Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
view the rest of the comments
No, I'm not using ACLs.
Can your nodes ping each other on the tailscale ips? Check
tailscale status
and make sure the nodes see each other listed there.Try
tailscale ping 1.2.3.4
with the internal IP addresses and see what message it gives you.tailscale debug netmap
is useful to make sure your clients are seeing the routes that headscale pushes.Yes, both clients can tailscale ping each other and after doing so the status shows active; relay "ams".
Using tailcale ping 192.168.178.178 also works for some reason.
Not sure what to do with the output of netmap.
Relay "ams" means you're using tailscales DERP node in amsterdam, this is expected if you don't have direct connectivity through your firewall. Since you opened the ports that's unusual and worth looking into, but I'd worry about that after you get basic connectivity.
So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?
Have you checked your routing tables to make sure the tailscale client added the route properly?
Also have you checked your firewall rules? If you're using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.
Exactly.
How do I do this? I use Headscale and
headscale routes list
shows the following:I'm not using a firewall, but the VPS is hosted on Hetzner, which has a firewall. But I already allowed UDP port 41641 and 41641. The wg0 rule is from the Wireguard setup I want to replace using Tailscale.
Run
ip route show table all
I would expect to see a line like:
Out of curiosity on a remote node do
tcpdump -i tailscale0 -n icmp
and then do a ping from the other side, does tcpdump see the icmp packets come in?There is no
tailscale0
, but also not on my home server which also runs Tailscale and which I can access remotely using my Android. Could my existing Wireguard setup interfere with Tailscale?The tailscale client should have created an interface, but I've never used it on a box also running wg. You don't have a tailscale specific interface in
ip addr show
at all? That's.... odd.Do you have a device at
/dev/net/tun
?I'm not sure the Docker container is even using a
tailscale
interface, because there is none on my VPS or my home server.And how do I see whether I have a device at
/dev/net/tun
?