tsujamin / hass-addons Goto Github PK

Unfortunately the subnets not working for me.
Neither the local subnet nor the routed one (via udm pro)
I have only access to the HA via Tailscale.

advertised routes:
192.168.178.0/24,172.16.0.0/23

what I am doing wrong?

I also get ok in the Log:

023/01/07 14:24:25 Accept: TCP{100.xxx.xxx.85:57885 > 172.16.0.9:80} 64 tcp ok

Describe the bug
The add-on doesn't install, the error message is "Image 948e3081/aarch64-addon-tailscale:1.48.1.0 does not exist for addon_948e3081_tailscale"

To Reproduce
Try to install the add-on on a raspberry pi 4 with HA OS

Expected behavior
The add-on should be installed

Desktop (please complete the following information):

• Plugin Version: latest
• Home Assistant/Supervisor Versions: latest

Describe the bug
After updating from 1.66.3, the addon begins startup but eventually errors out with the below. Reverting back to 1.66.3 works

Snippet from log:

*2024/05/31 08:59:36 health("overall"): ok
Error: changing settings via 'tailscale up' requires mentioning all
non-default flags. To proceed, either re-run your command with --reset or
use the command below to explicitly mention the current value of
all non-default settings:

	tailscale up --advertise-routes=10.0.15.0/24,10.0.33.0/24 --auth-key=tskey-REDACTED --hostname=home-assistant --stateful-filtering

To Reproduce*
Steps to reproduce the behavior:

1. Go to 'Settings>Add-ons>Tailscale'
2. Click on 'Update'
3. Check Logs
4. See error
5. Addon stops

Expected behavior
Addon to start and stay running

Desktop (please complete the following information):

• Plugin Version: 1.66.4
• Home Assistant/Supervisor Versions: Home Assistant 2024.5.5 / Supervisor 2024.05.1

I have a problem when they install the addon so it works normally. but if I want to add a device that is in another TailScale network, I can't connect to it via Home Assistant. I guess the problem is that it runs in other dockers, right? so does it work out somehow?

as per subject the 1.50.0 version is out so when time allow please update the add-on/plugin

Describe the bug
You have 1.22.1.0 installed. Click update to update to version 1.22.2.0

I press the update button and get this:

The command '/bin/bash -o pipefail -c apt install -y wget iptables iproute2 procps' returned a non-zero code:100

System info:

System Health

After pressing the install button I get this error:

"Failed to to call /addons/948e3081_tailscale/install - The command '/bin/bash -o pipefail -c apt update' returned a non-zero code: 100
22:48:43 – (ERROR) Home Assistant Supervisor - message first occurred at 22:18:01 and shows up 5 times"

Could it be because I have an outdated version of home assistant?

Desktop (please complete the following information):

• Plugin Version: 1.36.2.0
• Home Assistant/Supervisor Versions: core-2022.11.4/supervisor-2023.01.1

I have two machines on the Tailscale network. One of them has a home assistant set up with Mosquitto broker. I am unable to send messages to the broker. The sending machine confirms the connection to the broker and the sending of the message, but the message never arrives. I have tried many settings, however, none work. After sending the message I see the following log on home assistant machine:

2023/03/26 18:29:56 portmapper: failed to get PCP mapping: PCP is implemented but not enabled in the router
2023/03/26 18:29:57 portmapper: failed to get PCP mapping: PCP is implemented but not enabled in the router
2023/03/26 18:29:57 Accept: TCP{100.103.124.23:39321 > 100.72.7.95:1883} 60 tcp ok
2023/03/26 18:29:57 Accept: TCP{100.103.124.23:39321 > 100.72.7.95:1883} 52 tcp non-syn
2023/03/26 18:29:57 Accept: TCP{100.103.124.23:39321 > 100.72.7.95:1883} 95 tcp non-syn

Port: 1883 is the default MQTT port.

My current setup is as follows:

hostname: homeassistant
userspace_networking: true
auth_key: tskey-xxx
accept_routes: true
ssh: false
disable_dns: false
advertise_exit_node: false
reset: true

• Plugin Version: 1.38.2.0
• Home Assistant OS: 2023.3.3

Describe the bug

I run a PiHole server on my Tailscale network. I'd like to add the PiHole integration for this PiHole instance to Home Assistant. Unfortunately, I'm not access the PiHole instance via it's local IP, Tailscale IP or Tailnest hostname

To Reproduce

1. Add PiHole integration
2. Enter Tailnet IP (or one of the other options listed above)
3. Integration reports "Failed to connect"

Expected behavior
Home Assistant should be able to communicate with other devices on the Tailnet.

