Hi,
has anyone had any success installing Tailscale-client on the controller?
I’ve tried the dockerized “tailscaled” withouth any luck - and for now ended up with ZeroTier.
I’ve also tried the “standard” curl-installation command but that doesn’t recognize the Linux distro (CC100)
Hi, I’ve successfully used it on a PFC.
Here is the command I used for installation :
docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW tailscale/tailscale
After you check the status and get the URL to connect it to your tailscale account :
docker exec tailscaled tailscale --socket /tmp/tailscaled.sock status
It should connect, you can use this same command to check if it’s connected or you will see it in your dashboard.
To update the client (optional):
docker exec tailscaled tailscale update --yes
And to me the best feature is the Site-to-Site. If you want to share the network behing your controller, just add a route like this (this is the installation command except that a route is added :
docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_ROUTES=192.168.68.0/24
tailscale/tailscale
You’ll have to acknowledge this on your dashboard.
To install it on an Edge computer :
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
tailscale --socket /tmp/tailscaled.sock status
And if you need to set up the Site-to-Site :
echo ‘net.ipv4.ip_forward = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo ‘net.ipv6.conf.all.forwarding = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
sudo tailscale up --advertise-routes=192.168.68.0/24
Thank you very much for the write-up, I believe I was missing the --cap-add parameters.
Yes, the Site-to-site feature is something I use a lot and was planning on using here as well, thank you!
I get the URL for logging in and it’s ducessfully added to my account, but the container keeps restarting and every time I query the status it gives a new token and restarts
It is also possible to create an authentication key in advance to connect the controller directly. In the Tailscale portal, go to Settings/Keys and generate an Auth keys. This configurable key can be used multiple times or not, and its expiration time is configurable.
Add the environment variable TS_AUTHKEY to use it in the Docker command.
-e TS_AUTHKEY=tskey-auth-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Yes, I’ve tried that as well but with the same experience - the container keeps restarting and it doesn’t connect to the tailnet.
Have you look at the logs ?
docker logs #containername#
Yes, and noticed some errors in the log - but didn’t have time to investigate any more at the time.
But when using the docker log command and the original command, I retrieved the auth-URL and sucessfully added the CC100 to my tailnet.
Seems like the status-command somehow resets the login and provide a new URL in the background(?)
docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_ROUTES=192.168.68.0/24
tailscale/tailscale
I started using tailscale but after a tip from one of our customers I changed to netbird.io
It is more or less the same thing but netbird.io maintains an arm32v6/7 binary which makes it possible to run the client directly on the WAGO controllers.
I am currently running the binary without any issues on cc100, pfc200, edge controller. And of course on the amd64 linux (edge computer etc), mac, windows ++ (I actually run it on a pre-production model of our upcoming pfc300 arm64 controller as well 
)
They also got a open source version of the management server if you want/need to host your own and not use their cloud management server. I use the cloud myself.
I have forked one of the install scripts and modified it to detect WAGO controllers running arm32. Feel free to give it a go. The same script also download and update the binary when you run it again later.
Hello,
I tried on a pfc8212 with a ssh command : curl -fsSL https://tailscale.com/install.sh | sh
and with your example without succes.
With ssh command curl , it seems that the linux of the plc is unable to reach internet network.
But the gateway IP adress (modem router) is well declared in the Networking / tcp ip configuration window.
Soo in your opinion , what setting in wbm is missing to connect to internet to dowload files from tailscale.com ?
you need to setup gateway, DNS and time
Well, there is 2 minutes different between official time and wago ntp server .
But when i want to synchronise them , an error occur
that is because there is no Internet access, make sure you got valid gateway address.
You can connect using PuTTY to the controller and check:
traceroute 8.8.8.8
This should give you overview where the connection is broken
I’ve got a raspberry pi with grafana that is using the same modem router than the pfc200, on the same network as the PFC200.
the traceroute is OK with the raspberry pi, as you can see below
But with the PFC, traceroute is stuck :
The wbm config seems to be OK
Where do you think my mistake is ?
You have a typo in your Default Gateway setting. Your first octet is set at 190 instead of 192.
thank you very much Adam
it works
Sometimes it’s a very small error that makes you look to unescesary complicated problem
Hello
on FW28, it seems that only openVPN is available , has you can see below
When getting the 2 machines on tailscale dashboard , how do you commision the VPN settings of the PFC in WBM ?
here are the 2 connections available with taiscale.
But What parameters need to be install on WBM ?
How to do it cause there is no certificates with tailscale , and no number port can be indicated?
No need to do anything in WBM, no certs needed, Tailscale run as a docker container besides codesys/wbm
If you are struggeling with the PFC going offline in tailscale, you probably need to specify the TS_STATE_DIR in your docker run command, try
docker logs tailscaled to check if it logs/signs out
If you need to access the PFC network, you need to advertise the subnet/route - also done with the docker run command
Hello Bjornidar,
Thanks for your reply.
Using Docker as you suggest is for computer programmers. ( as you are probably one )
I’m a PLC programmer as many on this website, and using docker with settings is often complicated for us.
We understand several linux commands , when we need , but not all.
Comissionning ethernet communications , routing etc on wbm is only 1 or 2% of our work.
Soo, we often need a tutorial to be taken by the hand to perform a such commissionning.
I found for example a wago tutorial to use grafana influxdb with nodered, but I needed the help of a unix engeneer, to setup, because it’s not 100% equal configuration etc..
What I only want is to perform a remote connexion with codesys project.
For example i found a tutorial on youtube about openvpn with codesys remote connexion:
link https://www.youtube.com/watch?v=EfyUHA0Hx5A
The openvpnconf file is downloaded andrecognised on the pfc 8212 , as you can see below
but the video tutorial is so fast to describe the PC connection that i’m unable to use it. (video segment 3.09/4.07).
Soo, I’m still looking help on this website for help, as recent vpnconnections routing etc, is out of the scope of WagoFrenchsupport.
As tailscale or openvpn connection, it doesn’t missing not a lot to perform, but it is not complete.
