For what it’s worth, we may have had the same issue but for different reasons. I checked, and my system has the duplicate two files. Therefore, I asked Grok.ai about “/usr/local/etc/rc.d/pfsense_tailscaled enable
/usr/local/etc/rc.d/tailscaled disable” versus the solution it had provided me yesterday. See the answer below. (Grok.ai used sources that included this Netgate forum, Lawrence Systems Forums – Networking & Firewalls, and https://forum.tailscale.com/.)
The Two Service Files: Quick Breakdown
Before diving into the relation, let’s clarify what those files are (based on standard pfSense Tailscale package behavior on 25.07.x/FreeBSD 15-CURRENT):
• /usr/local/etc/rc.d/tailscaled: This is the generic FreeBSD/Tailscale rc.d script. It originates from the underlying tailscale package (the one you manually installed via' pkg add' for version 1.90.6). It’s a basic daemon starter/stopper that just runs /usr/local/bin/tailscaled without any pfSense-specific smarts (e.g., no auto-auth, no route advertising, no GUI integration).
• /usr/local/etc/rc.d/pfsense_tailscaled: This is the pfSense-specific wrapper script. It’s installed by the official pfSense-pkg-Tailscale package. It wraps the generic tailscaled binary but adds pfSense magic: it reads your GUI config (auth key, advertised routes, exit node flags), writes them to /usr/local/etc/rc.conf.d/pfsense_tailscaled (e.g., pfsense_tailscaled_authkey="yourkey"), and handles the full tailscale up with flags on boot. It’s what makes the service “pfSense-aware.”
In a stock official package install (without your manual binary upgrade), only pfsense_tailscaled exists and runs everything. When you force-installed the newer tailscale pkg on top, it added the generic tailscaled script as a side effect—but your fixed script (the one we pasted into /usr/local/etc/rc.d/tailscaled) overrode it to behave correctly.
