Unable to access other machines on the Tailscale network about hass-addons HOT 19 CLOSED

Can you try curl your Pihole's Tailscale IP on whatever port the HTTP admin interface is on?

edit: I realise now the dig test depends on some TS DNS stuff that might not be enabled for your tailnet, so bad test 😂

from hass-addons.

Alright, last thing to try I can think of is refresh your addon repositories, Update the Tailscale addon and start it with userspace networking disabled, and the new option "disable_dns" enabled. Run through tailscale netcheck, tailscale ping and dig +short @100.100.100.100 google.com from the the tailscale, tailscale and homeassistant containers respectively again

If we don't see wins after that I'm not sure what else to try sorry. Userspace Networking is the most reliable mode for the add-on, but since it doesn't create a network interface that's visible from the other containers its not possible to route traffic (like the Pihole integration) over the tailscale link. You might have to resort to setting up some sort of reverse-proxy on another vm that forwards traffic to your pihole over tailscale, then hit that from HA.

from hass-addons.

Aaaaaaahhh that's super interesting as a root cause. Glad you got it working!

Also so funny re: the Hostnames, I hazard other parts of our LANs might similarly collide 😅

from hass-addons.

Hey mate - can you try enabling userspace networking in the Tailscale addon and let me know if anything changes? Another option could be to advertise your local ip as a route in Tailscale (192.168.1.X/32) and try connect to that again

from hass-addons.

Thanks for the quick response! userspace_networking is enabled. When it's disabled, I'm no longer able to access HA via it's remote or local IP.

Not sure the second option would apply in this case, but maybe I don't understand. Here is my goal:

• Home Assistant runs on machine A on my local network
• PiHole is running on machine B on a remote VPS

I want Home Assistant to be able to add PiHole via the PiHole integration.

from hass-addons.

Ooooooohhh sorry I understand now, I missed the remote PiHole vs. HA PiHole integration bit

I'm not sure how much help I'll be able to provide as I've not used the addon this way before, and the difficulty arrises from the way that everything is isolated/containerised in HA.

Testing on my install (which is on HassOS) if I disable Userspace Networking in the addon I am able to hit some Tasilscale IPs from the HomeAssistant core container:

Noting that it will break your HA access via tailscale, can you try reproduce the above on your install (disable userspace-networking first) and see if that lets the PiHole integration work? If so then we can fix the HA access again afterward :)

from hass-addons.

Looks like I am failing on the dig command:

from hass-addons.

Looks like those are failing as well. The below IPs are the Tailscale IP and the local IP of machine B which is forwarded to the Tailnet by a subnet router.

From another device on the Tailnet:

from hass-addons.

Can you ip route get 100.117.117.9 from the homeassistant container for me?

from hass-addons.

Maybe another thing to test too would be shelling into the tailscale addon

• docker ps | grep tailscale
• docker exec -it $ID_OF_ADDON_CONTAINER bash

Then running tailscale netcheck to see if there's any connectivity issues to the DERP servers, but also running tailscale ping $pihole_node_name.

What I'm trying to work out is if its a Tailscale connectivity issue, or a linux route table problem...

from hass-addons.

Here's a bit more:

Not sure if it's relevant but I'm running HA on a Proxmox VM (not container).

from hass-addons.

That's very weird. Tailscale is trying to use the MagicDNS ip 100.100.100.100 to lookup the Hostnames for Tailscale DERP relays and failing... that would probably cause it not to be able to dial out to your pihole server

From that Tailscale container, can you 'dig +short @1.1.1.1 google.com' or 'curl 1.1.1.1'?

from hass-addons.

Really appreciate your help with this! I don't think dig is available in the Tailscale container. Curl is though.

from hass-addons.

No worries! So taking stock:

• the tailscale container has internet
• Tries to use the magic DNS 100.100.100.100 IP for DNS lookups
• ...but fails to DNS resolve the DERP relays (or tailscale APIs by the looks of it) once started
• the HomeAssistant container knows to route 100.64.0.0/12 IPs via tailscale

Have you changed anything to do with DNS in the addon? Also, in your Tailscale admin portal, do you have Magic DNS enabled and, if so, have you selected a default Global Nameserver?

This is what my admin portal currently looks like re: DNS

from hass-addons.

I haven't made any DNS changes in the addon. My MagicDNS is configured a bit differently than yours though. I set the PiHole instance as a global nameserver. It's possible I've misconfigured it.

Here's a screencap from mobile. Apologies for the poor attempt to conceal some info:

from hass-addons.

Some additional data points. I renabled userspace networking then:

• Disabled override local DNS
• Set Cloudflare as an additional nameserver

Tested adding the PiHole integration after both changes without success.

from hass-addons.

Looks like we have some success:

From the Tailscale container (public IP concealed):

From the Home Assistant container:

Note: Access to HA is still unavailable with userspace_networking disabled.

from hass-addons.

alright awesome, definitely something to do with MagicDNS breaking tailscaled's ability to dial out to other nodes.

In terms of getting HA access with userspace_networking disabled:

1. If your HA VM has (or can be configured to have) a static IP, advertise this IP as a route (/32 prefix length) in the Tailscale addon, approve it in the portal then you should be able to hit the private IP (not the 100.X ip) from your other VPN clients:

2. Alternatively, and this is kind of dumb but could work, you could run two instances of the tailscale addon, one in userspace networking mode one in tun mode. You could either run this addon twice (fork the repo, add your copy to your HA addon repositories), or use the other Tailscale addon in the community addon repo

from hass-addons.

Pretty sure this was my own fault 🤦‍♂️. I think there was a circular route issue.

I'm running two Tailscale instances on my LAN. One instance for remote access of the 2 LAN subnets (it advertises routes for both subnets), and a second instance for Home Assistant (this addon).

I noticed that if I disabled accept_routes, I could access HA. Then I checked the routes in Tailscale admin and saw the issue.

Anyway, I think it's safe to close this now. I was able to add the remote PiHole instance via the integration. For those who may come across this issue in the future, here is the add-on config I landed on:

I returned the MagicDNS settings to their original configuration. Thank you for your help!!

Final note: hale is the hostname for my HA instance also. Good choice!

from hass-addons.