Desktop (please complete the following information):

• Plugin Version: 1.34.2.0
• Home Assistant/Supervisor Versions: 2023.1.1 / Home Assistant OS 9.4

Additional context

• accept-routes enabled
• userspace_networking enabled

For the past few days, I have been getting warnings that my cert was about to expire (which was generated via tailscale cert as part of this addon). I tried restarting this addon, home assistant, etc in hopes it would renew, but it did not.

Today it expired, and I tried restarting the addon again, and it successfully renewed.

Feature request:

1. Can this addon detect when the cert will expire soon (I think by default they last for 90 days, so maybe if less than 30 days) and attempt to renew on startup?
2. Even better, somehow renew without restarting the addon manually (I may schedule an addon restart every ~90 days to automate this in the meantime)

Logs below if they are helpful (once renewed).

...
2022/08/07 09:09:07 cert("HOSTNAME.tailnet-aaba.ts.net"): already had ACME account.
2022/08/07 09:09:08 cert("HOSTNAME.tailnet-aaba.ts.net"): starting SetDNS call...
2022/08/07 09:09:19 cert("HOSTNAME.tailnet-aaba.ts.net"): did SetDNS
2022/08/07 09:09:20 cert("HOSTNAME.tailnet-aaba.ts.net"): requesting cert...
2022/08/07 09:09:21 cert("HOSTNAME.tailnet-aaba.ts.net"): got cert
Wrote public cert to /ssl/HOSTNAME.tailnet-aaba.ts.net.crt
Wrote private key to /ssl/HOSTNAME.tailnet-aaba.ts.net.key
...

Followed the guide and installed the addon, signed into Tailscale admin page, and everything looks good. Home Assistant is shown as green and connected but I cant connect to it at all. Web browser says "Cant establish a secure connection" or connection has been reset.

Is your feature request related to a problem? Please describe.
Tailscale has added an option to advertise connectors. This has not yet been added an as option.

Describe the solution you'd like
The ability to add "advertise_connector" in the config file and pass the option when Tailscale runs.

Describe alternatives you've considered
I am unsure if there is a good alternative

Additional context
NA

Thanks for the hard work keeping the add-on up to date. It's much appreciated!

-Chris

Greetings, this add-on works great, however I'm trying to move away from it to a seperate instance of Tailscale (TS) so that it's up regardless of HAOS. I got TS set up in Docker outside of HAOS, however I ran into issues with Chromecast which on a separate VLAN. Issues I don't have when using the TS add-on.

The issue is that I can see the Chromecast, but cast won't connect. Since I can see it, I don't think it's mDNS. Some helpful person on Reddit suggested setting up static routing, but that's not something I'm familiar with AND since it works with HAOS (on same machine (HAOS on VM and Docker running on LXC within Promox VE)) it can clearly be accomplished without getting into custom routing tables.

More background here in the Reddit post - https://www.reddit.com/r/homeassistant/comments/1anbeu9/home_assistant_vs_docker_chromecast_connection/

My question is, is there anything related to network routing that is implemented in this add-on that isn't implemented by default in a separate docker instance of TS?

I know this is outside the scope of an issue with the add-on, so any help is greatly appreciated. And if there's a better place to ask this question, please let me know.

I'm using the latest version (1.12.1.0) of this addon. However Tailscale admin consle says its an old version of Tailscale. Can you update it?

Describe the bug
When I restart the add-on, I get a "Restart failed" message from Home Assistant
To Reproduce
I don't know how to reproduce it, for me, it happens anytime

Expected behavior
I shouldn't get the error message

Desktop (please complete the following information):

• Plugin Version:
• Home Assistant/Supervisor Versions:

Additional context
In my logs, there is the following line:

logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil

Is your feature request related to a problem? Please describe.

Not directly with this addon. I just need a valid ssl certificate to access my bitwarden_rs instance on iOS devices, because iOS doesn't accept ssl certificate which are not authorised by a public Certificate Authority.

Describe the solution you'd like

A button which I can click to get a valid ssl certificate or (better) an automated process like the Let's Encrypt addon to get a ssl certificate which executes tailscale cert <domain>.

Describe alternatives you've considered

Execute tailscale cert manually in the command line. But I can't find the the executable when I login via ssh to my hassio instance.

Additional context

https://tailscale.com/kb/1153/enabling-https/

I took a look at https://github.com/tsujamin/hass-addons/blob/main/tailscale/run.sh, but I think it would not be the right place to add tailscale cert, because it's not an argument which I had to pass to the start process. I need a way to just execute tailscale cert once. I don't have deep knowledge in home assistant development, maybe you could provide a clear path for me how to do that, then I would just try it and provide a Pull Request :)

Thank you

Is your feature request related to a problem? Please describe.
SOCKS5 and HTTP proxies can be used when --tun=userspace-networking is used.
It can be useful when you want other containers to route their traffic through the tailscale add-on.

