Tailscale running on controller

Hi,

has anyone had any success installing Tailscale-client on the controller?
I’ve tried the dockerized “tailscaled” withouth any luck - and for now ended up with ZeroTier.
I’ve also tried the “standard” curl-installation command but that doesn’t recognize the Linux distro (CC100)

1 Like

Hi, I’ve successfully used it on a PFC.

Here is the command I used for installation :

docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW tailscale/tailscale

After you check the status and get the URL to connect it to your tailscale account :

docker exec tailscaled tailscale --socket /tmp/tailscaled.sock status

It should connect, you can use this same command to check if it’s connected or you will see it in your dashboard.

To update the client (optional):

docker exec tailscaled tailscale update --yes

And to me the best feature is the Site-to-Site. If you want to share the network behing your controller, just add a route like this (this is the installation command except that a route is added :

docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_ROUTES=192.168.68.0/24
tailscale/tailscale

You’ll have to acknowledge this on your dashboard.

To install it on an Edge computer :

curl -fsSL https://tailscale.com/install.sh | sh

tailscale up

tailscale --socket /tmp/tailscaled.sock status

And if you need to set up the Site-to-Site :

echo ‘net.ipv4.ip_forward = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo ‘net.ipv6.conf.all.forwarding = 1’ | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
sudo tailscale up --advertise-routes=192.168.68.0/24

1 Like

Thank you very much for the write-up, I believe I was missing the --cap-add parameters.
Yes, the Site-to-site feature is something I use a lot and was planning on using here as well, thank you!

I get the URL for logging in and it’s ducessfully added to my account, but the container keeps restarting and every time I query the status it gives a new token and restarts


2 Likes

It is also possible to create an authentication key in advance to connect the controller directly. In the Tailscale portal, go to Settings/Keys and generate an Auth keys. This configurable key can be used multiple times or not, and its expiration time is configurable.
Add the environment variable TS_AUTHKEY to use it in the Docker command.

-e TS_AUTHKEY=tskey-auth-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Yes, I’ve tried that as well but with the same experience - the container keeps restarting and it doesn’t connect to the tailnet.

Have you look at the logs ?

docker logs #containername#

Yes, and noticed some errors in the log - but didn’t have time to investigate any more at the time.

But when using the docker log command and the original command, I retrieved the auth-URL and sucessfully added the CC100 to my tailnet.
Seems like the status-command somehow resets the login and provide a new URL in the background(?)

docker run -d --name=tailscaled --restart unless-stopped -v /var/lib:/var/lib -v /var/lib/tailscale:/var/lib/tailscale -e TS_STATE_DIR=/var/lib/tailscale -v /dev/net/tun:/dev/net/tun -e TS_USERSPACE=0 --network=host --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_ROUTES=192.168.68.0/24
tailscale/tailscale

I started using tailscale but after a tip from one of our customers I changed to netbird.io
It is more or less the same thing but netbird.io maintains an arm32v6/7 binary which makes it possible to run the client directly on the WAGO controllers.

I am currently running the binary without any issues on cc100, pfc200, edge controller. And of course on the amd64 linux (edge computer etc), mac, windows ++ (I actually run it on a pre-production model of our upcoming pfc300 arm64 controller as well :nerd_face: )

They also got a open source version of the management server if you want/need to host your own and not use their cloud management server. I use the cloud myself.

I have forked one of the install scripts and modified it to detect WAGO controllers running arm32. Feel free to give it a go. The same script also download and update the binary when you run it again later.

2 Likes