, 2022

Ixian said:
... The Truecharts folks may be able to offer some advice...

I joined the TrueCharts Discord server to ask exactly these kind(s) of questions. I was barked at about how this is hacky and unsupported, told to go ask my questions in one of their community's other channels--a channel that I wasn't even allowed to post in, and then when I asked about obtaining the necessary permissions in DM the moderators either were oblivious or scolded me for wasting their time via DMs.

I hope if someone asks these same questions in TrueCharts' Discord server they have a completely different experience than I did. But in case they haven't, I wanted to share my experience as a warning to others. There's no point in being frustrated by not being able to get Tailscale to work under SCALE and getting mistreated trying to get pointed in the right direction.

Otherwise, it feels like it's getting to the point where it'd just be a lot simpler to set up a Tailscale instance somewhere else - on a Pi if you have one, or another machine - and use the relay feature to access your SCALE host and services.

Unfortunately if you want to use Tailscale right now, this really is the path of least resistance.

Ixian · Feb 23, 2022

briancmoses said:
I joined the TrueCharts Discord server to ask exactly these kind(s) of questions. I was barked at about how this is hacky and unsupported, told to go ask my questions in one of their community's other channels--a channel that I wasn't even allowed to post in, and then when I asked about obtaining the necessary permissions in DM the moderators either were oblivious or scolded me for wasting their time via DMs.

I hope if someone asks these same questions in TrueCharts' Discord server they have a completely different experience than I did. But in case they haven't, I wanted to share my experience as a warning to others. There's no point in being frustrated by not being able to get Tailscale to work under SCALE and getting mistreated trying to get pointed in the right direction.

Unfortunately if you want to use Tailscale right now, this really is the path of least resistance.

Ah, yes, unfortunately I have a pretty good idea of who you are talking about on the Truecharts team. They have a real problem there with at least one member, but that's a different discussion. I'd ignore them and see if one of the others is willing to dig in to it.

DaSnipe · Feb 23, 2022

It's on the list of things to do for TrueCharts, as seen HERE, but if someone wants to build a chart for it they're welcome to do and submit PR. It's not a straightforward thing if I what I see above.

briancmoses · Feb 23, 2022

DaSnipe said:
It's on the list of things to do for TrueCharts, as seen HERE, but if someone wants to build a chart for it they're welcome to do and submit PR. It's not a straightforward thing if I what I see above.

I'm quite aware of that, I submitted it!

I was pretty discouraged when the response was that they're "not planning to implement this (Tailscale addon)" and that "it's most likely not going to happen before 2023."

madmattco · Mar 1, 2022

briancmoses said:
I joined the TrueCharts Discord server to ask exactly these kind(s) of questions. I was barked at about how this is hacky and unsupported, told to go ask my questions in one of their community's other channels--a channel that I wasn't even allowed to post in, and then when I asked about obtaining the necessary permissions in DM the moderators either were oblivious or scolded me for wasting their time via DMs.

I hope if someone asks these same questions in TrueCharts' Discord server they have a completely different experience than I did. But in case they haven't, I wanted to share my experience as a warning to others. There's no point in being frustrated by not being able to get Tailscale to work under SCALE and getting mistreated trying to get pointed in the right direction.

Unfortunately if you want to use Tailscale right now, this really is the path of least resistance.

Brian, sadly you are not the only person to have an issue with said person. A lot of people have. While I do appreciate all of the work that he has been doing, he really needs to adjust his attitude towards others. That "can't be bothered" attitude will just make things worse for him.

void_one · Sep 6, 2022

pixelwave said:
That's what I was thinking browsing the official Tailscale site. Maybe even just to use the commandline:
"curl -fsSL https://tailscale.com/install.sh | sh"

But I will try your solution with the docker install command via Shell.

What I read about this way is that with a potential Scale Update this might break .. but worst thing that can happen is that you then have to reinstall the tailscale docker again right?

Until there is an official app package (maybe from truecharts) this seems to be the best option now. Only downside not having the GUI App Management.

Fortunately I am a bit more confident with using the Shell after the Network Chuck Series yesterday .

I know this is an old post. But it looks like TrueCharts has came out with an official app. I have everything up and running and can see TureNas from the Tailscale console -- but cant access web gui from my browser with the IP it gives me. Firefox tell me the authentication failed. There is no other option to continue. I feel like I’m missing something in the app set up and can’t find any info on this website or anywhere else on how to set this up properly?

sretalla · Sep 7, 2022

void_one said:
I have everything up and running and can see TureNas from the Tailscale console -- but cant access web gui from my browser with the IP it gives me. Firefox tell me the authentication failed. There is no other option to continue. I feel like I’m missing something in the app set up and can’t find any info on this website or anywhere else on how to set this up properly?

What have you done on the Tailscale config to allow that node to advertise your subnet?

Have you set your web GUI to use 0.0.0.0?

DaSnipe · Sep 7, 2022

void_one said:
I know this is an old post. But it looks like TrueCharts has came out with an official app. I have everything up and running and can see TureNas from the Tailscale console -- but cant access web gui from my browser with the IP it gives me. Firefox tell me the authentication failed. There is no other option to continue. I feel like I’m missing something in the app set up and can’t find any info on this website or anywhere else on how to set this up properly?

How-To | TrueCharts

This is a quick how-to or setup-guide to use Tailscale using on your TrueNAS box.

truecharts.org

If Tailscale can see your TrueNAS it can connect, but you might be missing stuff, the How-To has a setup guide that covers most scenarios, but everyone's network and/or firewall rules may be different so you may need more

void_one · Sep 7, 2022

sretalla said:
What have you done on the Tailscale config to allow that node to advertise your subnet?

Have you set your web GUI to use 0.0.0.0?

I believe so. Under System Setting and the General Tab it says "Web Interface IPv4 Address:0.0.0.0".

As for the config files, I have not edited anything. I believe and hope that all that needs to be edited would be in the app settings....and admittedly this is where I'm stuck. I'm not sure what I should be putting in these fields? I have plenty of services running that I’d love to access outside my LAN. I guess setting something up like this is a little advanced for me. I posted a screenshot of the field I’m confused about. I’ve looked all over the place to try and find a discussion from the TrueNas community – but all I could find were folks running CORE and jails.

Important Announcement for the TrueNAS Community.

Trying to get Tailscale Docker running ...

Ixian

Patron

Ixian

Patron

briancmoses

Dabbler

pixelwave

Contributor

pixelwave

Contributor

pixelwave

Contributor

briancmoses

Dabbler

Ixian

Patron

briancmoses

Dabbler

Ixian

Patron

DaSnipe

Explorer

briancmoses

Dabbler

madmattco

Dabbler

void_one

Dabbler

sretalla

Powered by Neutrality

DaSnipe

Explorer

How-To | TrueCharts

void_one

Dabbler

Attachments

Similar threads