In my case, I have a Firefox container that cannot reach other tailscale nodes.
I set the tailscale's SOCKS5 proxy in Firefox and then I can reach the other nodes of the network.

Describe the solution you'd like
Add support for flags --socks5-server and --outbound-http-proxy-listen

Command example:
tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055

Describe alternatives you've considered
Unknown

Additional context
Documation:
https://tailscale.com/kb/1112/userspace-networking/#socks5-vs-http

Describe the bug
Sorry this might be a dumb issue, but I was surprised that tailscale wasn't in PATH post install. It looks like the script moves it to /bin, but I couldn't find it there. Do you know why I can't find it?

Additional context
Protection mode is off for the ssh/web terminal add-on

Just wanted to let you know about it, maybe you guys want to collaborate: https://github.com/hassio-addons/addon-tailscale

feel free to close without commenting after taking not of this "issue"

Please update to the latest tailscale version 1.18

I tried removing then I get the following error when reinstalling...

Head "https://registry-1.docker.io/v2/homeassistant/amd64-base-debian/manifests/latest": Get "https://auth.docker.io/token?scope=repository%3Ahomeassistant%2Famd64-base-debian%3Apull&service=registry.docker.io": read tcp 192.168.68.XXX:44028->18.215.138.58:443: read: connection reset by peer

Thanks

Describe the bug
Hi, I'm trying to setup a site-to-site tunnel using Tailscale and the proper routing of non-tailscale machines via the addon requires that userspace-networking option is disabled, so that the interface tailscale0 is visible and part of the routing tables on the HAOS host.
However this addon only works with announced routes if this option is enabled, so devices in the tailscale network can access non-tailscale devices locally, but local non-tailscale devices cannot access remote devices via tailscale.

To Reproduce
Steps to reproduce the behavior:

1. Install the addon on a local HA and on a remote HA instances > OK
2. Announce a local route on both addons, e.g. 192.1668.2.0/24 on one side and 192.168.3.0/24 on the other side > OK
3. create a static route on the local routers on each side to route remote IPs to the local HA nodes > OK
4. with a device outside of both local LANs that has tailscale installed, access a non-tailscale device on both announced lans > OK
5. with a non-tailscale device located on one announced LAN, try to reach another device located on the other announced lan > FAIL

Expected behavior
I am trying to implement site-to-site networking according to https://tailscale.com/kb/1214/site-to-site/
We had a previous chat here about the userspace-networking option and I tested and confirm that the announced routes were not reachable with this option was disabled. However, after having other talks with the owner of this addon: https://github.com/lmagyar/homeassistant-addon-tailscale
He managed to have site-to-site working without having this option enabled, by adding extra lines in routing tables and a few other things that escape me... (I'm not a network engineer...) The limitation of his addon however is that I cannot advertise routes other than the LAN where HA is. This is to stay in line with the spirit of the HA team not wanting to manage networks that are not managed by the HA supervisor.

Bottom line is, I'd need the option of your addon to advertise extra routes, together with the option on his addon to have routing working without userspace-networking enabled. If you need I can send a snapshot of the routes that are declared by his addon to see the difference with yours when userspace-networking is disabled (and tailscale0 interface exists instead).

Desktop (please complete the following information):

• Plugin Version: latest
• Home Assistant/Supervisor Versions: latest

Additional context
Today I'm running your addon on one site and the other addon on the other site and I have tested that with the other addon, a non-tailscale machine can well access the remote devices on all the routes announced by your addon. But it only works one way, so I'm seeking to make it work both ways.

Hi, I have error if updated to version 1.22.1.0 on Home assistant...

`Logger: homeassistant.components.hassio
Source: components/hassio/websocket_api.py:120
Integration: Home Assistant Supervisor (documentation, issues)
First occurred: 18:54:44 (1 occurrences)
Last logged: 18:54:44

Failed to to call /store/addons/948e3081_tailscale/update - The command '/bin/bash -o pipefail -c apt install -y wget iptables iproute2 procps' returned a non-zero code: 100`

Could you please create an option for that or a checkbox? Its described here https://tailscale.com/kb/1019/subnets/ that you need this option if you would like a linux tailscale instance to actually use advertised routes by other tailscale instances.

Hello,
I'm losing connectivity to the GUI and can't ping HA a few moments after installing the addon. The machine still shows connected on Tailscale console.

My installation is:

Raspberry pi 3 b+ 64bit
Home Assistant OS 6.2
Core 2021.7.4
Supervisor-2021.06.8

I can't get Hass to work as an exit or relay node on RPi. I'm trying to follow these docs: https://tailscale.com/kb/1104/enable-ip-forwarding/

~ $ sysctl -q net.ipv4.ip_forward=1
sysctl: error setting key 'net.ipv4.ip_forward': Read-only file system

Help would be appreciated, thank you for your hard work!

