No tailscale interface on UDM SE
dsbaars opened this issue · 3 comments
I just got the UDM SE last week. Everything seems to install and run fine, I do get an IP-address and in the web interface an IP shows up.
However, if I run ip addr show I don't see any tailscale interface, I can't ping to other machines and other machines can't ping to the UDM SE. The logs do not seem to tell anything useful in finding the cause. I shared them below:
Kernel
root@udm:~# uname -ar
Linux udm 4.19.152-ui-alpine #4.19.152 SMP Fri Apr 22 00:04:43 CST 2022 aarch64 GNU/Linux
Install
root@udm:~# curl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh
Installing Tailscale v1.24.2 in /mnt/data/tailscale...
Installation complete, run '/mnt/data/tailscale/manage.sh start' to start Tailscale
Starting Tailscaled...
Tailscaled started successfully
To authenticate, visit:
https://login.tailscale.com/a/xxxxxx
Success.
tailscale.log
2022/05/08 18:46:09 logtail started
2022/05/08 18:46:09 Program starting: v1.24.2-t9d6867fb0-g2d0f7ddc3, Go 1.18.1-ts710a0d8610: []string{"/mnt/data/tailscale/tailscaled", "--cleanup"}
2022/05/08 18:46:09 LogID: **MASKED**
2022/05/08 18:46:09 logpolicy: using system state directory "/var/lib/tailscale"
2022/05/08 18:46:09 dns: [rc=unknown ret=direct]
2022/05/08 18:46:09 dns: using *dns.directManager
2022/05/08 18:46:09 flushing log.
2022/05/08 18:46:09 logger closing down
2022/05/08 18:46:10 logtail started
2022/05/08 18:46:10 Program starting: v1.24.2-t9d6867fb0-g2d0f7ddc3, Go 1.18.1-ts710a0d8610: []string{"/mnt/data/tailscale/tailscaled", "--state", "/mnt/data/tailscale/tailscaled.state", "--socket", "/var/run/tailscale/tailscaled.sock", "--port", "41641", "--tun", "userspace-networking"}
2022/05/08 18:46:10 LogID: **MASKED**
2022/05/08 18:46:10 logpolicy: using system state directory "/var/lib/tailscale"
2022/05/08 18:46:10 wgengine.NewUserspaceEngine(tun "userspace-networking") ...
2022/05/08 18:46:10 dns: using dns.noopManager
2022/05/08 18:46:10 link state: interfaces.State ** TRUNCATED **
2022/05/08 18:46:10 magicsock: disco key = **MASKED**
2022/05/08 18:46:10 Creating wireguard device...
2022/05/08 18:46:10 Bringing wireguard device up...
2022/05/08 18:46:10 Bringing router up...
2022/05/08 18:46:10 Clearing router settings...
2022/05/08 18:46:10 Starting link monitor...
2022/05/08 18:46:10 Engine created.
2022/05/08 18:46:10 Start
2022/05/08 18:46:10 using backend prefs for "_daemon": Prefs{ra=false dns=true want=false routes=[] nf=on Persist{lm=, o=, n=[LZHWO] u="**MASKED**"}}
2022/05/08 18:46:10 Backend: logs: be:**MASKED** fe:
2022/05/08 18:46:10 control: client.Login(false, 0)
2022/05/08 18:46:10 Switching ipn state NoState -> Stopped (WantRunning=false, nm=false)
2022/05/08 18:46:10 wgengine: Reconfig: configuring userspace wireguard config (with 0/0 peers)
2022/05/08 18:46:10 wgengine: Reconfig: configuring router
2022/05/08 18:46:10 wgengine: Reconfig: configuring DNS
2022/05/08 18:46:10 dns: Set: {DefaultResolvers:[] Routes:{} SearchDomains:[] Hosts:0}
2022/05/08 18:46:10 dns: Resolvercfg: {Routes:{} Hosts:0 LocalDomains:[]}
2022/05/08 18:46:10 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
2022/05/08 18:46:10 control: doLogin(regen=false, hasUrl=false)
2022/05/08 18:46:10 health("overall"): error: state=Stopped, wantRunning=false
2022/05/08 18:46:10 control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
2022/05/08 18:46:10 control: RegisterReq: onode= node=[LZHWO] fup=false
2022/05/08 18:46:10 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
2022/05/08 18:46:10 active login: **MASKED**@github
2022/05/08 18:46:10 control: setPaused(true)
2022/05/08 18:46:10 control: mapRoutine: paused
2022/05/08 18:46:10 control: mapRoutine: awaiting unpause
2022/05/08 18:46:10 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=true udp=true derp=#4 portmap= link=""}
2022/05/08 18:46:10 magicsock: endpoints changed: ** TRUNCATED **
2022/05/08 18:46:15 ipnserver: conn2: connection from userid 0; root has access
2022/05/08 18:46:15 EditPrefs: MaskedPrefs{WantRunning=true}
2022/05/08 18:46:15 active login: "**MASKED**" ([unexpected] corp#461, not "**MASKED**@github")
2022/05/08 18:46:15 transitioning to running; doing Login...
