Unable to Setup SSH Connection Between Two TrueNAS Scale Servers Through Tailscale

R

Ralphshep

Dabbler
Joined
Apr 28, 2020
Messages
45
I am trying to set up an off site backup for my home server. I have the Tailscale app installed from the official community chart on both machines using the server name as the host name, the server's static IP as the configured as subnet route and I have "Host Network" "Advertise Exit Node" "Userspace" and "Accept DNS" enabled. I followed THIS VIDEO tutorial and the TrueCharts Guide for the most part to get this setup. However, he uses Rsync but I want to use Data Replication to push the data from my home server to the offsite location since both machines are running TrueNAS.

Here is the problem: I cannot setup a SSH connection from the home server to the offsite sever. I started troubleshooting by pinging the offsite server's local IP, Tailscale hostname, and Tailscale IP from the home server. However, only the hostname resolved. Going in the other direction, I tried pinging the home server addresses from the offsite backup and none of the addresses resolved.

To make sure Tailscale is configured correctly on each of the servers, I connected my Mac to the Tailscale network and was able to load the ping, SSH, and load the WebUI of both TrueNAS servers using the local IP, Tailscale hostname, and Tailscale IP.

Now that I have confirmed that the necessary TrueNAS ports are accessible over the Tailscale network I'm not really sure why the TrueNAS servers can't see each other.
 
M

Mocoso

Cadet
Joined
Jan 10, 2021
Messages
9
Im in the same boat and tried following the same video... I did find through another thread that the userspace needs to be off..(Link where they talk about userspace off) Ive tried both the trucharts and truenas apps with the userspace on or off and are in the same boat.. I can ping and access both NAS through laptop when its connected to the tailscale network but neither NAS can see each other either through shell ping or via replication. I dont believe the TrueNAS native functions are seeing the tailscale interface - I havent found a way to get the replication task to use the tailscale network instead of the baremetal network interface.. Let me know if you find a way to get it to work.. I really was trying to get away from installing tailscale on the bare metal OS like was done on the video..

6/21 Update: I got part of my setup working... I have NAS A talking to NAS B at physically different locations but only because I was able to leverate the tailscale functionality on the PFSense router.. so I basically have NAS A --> PFSense (running tailscale) <== WAN ===> Location B Router ---> NAS B (running tailscale as app)

NAS B still cant ping or see any of the tailscale devices when it initiates traffic so no replications started from NAS B. Since tailscale is running on the router at location A it correctly advertises and adds the routing table entries and NAS A can "see" the NAS B IP address. I can initiate replication tasks from NAS A as a push(or pull) to NAS B...

There was no need to install or run tailscale on the NAS A as the PFSense router is taking care of advertising its IP address and setting up routes. I still have an issue as I have a separate NAS C at different site that I want to replicate to NAS B and the only way to do it at the moment is to pull from NAS C to NAS A and then turn around and replicate that as a push to NAS B... it would be a lot cleaner if we were able to go from truenas to truenas simply by using the apps and have the native network nas traffic tunel through the apps so I still would like to see that working but thought i would mention if you have pfsense you can work around it.
 
Last edited:
M

MrBucket101

Dabbler
Joined
Jul 9, 2018
Messages
18
This isn't exactly the answer you were looking for. I prefer not to run containers or apps on my TrueNAS instance and use it purely for storage.

I created a small VM on my hypervisor, and installed tailscale on it. Connected the VM to the network, setup the accept/advertise routes

Then in TrueNAS I created a static route. Where 10.254.1.99 is the remote machine IP

10.254.1.99 -> <VM IP>

Then I setup masquerade NAT in the VM.

Code:
~ sudo iptables -t nat -A POSTROUTING -d 10.254.1.99 -j SNAT --to-source <tailscale ip>


You can get the tailscale ip with
Code:
~ tailscale ip


Then I can ping and connect to the 10.254.1.99 from my TrueNAS Scale instance.
 
M

Mocoso

Cadet
Joined
Jan 10, 2021
Messages
9
MrBucket101 said:
This isn't exactly the answer you were looking for. I prefer not to run containers or apps on my TrueNAS instance and use it purely for storage.

I created a small VM on my hypervisor, and installed tailscale on it. Connected the VM to the network, setup the accept/advertise routes

Then in TrueNAS I created a static route. Where 10.254.1.99 is the remote machine IP

10.254.1.99 -> <VM IP>

Then I setup masquerade NAT in the VM.