Describe the bug
so, basically i am looking for this tailscale addon for the reason that i can set HA connection to my exit node, however when i start the addon with ip address of the exit node set, that my home assistant get the following issues:

1. cannot access it from local network
2. supervisor goes crazy >> does not start correctly, (if fact it does not start at all)

btw... i was searching the other issues and i found similar issue to the supervisor issue and i enabled the userspace, however, after testing the exit node, i do not believe the exit node function works.

my case is that, i do not what happened to my isp, however they have did something wrong in their core and docker impage pull does not work, unless i connect to another isp or use openvpn.

so i have being testing the both and yesterday i tested the exit node with my mobile, connecting my mobile to the computer (using exit node) where i run openvpn on and i can confirm location change, however, when i connected it with HA, the same error message regarding image pull still there.

(i could set my vpn at the router level, but this would be my last option).

FYI,,, i used to have the community addon and i uninstalled it before installing this just cuz of the exit node

To Reproduce

1. install the addon
2. add the ip of the exit node,
3. start the addon

Expected behavior
A clear and concise description of what you expected to happen.
to just simply work utilizing the connection from my exit node

latest version

after several restarts the addon will discount right 10/15 seconds after starting it

2022-05-21 10:52:00 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:01 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:28 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:29 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:30 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:31 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:32 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running 2022-05-21 10:52:33 ERROR (MainThread) [homeassistant.components.hassio] Failed to to call /addons/948e3081_tailscale/stats - Container addon_948e3081_tailscale is not running

Can you help me please?
I dont understand how set up subnet...
My router at home have IP 192.168.1.1
On HA is installed Tailscale with IP 100.84.113.77 and subnets allowed with ip range 192.168.1.0/24.
My printer at home have ip in local network 192.168.1.123.
How to connect this printer via tailscale please?

evening,

thanks you for this cool project. I have been playing around with tailscale and so far it works as expected. However, I have my own security concerns and wanted to pick your brain.

As a solo plan Tailscales ACLs do not appear to be entirely active. I can define and limit which tailscale clients can see my hassio box, but when connected traffic is wide open on any port.

To circumvent this I have added some top level iptable filters. These do not persist after a host reboot. Is there anyway you can think of that one might be able to execute such iptable checks/additions when this add-on starts/restarts?

I added add-on with Supervisor.
When I click a button Install, I get the error:
"The command '/bin/ash -o pipefail -c /install.sh $BUILD_ARCH $TAILSCALE_VERSION' returned a non-zero code: 1"

What should I do to install it?

HA core v.2021.6.5
Add-on v.1.8.7.0

Subject says it all. Got the error after updating. Client doesn't connect.

System Health

21-06-06 15:41:05 ERROR (SyncWorker_5) [supervisor.docker.addon] Can't build 948e3081/aarch64-addon-tailscale:1.8.5.0: The command '/bin/ash -o pipefail -c /install.sh $BUILD_ARCH $TAILSCALE_VERSION' returned a non-zero code: 1
21-06-06 15:41:05 ERROR (SyncWorker_5) [supervisor.docker.addon] Build log:
Step 1/18 : ARG BUILD_ARCH
Step 2/18 : FROM homeassistant/${BUILD_ARCH}-base:latest
---> b9ff7dc42dac
Step 3/18 : ARG BUILD_ARCH
---> Using cache
---> e6fa3fcc4fa8
Step 4/18 : ARG TAILSCALE_VERSION="1.8.3"
---> Using cache
---> 119a7d6c4614
Step 5/18 : ENV LANG C.UTF-8
---> Using cache
---> e05766662c86
Step 6/18 : COPY install.sh /
---> Using cache
---> 5c08f9ba69db
Step 7/18 : RUN chmod a+x /install.sh
---> Using cache
---> 5bfc7b2a6d31
Step 8/18 : RUN /install.sh $BUILD_ARCH $TAILSCALE_VERSION
---> Running in ad516dc1bbfa
ARGS: aarch64 1.8.5
Downloading tailscale 1.8.5 for aarch64
wget: bad address 'pkgs.tailscale.com'

