anasfanani / magisk-tailscaled Goto Github PK

I seem to be unable to ping other devices connected to Tailscale. The only way I can ping them is using tailscale ping which responds just fine. I can ping my phone from other devices but not vice versa. Is there a way to fix this or should I go back to using the Play Store app?

tailscale ping succeeds but ping does not:

After selecting an exit node, it says selected but offline even though exit node is online and works fine from the app version.

I am trying to get certain apps to route traffic through this tailscale's exit node.

Is this possible?

Some device doesn't have curl, this would fail forever: https://github.com/anasfanani/Magisk-Tailscaled/blob/main/service.sh#L8C5-L8C21

maybe we can simply use ping -c 1.1.1.1?

By the way, this module is proved to work well on KernelSU after commit: 6c86fd1 ;) You don't need to create a module for it separately, it is compatible with Magisk module.

Hello

You mentioned on your new release this

Other VPN
You need to use socks5 port 1099 for accessing other tailscale devices, or you can just route the ip with NekoBox and create a Warp Wireguard.

I have been trying to do this , but unable to . Having some difficulty setting this up.
I have nekobox and set up Warp Wireguard, but i can not add

Manual Setting - SOCKS5
Server/Port: 127.0.0.1:1099
Name: TAILSCALE

As the warp wireguard is using this.

I can not add

Route - Add
IP: 100.64.0.0/10
Outbound: TAILSCALE

as the outbound would be warp wireguard, but i change the outbound to warp , it does not work.

Just wondered if you had an idea what i could do.

thanks

I configured the subnet on OpenWrt according to this document, but my phone cannot access the target network, although other devices can access it normally
tailscaled.zip

我想知道这个模块如何与box_for_magisk或者其他vpn软件一起使用

I can't seem to access http servers running over my Tailscale network. Seems I can only access Tailscale with Termux and not a browser running on the system.

Normally, on a Linux system, I can type in the server's Tailscale IP into a browser to access websites hosted on it.

Using the Magisk module with Magisk.

2024/01/01 22:23:09 logtail: dial "log.tailscale.io:443" failed: dial tcp: lookup log.tailscale.io on [::1]:53: read udp [::1]:39616->[::1]:53: read: connection refused (in 7ms), trying bootstrap...
2024/01/01 22:23:09 trying bootstrapDNS("derp10c.tailscale.com", "192.73.240.121") for "log.tailscale.io" ...
2024/01/01 22:23:10 bootstrapDNS("derp10c.tailscale.com", "192.73.240.121") for "log.tailscale.io" = [2600:1f18:429f:9305:823d:72c0:16da:fb33 54.161.152.147]
2024/01/01 22:23:10 logtail: bootstrap dial succeeded
2024/01/01 22:24:20 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:20 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:20 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:20 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:43 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:43 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:43 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/01/01 22:24:43 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8

I tried removing the startup parameter -tun=userspace-networking. After restarting the device, I am unable to log in to Tailscale.

When I use tailscale netcheck, I receive the following error message:

1|:/data/data/com.termux/files/home # tailscale netcheck
2024/01/28 05:08:40 No DERP map from tailscaled; using default.
fetch prodDERPMap failed: Get "https://controlplane.tailscale.com/derpmap/default": dial tcp: lookup controlplane.tailscale.com on [::1]:53: read udp [::1]:50349->[::1]:53: read: connection refused

Hi there,
Thanks a lot for the nice project! I have a question as I do not understand everything about it:

Does this project also include an Android kernel module that allows to run a wireguard connection (tailscale or others) in kernel space like on most linux desktops? That would quite nice in itself!

EDIT: I just found that Android actually merged the wireguard kernel module years ago, I don't know why I thought this wasn't the case.
Anyway, as a follow up question:

Is there a way for this magisk module to run the connection in kernel space?

Title.

No issues while and after the install - if you clicked the VOLUME DOWN (-) while installing. This way tailscaled.service will start after the booting process.

The default and encouraged option in the installation wizard is the non-functional one. New users will probably click (+) and have tailscaled.service launch issues just like me. Sadly I have no proposed solution other than selecting (-) for now.

Hey,

sorry if an issue isn't a suitable place to ask this, but:
In another issue it was mentioned you use Box for Magisk proxy tool in order to access the userspace tailscale: #1 (comment)

I am trying to do the same, but I struggle to get it to work. Could you maybe share configuration examples (or add them to the README?) of your configuration for box for magisk and how to use it with this module?

Thanks and happy new year

as title, ts subnetroutes is not work on my devices

When I use Tailscale Andorid, I can access it fine.