2022/05/08 18:46:15 control: client.Login(false, 0)
2022/05/08 18:46:15 control: setPaused(false)
2022/05/08 18:46:15 Switching ipn state Stopped -> Starting (WantRunning=true, nm=true)
2022/05/08 18:46:15 control: mapRoutine: unpaused
2022/05/08 18:46:15 control: doLogin(regen=false, hasUrl=false)
2022/05/08 18:46:15 control: RegisterReq: onode= node=[LZHWO] fup=false
2022/05/08 18:46:15 magicsock: SetPrivateKey called (init)
2022/05/08 18:46:15 magicsock: private key changed, reconnecting to home derp-4
2022/05/08 18:46:15 wgengine: Reconfig: configuring userspace wireguard config (with 0/2 peers)
2022/05/08 18:46:15 wgengine: Reconfig: configuring router
2022/05/08 18:46:15 wgengine: Reconfig: configuring DNS
2022/05/08 18:46:15 dns: Set: {DefaultResolvers:[] Routes:{**MASKED**.github.beta.tailscale.net.:[]}+65arpa SearchDomains:[**MASKED**.github.beta.tailscale.net.] Hosts:3}
2022/05/08 18:46:15 peerapi: serving on http://** MASKED **:34277
2022/05/08 18:46:15 peerapi: serving on http://** MASKED **:34277
2022/05/08 18:46:15 health("dns"): error: getting OS base config is not supported
2022/05/08 18:46:15 magicsock: adding connection to derp-4 for home-keep-alive
2022/05/08 18:46:15 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
2022/05/08 18:46:15 health("dns-os"): error: getting OS base config is not supported
2022/05/08 18:46:15 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
2022/05/08 18:46:15 control: controlclient: restarting map request for "dns" health change to new state: getting OS base config is not supported
2022/05/08 18:46:15 control: controlclient: restarting map request for "dns-os" health change to new state: getting OS base config is not supported
2022/05/08 18:46:15 derphttp.Client.Connect: connecting to derp-4 (fra)
2022/05/08 18:46:15 ipnserver: conn2: ReadMsg: read unix /var/run/tailscale/tailscaled.sock->@: read: connection reset by peer
2022/05/08 18:46:15 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
2022/05/08 18:46:15 magicsock: derp-4 connected; connGen=1
Hi @dsbaars, can you try running tailscale ping and let me know whether that works? Something else to try is opening http://<UDM Tailscale IP> in your browser to see whether you can access the webpage.
(You'll find this at /mnt/data/tailscale/tailscale ping on the UDM).
Tailscale on the UDM runs in usermode and doesn't create a new network interface, so you won't find it in the ip addr output. Instead, you'll need to use the tailscale command line tool to do all of your troubleshooting, including using tailscale ping, tailscale status and tailscale netcheck.
If you're still seeing failures after trying the above, please can you include the output of tailscale netcheck and we can try and loop the folks from the Tailscale team in to debug this.
Thanks @notheotherben that was not clear to me from the README.
tailscale ping
✅ This works to the UDM and from the UDM
http://
❌ Does not work from the network "behind" the UDM.
ℹ️ When I install tailscale client on one of the computers "behind" the UDM it is reachable.
But my idea of putting this tailscale client on the UDM is so that I don't need to put it on individual clients in the same subnet anymore.
tailscale netcheck
Looks good to me:
Report:
* UDP: true
* IPv4: yes, **HIDDEN**
* IPv6: yes, **HIDDEN**
* MappingVariesByDestIP: false
* HairPinning: true
* PortMapping:
* Nearest DERP: London
* DERP latency:
- lhr: 27.7ms (London)
- fra: 31ms (Frankfurt)
- nyc: 107ms (New York City)
- ord: 118.3ms (Chicago)
- dfw: 136.1ms (Dallas)
- blr: 153.3ms (Bangalore)
- sfo: 166.1ms (San Francisco)
- sea: 173.3ms (Seattle)
- sao: 233.3ms (São Paulo)
- tok: 244ms (Tokyo)
- sin: 262.2ms (Singapore)
- syd: 312.8ms (Sydney)
I guess I need to put a static route to the tailscale network manually?
The --advertise-routes works, but I'd like it too work the other direction as well ;)
I see, so you're looking to configure your network such that the UDM provides access to Tailnet IPs for all devices on your local network? Makes sense, however I don't know what would be entailed in setting that up and making it work. As I understand it, the way that Tailscale's subnet routers work is inherently simplex:
Subnet routers act as a gateway, relaying traffic from your Tailscale network onto your physical subnet.
I'd reach out to the folks over on tailscale/tailscale to find out whether this is a supported use case.