I've become a bit enamored with tailscale. All I wanted to do is replace the "teleport" connection I use from my mobile device to my at home network. This led me down a bit of a rabbit hole. I wanted to install on my UDM Pro Max since it seems like the right "device" on my network that should handle it and I noticed that glinet routers have tailscale support built in. Super cool!
For now upvote for native tailscale support on unifi hardware and I'll walk you through how to install. https://community.ui.com/questions/Feature-Request-Support-Tailscale-under-VPN-options/d9ecb8cc-9f25-41bf-b19d-85615c27a857
For me... there are 3 things things I wanted to make sure this tailscale setup would support... mimicking what unifis teleport does for me
My 3 goals:
- access my photo and media server by hitting their IPs directly (192.168.1.116 and 192.168.1.122)
- access my servers via custom dns entries I created on my router (ie. my.media/ and my.photos/
- I can log into my home tv service app and it thinks I'm at home so I can watch my content
Install steps
1. Enable ssh on unifi. Go to "Control Plane" > Console > SSH and enable it
2. SSH into your UDM ssh root@[YOUR UDM IP]
3. Install tailscale via https://github.com/SierraSoftworks/tailscale-udm so use curl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh
4. Run tailscale up. You might hit an error. If so it's because you have to use a workaround for newer unifi network updates
If you hit an error you can do:
vim /etc/apt/sources.list
then identify the line for bullseye-backports and update it to
deb https://archive.debian.org/debian/ bullseye-backports main
then save.
See: https://github.com/SierraSoftworks/tailscale-udm/issues/116 for more info
5. Then to patch DNS not working you must do
touch /run/dnsmasq.dhcp.conf.d/tailscale0.conf
vim /run/dnsmasq.dhcp.conf.d/tailscale0.conf
Add this line to the file
interface=tailscale0
and save
After saving the file, run pkill dnsmasq
If dns still doesn't work, you might have to kill it via
killall dnsmasq
then
pgrep dnsmasq
to confirm it was back up
See: https://github.com/SierraSoftworks/tailscale-udm/issues/122 for more info
6. Done (mostly) with setup
Going back to my 3 things I outlined
1. access my photo and media server by hitting their IPs directly (192.168.1.116 and 192.168.1.122)
Enable subnet routing... and then this works!
2. access my servers via custom dns entries I created on my router (ie. my.media/ and my.photos/
Go to tailscale admin console > DNS > Override global dns then > Insert IP of router. And it works!
3. I can log into my home tv service app and it thinks I'm at home so I can watch my content
Enable exit node on the UDM, then use UDM as an exit node when you need this
Top comments (2)
Coltonidle, I am attempting something similar. We have an exit node running on PFSense that works for Iphones. We installed Tailscale on a UDR7 using your procedure. It looks like it should work and we can ping the Tailscale on the UDR7 from the exit node but we cannot ping the exit node from the UDR7. Can’t load any internet. Seems like some setting on the UDR7 is creating a gateway routing problem. Any insight you might have?
as a quick solution you can try going into your tailscale console, going to dns, and overriding the dns there to be set to cloudflare and see if everything works. if that works, then I'm assuming around step 5 is your problem. i.e. dns.
ive run this setup maybe like 5 times now and there doesn't seem to be any rhyme or reason as to why killing dnsmasq does or doesn't work. sometimes you just gotta try it more than once seemingly.
another issue ive had of no internet is that sometimes the UDM would reboot and i need to ssh back in and perform step 5+ again.
if you want, you can go on the tailscale discord. those folks are really good at debugging as tailscale has a bunch of little debugging cli things built into it =)
but im 99% sure your issue is dns. lol. please do chime back in if you figure it out!