@luckman212 I had a nice chat with Netgate Support Bot, https://www.netgate.com/support. I added some highlights below:
"Netgate Support Bot
This is a known issue reported by multiple users: enabling Tailscale with sysrc tailscaled_enable="YES" does not always auto-start Tailscale after a pfSense reboot. The current workaround is to run the following after each reboot manually:
service tailscaled stop && tailscale logout || true && service tailscaled start && tailscale up"
"Netgate Support Bot
Based on all available Netgate forum reports, there is no conclusive evidence that the failure to auto-start Tailscale after reboot when using sysrc tailscaled_enable="YES" is specifically due to Tailscale’s state being stored in a RAM disk. The root cause is still under investigation by the community. Most users confirm that a manual restart is required post-boot regardless of RAM disk settings."
I will check the RAM Disk settings to learn more, but given others' lack of success, I will not experiment with it at this time. Here's what the Chatbot has to say:
"Netgate Support Bot
Yes, you can disable the RAM disk for /var to test if it helps persist Tailscale's state across reboots. Disabling the RAM disk for /var moves log files, RRD graph data, DHCP leases, and package data storage back to disk instead of volatile memory.
Impacts and considerations:
The firewall will write these files directly to disk, so settings and logs will persist through reboots and power losses.
Packages that write to /var, including Tailscale and packages like pfBlockerNG, Snort, or Squid, will have better persistence.
However, disk write activity will increase, especially for logging, RRD data, and DHCP leases.
Disabling the RAM disk reduces the risk of data loss after an improper shutdown, but you may lose some of the benefits (e.g., lower disk wear) intended for devices with fragile storage (e.g., low-cost flash or SD cards).
Some packages may behave differently on disk vs RAM disk and should be tested after reboot.
To disable the RAM disk: Go to System > Advanced > Miscellaneous > RAM Disk Settings in pfSense. Uncheck 'Use RAM Disks' for /var, then Save and Reboot.
If you use logging or packages that need persistent state (like VPNs, reporting, DHCP), disabling the RAM disk usually increases reliability but may wear storage more.""
"Netgate Support Bot
There is no direct evidence in available Netgate forum discussions that deleting the contents of /usr/local/pkg/tailscale/state resolves Tailscale's reboot persistence issue. Most reports focus on restarting the Tailscale service or re-running the 'tailscale up' command after reboot, rather than deleting state files. Deleting this directory could clear a corrupted state or force a fresh authentication. Still, it may also remove valid connections or authentication data, requiring you to re-authenticate Tailscale after reboot.
This approach might temporarily resolve glitches caused by a stale state. It is still not an established solution for reboot persistence, and you should only try it with the expectation that re-authentication will likely be required afterward. Always back up any config or state you plan to remove, just in case."