Skip to content

Instantly share code, notes, and snippets.

@lg

lg/adding-tailscale-to-edgerouter.md

Last active April 11, 2024 07:44
Show Gist options
  • Save lg/6f80593bd55ca9c9cf886da169a972c3 to your computer and use it in GitHub Desktop.
Save lg/6f80593bd55ca9c9cf886da169a972c3 to your computer and use it in GitHub Desktop.
Download ZIP
Add tailscale to an EdgeRouter and surviving system upgrade
Raw
adding-tailscale-to-edgerouter.md

Adding tailscale to an EdgeRouter (and surviving system upgrades)

I suggest you run sudo bash on all of these so you're the root user.

Installing

  1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your EdgeRouter's processor (ex. ER4 is mips and ERX is mipself)
sudo bash    # if you havent already
curl https://pkgs.tailscale.com/unstable/tailscale_XYZ_mips.tgz | tar xvz -C /tmp
cp /tmp/tailscale_*/* /tmp/tailscale_*/systemd/* /config/
  1. Create the /config/scripts/firstboot.d/tailscale.sh file which gets run once every system upgrade. Reminder that /config survives upgrades. Don't forget to set the execute flag on the script inside firstboot.d
cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscaled.service /lib/systemd/system/tailscaled.service
ln -s /config/tailscaled.defaults /etc/default/tailscaled
ln -s /config/tailscale /usr/bin/tailscale
ln -s /config/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
systemctl enable --now tailscaled
EOF
chmod +x /config/scripts/firstboot.d/tailscale.sh
  1. And run this script now to get things going (or manually run the commands if you'd like), and then run tailscale up to login. Feel free to use other parameters like tailscale up --advertise-routes=10.0.1.0/24
/config/scripts/firstboot.d/tailscale.sh
tailscale up
  1. That's it, you're done! If you found this useful, i'd super appreciate if you could Star up top. Like everyone, I like Internet points too! :)

 

Upgrading to a new version

  1. Download the version you want into a folder like /tmp and then copy the binaries over. Perhaps in future versions there may be more/less files or config changes, so make sure you take a look at what's now.
sudo bash    # if you havent already
curl https://pkgs.tailscale.com/unstable/tailscale_XYZ_mips.tgz | tar xvz -C /tmp
systemctl disable --now tailscaled
cp /tmp/tailscale_*/{tailscale,tailscaled} /config/
systemctl enable --now tailscaled

 

Removing

  1. Stop the service if its still running
sudo bash    # if you havent already
systemctl disable --now tailscaled
  1. Delete all the files tailscale uses
rm /lib/systemd/system/tailscaled.service
rm /etc/default/tailscaled
rm /usr/bin/tailscale
rm /usr/sbin/tailscaled
rm -rf /var/lib/tailscale
  1. Remove your configs and persistent files (this includes your tailscaled.state which has your private key)
rm /config/tailscale*
rm /config/auth/tailscaled.state
rm /config/scripts/firstboot.d/tailscale.sh
@dtel
Copy link

dtel commented Feb 12, 2021

Issues on UDM using v1.4.3. After executing sudo tailscale up --advertise-routes=192.168.1.0/24 --accept-routes i do not get a url to authenticate, but just blocks and prints nothing. I have tries adding tskey, but facing same issue.

Looked at tail scaled logs and getting a batch of errors:

control: authRoutine: backoff: 30573 msec
logtail: dial "log.tailscale.io:443" failed: dial tcp 34.210.105.16:443: connect: network is unreachable (in 1ms)
logtail: upload: log upload of 12664 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/103733847adf5a4cdd580c6773e6985700820d8b5dcb24123d023c3e6f8b684c": dial tcp 34.210.105.16:443: connect: network is unreachable
logtail: backoff: 43662 msec
control: authRoutine: state:authenticating; wantLoggedIn=true
control: direct.TryLogin(token=false, flags=0)
control: doLogin(regen=false, hasUrl=false)
Received error: TryLogin: fetch control key: Get "https://login.tailscale.com/key": dial tcp [2a05:d014:386:203:f8b4:1d5a:f163:e187]:443: connect: network is unreachable
control: authRoutine: backoff: 22231 msec
control: authRoutine: state:authenticating; wantLoggedIn=true
control: direct.TryLogin(token=false, flags=0)
control: doLogin(regen=false, hasUrl=false)
Received error: TryLogin: fetch control key: Get "https://login.tailscale.com/key": dial tcp [2a05:d014:386:203:f8b4:1d5a:f163:e187]:443: connect: network is unreachable
control: authRoutine: backoff: 29072 msec
logtail: dial "log.tailscale.io:443" failed: dial tcp 34.210.105.16:443: connect: network is unreachable (in 17ms)
logtail: upload: log upload of 12664 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/103733847adf5a4cdd580c6773e6985700820d8b5dcb24123d023c3e6f8b684c": dial tcp 34.210.105.16:443: connect: network is unreachable
logtail: backoff: 37215 msec

Please assist.

@sashkavas
Copy link

I had the same issue with v1. 4.3 on USG, routes were not advertised. So, I have reverted back to v1.2.10, which works quite stable for now.

@sashkavas
Copy link

sashkavas commented Feb 16, 2021
edited

Just installed version 1.6.0 on 2 USG and for now all works fine including routes. To update:
ssh to USG/UDM and

  1. sudo su
  2. curl https://pkgs.tailscale.com/stable/tailscale_1.6.0_mips.tgz | tar xvz -C /tmp
  3. cp /tmp/tailscale_1.6*/{tailscale,tailscaled} /config/
  4. reboot

NB. 1.4.4 also worked fine for about 1.5 months without a crush. Quite pleased so far and much better when compared with defualt USG IPSec

@ecard0
Copy link

ecard0 commented Aug 4, 2022

Any reason why you are not using the mips64 version?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment