boreal zealot
Hi everyone,
I'm using tailscale to access my server remotely and use magicdns links to access my self-hosted services. However when I type in tailscale status in the cmd of my windows laptop, my server in the same network is relayed via a DERP server. I've changed my router's NAT to Full cone NAT. The only thing that works is if I'm the 5G of my phone the connection become direct.
How can I solve this issue?
sacred portal
So this is when both the laptop and server are on the same network? Have you tried doing a tailscale ping and seeing what happens? What I mean is tailscale ping <machine-name>. Sometimes it'll go though derp for a few pings then find the direct path and upgrade.
boreal zealot
So this is when both the laptop and server are on the same network? Have you tri...
C:\Users\vince>tailscale ping truenas-scale-fr
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 13ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 14ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 15ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 16ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 15ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 65ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 25ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 13ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 18ms
pong from truenas-scale-fr (100.112.207.43) via DERP(par) in 18ms
direct connection not established
Hmm, and where is the laptop and the server when this was ran? Both on the same network or on separate networks?
boreal zealot
Same network, router is Glinet GL-MT3000
in repeater mode also has tailscale installed
sacred portal
In repeater mode?
boreal zealot
Basically the router is a travel router I'm connected to the building's wifi which I don't have access to.
sacred portal
Ah okay, gotcha!
boreal zealot
but my devices like phone server laptop are connected to the same router
sacred portal
Makes sense, so you create your own little network from the buildings wifi. It really is weird then that there's no direct connection
Can you ping the server outside of tailscale?
Like just ping 192.168.x.x? (Or whatever addresses you use)
boreal zealot
Yes I can
Though idk if this is allowed because I have tailscale setup on the server as a subnet router
or if I can ping it because I'm on the same network
sacred portal
Try disconnecting from tailscale on the laptop and then pinging
But it should just work on the same network
boreal zealot
Weird when I disconnected from tailscale I can't ping locally
C:\Users\vince>ping 192.168.8.163
Pinging 192.168.8.163 with 32 bytes of data:
Reply from 192.168.8.110: Destination host unreachable.
Reply from 192.168.8.110: Destination host unreachable.
Reply from 192.168.8.110: Destination host unreachable.
Reply from 192.168.8.110: Destination host unreachable.
Ping statistics for 192.168.8.163:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
sacred portal
Is 192.168.8.110 you address, on the laptop?
boreal zealot
boreal zealot
Is `192.168.8.110` you address, on the laptop?
yep
sacred portal
Gotcha, it's odd that it's no working
I can see two issues, some configuration on the router itself blocking the traffic, or some firewall issue on the truenas box
boreal zealot
yeah I'm kind of confused
sacred portal
I haven't used truenas myself, so not sure on how much firewall configuration you can do. But it also feels odd that the default wouldn't be to allow ping
boreal zealot
Probably something to do with my config on my router I did some stuff to it in the past might have messed it up a bit
sacred portal
Yea if you've done anything firewall-esque on the router definitely look at that
When you can ping I imagine tailscale will also start working "magically"
scenic ibex
You're not getting direct connections to tailscale running in docker?
Docker runs it's own NAT, so if the port isn't forwarded via dockers config:
- "41641:41641/udp"```
Or it isn't using host networking mode:
```tailscale:
image: tailscale/tailscale
network_mode: host```
Then it won't be able to establish a direct connection.Ooh, didn't even consider that it would/could be in docker when running in truenas, that's why you guys are the experts 😄
scenic ibex
I'm only doing a skim/driveby but the image has (Docker)
sacred portal
Ah, indeed it does, completely missed that
scenic ibex
So if "outside" the docker nat, the windows laptop I think here from my quick read, can't talk directly to the container then it will have to go via DERP as the docker container can outbound to that mutual connection point.
This is why Tailscale is magic... though it doesn't do the troubleshooting for you yet 😂
sacred portal
Soon™? 😂
scenic ibex
So yeah Vince... try opening the NAT in the docker config via host networking or via port forwarding.
If you have more than one tailscale container you can set different ports via
environment:
- TS_PORT=41641
then do the ports stanza to match appropriately.
boreal zealot
You're not getting direct connections to tailscale running in docker?
Docker ru...
The tailscale container is using Host Network
I'll reset my router and report back
boreal zealot
Fixed the issue was a setting on my router I enabled, I think it was called AP isolation when I was trying to create clans now I get direct connections on the same network