Code:
~ sudo iptables -t nat -A POSTROUTING -d 10.254.1.99 -j SNAT --to-source <tailscale ip>


You can get the tailscale ip with
Code:
~ tailscale ip


Then I can ping and connect to the 10.254.1.99 from my TrueNAS Scale instance.
Click to expand...
Yes thats one way to do it albeit why not just advertise the routes to the TrueNAS at that point in the VM? I guess your method above restricts the NAS to only see the one external IP?
 
M

MrBucket101

Dabbler
Joined
Jul 9, 2018
Messages
18
Mocoso said:
Yes thats one way to do it albeit why not just advertise the routes to the TrueNAS at that point in the VM? I guess your method above restricts the NAS to only see the one external IP?
Click to expand...
Yep, I’ve got multiple tailnet routers for all of my sites. Which ultimately results in some pretty restrictive ACL’s

So even if I did set up a static route for the entire /24 block, traffic would only flow to that individual IP, and only then, on ports 21,873
 
R

rgrcoutts

Cadet
Joined
Jun 28, 2023
Messages
1
Hi, first time posting here, after much searching on here, other forums, youtube, etc, I finally got replication working from main to remote TrueNAS Scale servers through TailScale, and figured out the right config about 2 days before LTS uploaded a video showing how to do the same. He then followed the video up with a 2nd one to correct/add details missing from the first video:

Video 1
www.youtube.com

Step-by-Step Guide: How To Setup Tailscale on TrueNAS SCALE

https://lawrence.video/truenasTailscale Tutorialhttps://youtu.be/bcRVkoeSN0EHeadscale Videohttps://youtu.be/-9gXP6aaaywConnecting With Us--------------------...
www.youtube.com www.youtube.com
Video 2
www.youtube.com

How to Configure ZFS Replication on Two or More TrueNAS Scale Systems Using Tailscale

https://lawrence.video/truenasStep-by-Step Guide: How To Setup Tailscale on TrueNAS SCALEhttps://youtu.be/o0Py62k63_cConnecting With Us----------------------...
www.youtube.com www.youtube.com

For my setup, I set static routes for both systems with their IP's/32, as I wanted them only to talk to each other for replication purposes. In terms of other settings in the TailScale App:

Advertise Exit Node - unticked
Userspace - unticked
AcceptDNS - ticked

Host Network - ticked (binds to the TrueNAS Scale so that the TailScale connection shows up as a network adapter)

Everything else left as default, and the above settings are the same on both main and remote servers.

Then when setting up replication, and setting up the SSH Connection (under Backup Credentials)(in my case, I am pulling the replication from the remote server side, not pushing from the main server), for the Authentication Host path, you use the TailScale address provided for your TrueNAS Scale server (main server in my case, remote server if you are pushing from the main server) under the Machines section in your TailScale account, and that worked 100%, no issues.

Just an FYI, I had to setup periodic snapshots first on my main server, and then setup the replication, as the replication setup process didn't seem to setup snapshots automatically.

TN Scale versions on both servers are 22.12.3 and TailScale App versions on both servers are TrueNAS Community versions 1.44.0_1.0.12

Hope this helps
 
H

help!

Explorer
Joined
Aug 3, 2023
Messages
57
Im in the same boat, three months of no backups because i cant get ssh or rsync to work over to my offsite location

i can ping with the nas to nas (offsite) but ssh refuses and r sync refuses

I acutally dont know how to ssh to be hoenst

on the offsite nas when i make ssh it asks for host and if i make the host be the offsite nas, i never get it to work

but if i fill in the details for the NAS THAT IM ACTUALLY ON its works !!!!

but whne i try to do a replication task

I CAN ONLY SEE THE NAS IM NOT NOT THE OFFSITE NAS,

so then again im back to square one,


ive got this far getting wireguard working so i can see the nas but cant send any data offsite,
 
You must log in or register to reply here.

Similar threads

stk
SOLVED: Easiest way to access all app Web Portals when using Tailscale
Replies
0
Views
660
stk
stk
E
Tailscale in TrueNas Scale using Trecharts infinite deploying
Replies
4
Views
2K
halftome
halftome
jengle
tailscale in TrueNAS Scale using Truecharts
Replies
7
Views
13K
mihies
mihies
stk
SOLVED: Tailscale app wasn't routing to local network
Replies
0
Views
288
stk
stk
NahsiN
Use tailscale app to access truenas web UI, apps and shares on my tailnet
Replies
5
Views
11K
cybergroove
C
Top