DEV Community

ColtonIdle
ColtonIdle

Posted on

How to install tailscale on your Unifi router (UDM)

#networking #security #tutorial #tooling

I've become a bit enamored with tailscale. All I wanted to do is replace the "teleport" connection I use from my mobile device to my at home network. This led me down a bit of a rabbit hole. I wanted to install on my UDM Pro Max since it seems like the right "device" on my network that should handle it and I noticed that glinet routers have tailscale support built in. Super cool!

For now upvote for native tailscale support on unifi hardware and I'll walk you through how to install. https://community.ui.com/questions/Feature-Request-Support-Tailscale-under-VPN-options/d9ecb8cc-9f25-41bf-b19d-85615c27a857

For me... there are 3 things things I wanted to make sure this tailscale setup would support... mimicking what unifis teleport does for me

My 3 goals:

  1. access my photo and media server by hitting their IPs directly (192.168.1.116 and 192.168.1.122)
  2. access my servers via custom dns entries I created on my router (ie. my.media/ and my.photos/
  3. I can log into my home tv service app and it thinks I'm at home so I can watch my content

Install steps

  1. Enable ssh on unifi. Go to "Control Plane" > Console > SSH and enable it

  2. SSH into your UDM

  3. Install tailscale via https://github.com/SierraSoftworks/tailscale-udm so use curl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh

  4. Run tailscale up. You might hit an error. If so it's because you have to use a workaround for newer unifi network updates

i.e.
Edit /etc/apt/source.list and change the bullseye-backports entry from deb.debian.org to archive.debian.org:

deb https://archive.debian.org/debian/ bullseye-backports main
Enter fullscreen mode Exit fullscreen mode

See: https://github.com/SierraSoftworks/tailscale-udm/issues/116 for more info

(5.) Then to patch DNS not working you must do

Solved it by adding a new file tailscale0.conf in the /run/dnsmasq.dhcp.conf.d with just one line inside:

interface=tailscale0
Enter fullscreen mode Exit fullscreen mode

After saving the file, run pkill dnsmasq

See: https://github.com/SierraSoftworks/tailscale-udm/issues/122 for more info

(6.) Done (mostly) with setup

Going back to my 3 things I outlined

1. access my photo and media server by hitting their IPs directly (192.168.1.116 and 192.168.1.122)

Enable subnet routing... and then this works!

2. access my servers via custom dns entries I created on my router (ie. my.media/ and my.photos/

Go to tailscale admin console > DNS > Override global dns then > Insert IP of router. And it works!

3. I can log into my home tv service app and it thinks I'm at home so I can watch my content

Enable exit node on the UDM, then use UDM as an exit node when you need this

Ask Unifi to support tailscale as a first class citizen!

https://community.ui.com/questions/Feature-Request-Support-Tailscale-under-VPN-options/d9ecb8cc-9f25-41bf-b19d-85615c27a857

Top comments (0)