@manupfdude Interesting. Thanks for the detailed answer. Im also facing the same issue unfortunately where I need to auth again after an reboot. Are you with this approach having issues with the advertised routes not working ? I have to manually do (I havent tried your approach yet to see if this fixes the issue). tailscale set --advertise-routes=192.168.1/24,192.168.2.0/24 after I login. Even though they are set in the UI

@totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

Updated CE 2.7.2 to 1.86.4 Changelog pkg add -f https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/tailscale-1.86.4.pkg Freshports

With Tailscale, I just recommend sticking with the FreeBSD15 version. Yes, it may currently work using the FreeBSD 14 package despite being on 15, but any number of other updates could result in that not being the case anymore. Not to mention the fact that any updates newer than 1.84.2_1 don't really impact functionality for what people would be using Tailscale for with PfSense so updating past that is not an absolute necessity. I run 1.86.4 on my desktop+phone and 1.84.2_1 on my pfsense router. Phone commonly uses the PfSense router as an exit node and there's no difference for PfSense. TL;DR: Better to be safe than sorry and stick with the FreeBSD 15 version even if it's not the latest version of Tailscale.

Any luck getting this fixed? I am running into the exact same issue with my setup. Latest Headscale (0.26.1), PFSense 2.7.2, and Tailscale package 1.84.2 installed on PfSense.

@maxpol @TravisH Did you get this resolved? I have th esame issues or very similiar. The first tailnet client works, then when i add additional ones they sometimes work, but majoritvly they fail. PFSense+ latest f/w. All endpoint showing online in tailscale status within pfsense and also on the tailscale portal. Thanks

Thank you, @elvisimprsntr, I did that and it worked beautifully.

From TS support "I’m Kelly from the Tailscale support team. Thanks for reaching out! This is a common point of confusion- Even with the “Key Expiry: Disabled” option selected in the Tailscale web UI, that only applies to machines authenticated via the web login. You need to generate a Reusable, Ephemeral = false, Pre-Auth Key via the Tailscale admin panel, and use that on the pfsense."

@Gertjan Thanks for the reply! Thats what I was afraid of. We have 100s of pfsense/tailscale nodes that we don't have UI access to. We use Ansible to automatically configure them in a remote fashion, everything was fine until this routes issue. But I will check out the link. Thanks again!

@DavcoreTech Looks like you may be running an older version of pfSense and/or Tailscale. You might want to upgrade to latest version (1.78.1) on all clients, which may resolve some of the connection issues. Although, Netgate has not updated the Tailscale package in some time, you can manually update How to update to the latest Tailscale version? You may also want to upgrade Windows 8.1, which MS officially stopped supporting on January 10, 2023