tar: invalid magic

tar: short read

Removing intermediate container ad516dc1bbfa

Hi

Installed the addon but got an error when I try to start it.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2021/08/17 23:03:04 logtail started
2021/08/17 23:03:04 Program starting: v1.12.3-td91ea7286-ge1bbbd90c, Go 1.16.6-tsedbc3e1: []string{"tailscaled", "-cleanup", "-state", "/data/tailscaled.state", "-socket", "/var/run/tailscale/tailscaled.sock"}
2021/08/17 23:03:04 LogID: 4d6fef48ebeeeed56764d92fe486cbf1678b89c88a8b7f5e31b54155ee25defa
2021/08/17 23:03:04 logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.Read /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
2021/08/17 23:03:04 dns: [rc=unknown ret=dns.directManager]
2021/08/17 23:03:04 dns: using dns.directManager
2021/08/17 23:03:04 flushing log.
2021/08/17 23:03:04 logger closing down
2021/08/17 23:03:05 logtail: upload: log upload of 236 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/98d75921f69805b1a5fbb0f9b9d6d1e72534ff600d40158dc3c355d0ff5e3262": context canceled
tailscaled not started yet, sleeping 5s
2021/08/17 23:03:05 logtail started
2021/08/17 23:03:05 Program starting: v1.12.3-td91ea7286-ge1bbbd90c, Go 1.16.6-tsedbc3e1: []string{"tailscaled", "-state", "/data/tailscaled.state", "-socket", "/var/run/tailscale/tailscaled.sock"}
2021/08/17 23:03:05 LogID: 4d6fef48ebeeeed56764d92fe486cbf1678b89c88a8b7f5e31b54155ee25defa
2021/08/17 23:03:05 logpolicy: using system state directory "/var/lib/tailscale"
2021/08/17 23:03:05 wgengine.NewUserspaceEngine(tun "tailscale0") ...
2021/08/17 23:03:05 wgengine.NewUserspaceEngine(tun "tailscale0") error: could not get iptables version: exit status 1
2021/08/17 23:03:05 wgengine.New: could not get iptables version: exit status 1
2021/08/17 23:03:05 flushing log.
2021/08/17 23:03:05 logger closing down
2021/08/17 23:03:06 logtail: upload: log upload of 341 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/98d75921f69805b1a5fbb0f9b9d6d1e72534ff600d40158dc3c355d0ff5e3262": context canceled
tailscaled not started yet, sleeping 5s
tailscaled not started yet, sleeping 5s
tailscaled never started
[cmd] /run.sh exited 1
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.

Any ide of whats wrong? Or how I should continue?

Hi, after the last update of the addon I'm solving a strange problem. I have two instances of home assistant connected to tailscale.
Both instances report tailscale as online.

If I give the ping command on my laptop, which is also connected to the VPN tailscale, everything is ok.

But if I want to get data from another instance via rest api, it doesn't work. I have been using it like this for many months and everything worked. But now even from the HA terminal the instances can't see each other and don't communicate.

Log from addon here:

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
s6-rc: info: service legacy-services successfully started
2023/03/11 16:14:06 logtail started
2023/03/11 16:14:06 Program starting: v1.36.2-t9450812f7-g622a25149, Go 1.19.4-tsdc0ce6324d: []string{"tailscaled", "-cleanup", "-statedir", "/data", "-state", "/data/tailscaled.state", "-socket", "/var/run/tailscale/tailscaled.sock", "--tun=userspace-networking"}
2023/03/11 16:14:06 LogID: b28eb118eb01b43007dd0d657fea89750756541552f46aabb1801e4eb28e3842
2023/03/11 16:14:06 logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil
2023/03/11 16:14:06 dns: [rc=unknown ret=direct]
2023/03/11 16:14:06 dns: using "direct" mode
2023/03/11 16:14:06 dns: using *dns.directManager
2023/03/11 16:14:06 flushing log.
2023/03/11 16:14:06 logger closing down
tailscaled not started yet, sleeping 5s
2023/03/11 16:14:06 logtail started
2023/03/11 16:14:06 Program starting: v1.36.2-t9450812f7-g622a25149, Go 1.19.4-tsdc0ce6324d: []string{"tailscaled", "-statedir", "/data", "-state", "/data/tailscaled.state", "-socket", "/var/run/tailscale/tailscaled.sock", "--tun=userspace-networking"}
2023/03/11 16:14:06 LogID: b28eb118eb01b43007dd0d657fea89750756541552f46aabb1801e4eb28e3842
2023/03/11 16:14:06 logpolicy: using system state directory "/var/lib/tailscale"
2023/03/11 16:14:06 wgengine.NewUserspaceEngine(tun "userspace-networking") ...
2023/03/11 16:14:06 dns: using dns.noopManager
2023/03/11 16:14:06 link state: interfaces.State{defaultRoute=eno1 ifs={docker0:[172.30.232.1/23] eno1:[192.168.1.10/24] hassio:[172.30.32.1/23]} v4=true v6=false}
2023/03/11 16:14:06 magicsock: disco key = d:04815ae7e297a6db
2023/03/11 16:14:06 Creating WireGuard device...
2023/03/11 16:14:06 Bringing WireGuard device up...
2023/03/11 16:14:06 Bringing router up...
2023/03/11 16:14:06 Clearing router settings...
2023/03/11 16:14:06 Starting link monitor...
2023/03/11 16:14:06 Engine created.
2023/03/11 16:14:06 pm: using backend prefs for "profile-07e0": Prefs{ra=false dns=true want=true routes=[] nf=on host="HA-home" Persist{lm=, o=, n=[gL6x3] u="[email protected]"}}
2023/03/11 16:14:06 got LocalBackend in 20ms
2023/03/11 16:14:06 Start
2023/03/11 16:14:06 Backend: logs: be:b28eb118eb01b43007dd0d657fea89750756541552f46aabb1801e4eb28e3842 fe:
2023/03/11 16:14:06 control: client.Login(false, 0)
2023/03/11 16:14:06 control: doLogin(regen=false, hasUrl=false)
2023/03/11 16:14:06 health("overall"): error: not in map poll
2023/03/11 16:14:06 control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
2023/03/11 16:14:06 control: RegisterReq: onode= node=[gL6x3] fup=false nks=false
2023/03/11 16:14:06 control: creating new noise client
2023/03/11 16:14:06 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
2023/03/11 16:14:06 control: netmap: got new dial plan from control
2023/03/11 16:14:06 active login: [email protected]
2023/03/11 16:14:06 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
2023/03/11 16:14:06 magicsock: SetPrivateKey called (init)
2023/03/11 16:14:06 wgengine: Reconfig: configuring userspace WireGuard config (with 0/6 peers)
2023/03/11 16:14:06 wgengine: Reconfig: configuring router
2023/03/11 16:14:06 wgengine: Reconfig: configuring DNS
2023/03/11 16:14:06 dns: Set: {DefaultResolvers:[] Routes:{} SearchDomains:[] Hosts:7}
2023/03/11 16:14:06 dns: Resolvercfg: {Routes:{} Hosts:7 LocalDomains:[]}
2023/03/11 16:14:06 dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[] Hosts:[]}
2023/03/11 16:14:06 peerapi: serving on http://100.94.XXX:39385
2023/03/11 16:14:06 peerapi: serving on http://[fd7a:115c:a1e0:ab12:4843:cd96:625e:bf41]:39385
2023/03/11 16:14:06 portmapper: UPnP meta changed: {Location:http://192.168.1.1:1900/qyyjn/rootDesc.xml Server:TP-Link/TP-Link UPnP/1.1 MiniUPnPd/1.8 USN:uuid:e4c797e0-82ce-4f84-b56d-085d9d77c8cd::urn:schemas-upnp-org:device:InternetGatewayDevice:1}
2023/03/11 16:14:07 magicsock: home is now derp-4 (fra)
2023/03/11 16:14:07 magicsock: adding connection to derp-4 for home-keep-alive
2023/03/11 16:14:07 magicsock: 1 active derp conns: derp-4=cr0s,wr0s
2023/03/11 16:14:07 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
2023/03/11 16:14:07 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false ipv6os=true udp=true icmpv4=false derp=#4 portmap=active-UM link=""}
2023/03/11 16:14:07 derphttp.Client.Connect: connecting to derp-4 (fra)
2023/03/11 16:14:07 magicsock: endpoints changed: 10.10.22.192:34829 (portmap), 62.201.31.228:34829 (stun), 172.30.32.1:34829 (local), 172.30.232.1:34829 (local), 192.168.1.10:34829 (local)
2023/03/11 16:14:07 control: netmap: got new dial plan from control
2023/03/11 16:14:07 magicsock: derp-4 connected; connGen=1
2023/03/11 16:14:07 health("overall"): ok
2023/03/11 16:14:11 Start
2023/03/11 16:14:11 control: client.Shutdown()
2023/03/11 16:14:11 control: client.Shutdown: inSendStatus=0
2023/03/11 16:14:11 active login: 
2023/03/11 16:14:11 control: mapRoutine: quit
2023/03/11 16:14:11 control: Client.Shutdown done.
2023/03/11 16:14:11 control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false ipv6os=true udp=true icmpv4=false derp=#4 portmap=active-UM link=""}
2023/03/11 16:14:11 Backend: logs: be:b28eb118eb01b43007dd0d657fea89750756541552f46aabb1801e4eb28e3842 fe:
2023/03/11 16:14:11 control: client.Login(false, 0)
2023/03/11 16:14:11 control: doLogin(regen=false, hasUrl=false)
2023/03/11 16:14:11 control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
2023/03/11 16:14:11 control: RegisterReq: onode= node=[gL6x3] fup=false nks=false
2023/03/11 16:14:11 control: creating new noise client
2023/03/11 16:14:11 control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
2023/03/11 16:14:12 control: netmap: got new dial plan from control
2023/03/11 16:14:12 active login: [email protected]
2023/03/11 16:14:12 Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
2023/03/11 16:14:12 Switching ipn state Starting -> Running (WantRunning=true, nm=true)
tailscaled ${TAILSCALED_FLAGS[@]}
2023/03/11 19:29:34 health("overall"): error: not in map poll
2023/03/11 19:29:34 control: netmap: got new dial plan from control
2023/03/11 19:29:34 health("overall"): ok
2023/03/11 21:04:34 wgengine: idle peer [aoeYz] now active, reconfiguring WireGuard
2023/03/11 21:04:34 wgengine: Reconfig: configuring userspace WireGuard config (with 1/6 peers)
2023/03/11 21:04:34 magicsock: disco: node [aoeYz] d:7b5db0acdff97601 now using 192.168.1.150:41641
2023/03/11 21:04:35 Accept: ICMPv4{100.85.XXX:0 > 100.94.XXX:0} 84 icmp ok
2023/03/11 21:04:35 Accept: ICMPv4{100.85.XXX:0 > 100.94.XXX:0} 84 icmp ok
2023/03/11 21:04:36 Accept: ICMPv4{100.85.XXX:0 > 100.94.XXX:0} 84 icmp ok
2023/03/11 21:23:36 wgengine: Reconfig: configuring userspace WireGuard config (with 0/6 peers)