Here's what I tried on the console:

https://pastebin.ubuntu.com/p/vTQ2Nc6h7h/

Let me know if you need more information

You can also check #14 (comment) this is a repost of it since I wasn't able to reopen the issue.
I'm seeing IPv6 addresses everywhere in the logs, my current location has no IPv6 support, so I'm getting the same errors, seeing lines like:

2024/04/28 21:41:53 control: bootstrapDNS("derp8b.tailscale.com", "2a03:b0c0:1:d0::ec1:e001") for "headscale.example.com" error: Get "https://derp8b.tailscale.com/bootstrap-dns?q=headscale.example.com": dial tcp [2a03:b0c0:1:d0::ec1:e001]:443: connect: network is unreachable
2024/04/28 21:41:53 [RATELIMIT] format("control: bootstrapDNS(%q, %q) for %q error: %v")
2024/04/28 21:41:55 Received error: fetch control key: Get "https://headscale.example.com/key?v=90": failed to resolve "headscale.example.com": no DNS fallback candidates remain for "headscale.example.com"
2024/04/28 21:42:12 [RATELIMIT] format("monitor: ip rule deleted; failed to parse netlink message: %v") (33 dropped)
2024/04/28 21:42:12 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/04/28 21:42:12 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/04/28 21:42:12 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/04/28 21:42:12 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/04/28 21:42:15 monitor: ip rule deleted; failed to parse netlink message: invalid route message attributes: netlink: attribute 20 is not a uint8; length: 8
2024/04/28 21:42:15 [RATELIMIT] format("monitor: ip rule deleted; failed to parse netlink message: %v")
2024/04/28 21:42:20 control: LoginInteractive -> regen=true
2024/04/28 21:42:20 control: doLogin(regen=true, hasUrl=false)
2024/04/28 21:42:20 [RATELIMIT] format("control: trying bootstrapDNS(%q, %q) for %q ...") (9 dropped)
2024/04/28 21:42:21 control: trying bootstrapDNS("derp1d.tailscale.com", "2604:a880:800:10::7fe:f001") for "headscale.example.com" ...
2024/04/28 21:42:21 [RATELIMIT] format("control: bootstrapDNS(%q, %q) for %q error: %v") (3 dropped)
2024/04/28 21:43:27 control: bootstrapDNS("derp8c.tailscale.com", "2a03:b0c0:1:d0::e1f:4001") for "headscale.example.com" error: Get "https://derp8c.tailscale.com/bootstrap-dns?q=headscale.example.com": dial tcp [2a03:b0c0:1:d0::e1f:4001]:443: connect: network is unreachable
2024/04/28 21:43:27 control: trying bootstrapDNS("derp1d.tailscale.com", "165.22.33.71") for "headscale.example.com" ...
2024/04/28 21:43:27 [RATELIMIT] format("control: trying bootstrapDNS(%q, %q) for %q ...")

headscale.example.com is for privacy of course. Even when having a hosts file entry in Android nothing seems to solve this issue.
The derp servers used in the 'trying bootstrapDNS' lines are returning IPv6 addresses first, the IPv4 addresses come later... A picture from the bootstrapDNS request:

First I thought this is a tailscale issue on its own, but since this does not happen on desktop clients I thought we can think of a workaround for the Magisk/KSU module. Things coming to my mind I still have to test:

1. Reversing the bootstrap DNS results, so the IPv4 addresses would be on top of the list (?)
2. Hardcoding the DERP servers with their IP's temporarily into the hosts file systemlessly until we register the device as a node on headscale.
3. Telling Tailscale with a commandline switch (if this exists of course) that it should prefer IPv4 over IPv6.
4. Using a HTTPS_PROXY or HTTPS_PROXY until registered as a node. Tailscale has issues from time to time recognizing these environment variables. See related Reddit Post with the same issue I have.

These are probably not that logical and promising but it's better than not being able to register the device at all. Also a related GitHub issue on tailscale/tailscale.

Currently, the Android client does not trust self-signed certificates, not even ZeroSSL, and there are many issues with custom servers, see:

• tailscale/tailscale#8085
• tailscale/tailscale#10700

The official explanation is that trusting self-signed certificates poses security risks (tailscale/tailscale#8085 (comment)).

However, on Linux and Windows, Tailscale works fine as long as you manually add self-signed certificates to the trusted list.

Can the same be done for this module? I think Magisk users can take responsibility for their own security.

Maybe userspace-networking is not necessary on Android devices?

I just edit it to

cd /data/local/tmp/ && tailscaled -statedir=/data/local/tmp/  >> /data/local/tmp/tailscaled.log 2>&1

whithout tun=userspace-networking and -state=/data/local/tmp/tailscaled.state --port=41641

it can still work properly.

Besides, in this case : when I use sudo tailscale status and other tailscals's commands ,tailscale cannot find tailtailscaled.sock in default situtation because current work dir is not at state /data/local/tmp/. and tailscaled.sock file is here.

any other solution can resolve this problem?

Does this module support a custom control server? I don't seem to be getting a response when using "tailscale up --login-server=https://login.server.net" or when using "tailscale login --login-server=https://login.server.net"

This works for all of the tailscale CLI implementations I have played around with so far. This would be a cool addition if it is not already supported in the app. Thank you.

What is not working?
Pinging other Tailnet devices.

Steps to reproduce:
Follow the guide to install the module and login to Tailscale.
then
Ping to any device in tailnet

What's happening?
Every device can ping my phone, but phone cannot ping other tailnet devices.