@Wolf666 Thank you, I will try it. Unfortunately, since I had already replaced the contents of /usr/local/etc/rc.d/tailscaled and it had been working so far, I will not be able to tell which of the two solved the problem. And of course, I can't find a copy of the old .../rc.d/tailscaled. Therefore, if none of this works, it will require yet another delete and reinstall of everything Tailscale in my system.

@elvisimprsntr Updated 25.07.1 to 1.90.6_1, copied and pasted from @elvisimprsntr's post: pkg add -f https://pkg.freebsd.org/FreeBSD:15:amd64/latest/All/tailscale-1.90.6_1.pkg (Why it worked this time and not on previous updates: Over the last couple of days, I ran into the "Shared object "libutil.so.10, not found..." error that triggered the version 25.07.1 update issues some of us have been having. After I fixed that error, I decided to go back to the usual update method, and it worked.)

said in "Tailscale is not online" problem: @Vad-B Interesting indeed! I just tried to fill the Pre-authentication Key with file:/dev/null. I get an crash in pfsense after some time, but when I login again is saved. For me this for after service restarts at least this solves it, including the issue with the routes not being advertised even set in the WebUI. Havent done an full restart of pfsense (yet) Also works after an full restart / complete shutdown on pfsense.

@totalimpact in my case I dsid not reboot the router, after I copied the new key tailscale went online.

With Tailscale, I just recommend sticking with the FreeBSD15 version. Yes, it may currently work using the FreeBSD 14 package despite being on 15, but any number of other updates could result in that not being the case anymore. Not to mention the fact that any updates newer than 1.84.2_1 don't really impact functionality for what people would be using Tailscale for with PfSense so updating past that is not an absolute necessity. I run 1.86.4 on my desktop+phone and 1.84.2_1 on my pfsense router. Phone commonly uses the PfSense router as an exit node and there's no difference for PfSense. TL;DR: Better to be safe than sorry and stick with the FreeBSD 15 version even if it's not the latest version of Tailscale.

Any luck getting this fixed? I am running into the exact same issue with my setup. Latest Headscale (0.26.1), PFSense 2.7.2, and Tailscale package 1.84.2 installed on PfSense.

@maxpol @TravisH Did you get this resolved? I have th esame issues or very similiar. The first tailnet client works, then when i add additional ones they sometimes work, but majoritvly they fail. PFSense+ latest f/w. All endpoint showing online in tailscale status within pfsense and also on the tailscale portal. Thanks

Thank you, @elvisimprsntr, I did that and it worked beautifully.

From TS support "I’m Kelly from the Tailscale support team. Thanks for reaching out! This is a common point of confusion- Even with the “Key Expiry: Disabled” option selected in the Tailscale web UI, that only applies to machines authenticated via the web login. You need to generate a Reusable, Ephemeral = false, Pre-Auth Key via the Tailscale admin panel, and use that on the pfsense."

@Gertjan Thanks for the reply! Thats what I was afraid of. We have 100s of pfsense/tailscale nodes that we don't have UI access to. We use Ansible to automatically configure them in a remote fashion, everything was fine until this routes issue. But I will check out the link. Thanks again!