Do you have any idea where the problem might be?

first of all i'm not sure here

i installed the add-on and inserted the auth key and i got it in the admin console

then i ssh in to HA and i try to ping another tailscale pc... nothing happens... not even a timeout

could it be my fault?

userspace networking is enabled (it was default enabled)

Is your feature request related to a problem? Please describe.
My problem was to access the web interface of individual devices on the local network from remote, via the Tailscale addon running on the Home Assistant server. First, I switched from the "official" Tailscale addon to this one because there is a configuration option to announce additional routes. Then I tried all other parameters until I could reach the web interfaces of the other devices on the network.

Describe the solution you'd like
I spent considerable time trying the different options, restarting the addon, sometimes loosing the connection and having to reconnect to the HA server via another VPN route... I would have gain a lot of time if that procedure was documented. I'd like therefore to propose to improve the documentation of this add-on with that use case, especially related to the parameter "userspace networking".

The main point is to document the relation between the configuration parameter "advertise_routes" where the reachable subnets are declared, and the activation of the parameter "userspace_networking" that seems to enable the proper routing of traffic not just to the HA server itself, but also to any other device with another IP address in the scope of the routes announced.

Using "advertise_routes" alone is not enough in this case, as the traffic goes well to the Tailscale container but does not "go out" of it to the external device.

Other points of attention to mention is that "ping" does not seem to traverse the container:

2023/01/31 15:36:48 exec ping of 192.168.x.x failed in 606.399µs: exec: "ping": executable file not found in $PATH

Nevertheless http traffic does traverse the container (did not try with https so far).

2023/01/31 15:38:10 Accept: TCP{100.108.x.x:18125 > 192.168.x.x:80} 52 tcp ok

Last point to mention, trying different options in the addon, I had to enable the "reset" option in several occasion to flush the addon between configurations. Maybe not necessary if one sets up the addon properly from first try...

Hope this will help others!

Describe the bug
I've been trying to upgrade the version for the past few releases and get the same error. I also tried to uninstall the add on and when I try to install it again, I get the same error

The command '/bin/bash -o pipefail -c apt install -y wget iptables iproute2 procps iputils-ping' returned a non-zero code: 100

To Reproduce
Steps to reproduce the behavior:

1. Go to Addon page
2. Click on update
3. See error

• Home Assistant/Supervisor Versions:
• Core
  2024.5.3
  Supervisor
  2024.05.1
  Operating System
  12.3
  Frontend
  20240501.1

General setup
I have 2 distinct networks A and B, which are only connected each other via tailscale machines.

Working setup description
In network A, I am running HA on an RPI 3b+. The main reason for this was so that the HA add-on: “Samba Backup” could connect to an SMB share on a different machine in network B only reachable because that machine advertises a route to the SMB share and your add-on is configured with “accept_routes”

Non-working setup description
On top of that, I tried to add access my printer's interface on HTTP/HTTPS, which is in network A (where the RPI with HA is), by having your add-on advertise the route to the printer. I tried this from network B, and it only works if I enable “userspace_networking” in your add-on.
However, if I enable “userspace_networking” the above working access to the samba share stops working.

I'm just trying my luck here, feel free to close if nobody replies. (I would have rather posted this in discussions rather as a feature request, but discussions seem to be disabled in this repo)

Is your feature request related to a problem? Please describe.
In order to get site-to-site networking to work, Tailscale needs to be started with the --snat-subnet-routes flag.

Describe the solution you'd like
Add a toggle for the snat-subnet-routes flag to the addon’s configuration page.

Describe alternatives you've considered
Have tried the official Tailscale addon and it doesn’t seem to work.

Additional context
None.

I would like to install the add-on on a docker container. I don‘t have „supervisor“. Can I install „supervisor“ or the „add-on“ manually?

cert_domain not working
I can connect via my cert domain via http, but not https. Firefox returns SSL_ERROR_RX_RECORD_TOO_LONG. (I've also tried different browsers, devices, etc). Tried rebuilding, resetting, reauthenticating, changing hostname.

Potentially relevant logs from plugin:

2022/11/04 22:59:48 health("dns-os"): error: getting OS base config is not supported
2022/11/04 22:59:48 health("dns"): error: getting OS base config is not supported

DNS Logs:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] corefile.sh: executing... 
[cont-init.d] corefile.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
[WARNING] plugin/hosts: File does not exist: /config/hosts
.:53
.:5553
CoreDNS-1.8.4
linux/amd64, go1.15.15, 053c4d5-dirty
[INFO] 127.0.0.1:46054 - 22581 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 78 true 2048" NOERROR - 0 0.000212898s
[ERROR] plugin/errors: 2 _acme-challenge.DOMAINNAME.local.hass.io. TXT: plugin/forward: no next plugin found
[INFO] 172.30.32.1:53042 - 22581 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 78 false 1232" SERVFAIL qr,rd 67 0.001777211s
[INFO] 172.30.32.1:42057 - 23366 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 78 false 1232" SERVFAIL qr,aa,rd 67 0.000253725s
[INFO] 127.0.0.1:59134 - 56046 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 89 true 2048" NOERROR - 0 0.000159129s
[ERROR] plugin/errors: 2 _acme-challenge.DOMAINNAME.local.hass.io. TXT: plugin/forward: no next plugin found
[INFO] 172.30.32.1:43343 - 56046 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 89 false 1232" SERVFAIL qr,rd 78 0.001725481s
[INFO] 172.30.32.1:39585 - 65031 "TXT IN _acme-challenge.DOMAINNAME.local.hass.io. udp 89 false 1232" SERVFAIL qr,aa,rd 78 0.000218824s

• Plugin Version: 1.32.2.0
  Home Assistant 2022.11.1 Supervisor 2022.10.2 Operating System 9.3 Frontend 20221102.1 - latest

Describe the bug

Logger: homeassistant.components.hassio
Source: components/hassio/websocket_api.py:130
Integration: Home Assistant Supervisor (documentation, issues)
First occurred: 10:14:36 (1 occurrences)
Last logged: 10:14:36

Failed to to call /store/addons/948e3081_tailscale/update - The command '/bin/bash -o pipefail -c /install.sh $BUILD_ARCH $TAILSCALE_VERSION' returned a non-zero code: 2

Thank you for your help.

Hi

This addon Is erroring as it cant access the package tar

Its looking for armv7 i.e arm package which is present still it doesnt pick .

I am able to reach this address pkgs.tailscale.com

am i missing something ?

Also can u add a print above this statement . To make sure expected link is generated

Tried manually in the docker container to make sure this is accessible

Thanks and Regards
Sharath

Describe the bug
Trying to install on hassio addons i get the following error msg:
The command '/bin/bash -o pipefail -c apt install -y wget iptables iproute2 procps' returned a non-zero code: 100

To Reproduce
Steps to reproduce the behavior:
4. See error

Expected behavior
An install without error msg

Desktop (please complete the following information):

• Plugin Version: [1.32.3
• Home Assistant/Supervisor Versions: 2022.11.4/2022.11.2
  Additional context
  Add any other context about the problem here.

Any plans to add support for the new funnel feature that is in alpha?

Additional context
https://tailscale.com/kb/1223/tailscale-funnel/

Many thanks for this, it's a really useful addon. I'm surprised there's not been more interest. Worked first time for me and I'm a complete beginner. If you are still maintaining it...

There are a few updates now to the latest version of tailscale. I think they are at about 1.6 as of today.
Would it be possible to enable the subnet routes and relay nodes on the hass version?
The tailscale ip needed :8123 before it could find my HA. I didn't see it in the documentation, but may have missed it.
Are HA allowing submissions to the repository yet, there might be more interest if more users could see the addon?

Thanks again... it's working great as it is!

Describe the bug
Update from 1.26.1.0 to 1.26.2.0 fails via HA => Addons update.

To Reproduce
Steps to reproduce the behavior:

1. Go to settings
2. Click on Add-ons
3. Click on Taislcale
4. Click on Update
5. See error below

Expected behavior
A clear and concise description of what you expected to happen.

Desktop (please complete the following information):
Home Assistant Core 2022.6.7
Home Assistant Supervisor 2022.06.2
Home Assistant OS 8.2

Additional context
The command '/bin/bash -o pipefail -c /install.sh $BUILD_ARCH $TAILSCALE_VERSION' returned a non-zero code: 2