Tailsclae process throwing failure errors

Swiss-army-knife-of-tech

Hi, so I recently set up my pFsense with tailscale and everything works perfectly except I am seeing a constant error message being thrown every minute/second. I even started to notice my pfsense getting hung up and these error are flooded in the logs.

The error messages are:

** tailscaled pid 2024/03/15 13:22:09 dns: resolver: forward: sendTCP: response code indicating server failure: 2*
and
** [RATELIMIT] format("dns: resolver: forward: sendTCP: response code indicating server failure: %d"*

I am not sure what is the cause as I am able to connect to my tailnet and view local devices. Would love some input on this as I am a bit lost here.

Actual copy of the syslogs:

Mar 15 18:31:08 pfSense tailscaled[65607]: 2024/03/15 18:31:08 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d") (36 dropped)
Mar 15 18:31:08 pfSense tailscaled[65607]: 2024/03/15 18:31:08 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:12 pfSense tailscaled[65607]: 2024/03/15 18:31:12 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:12 pfSense tailscaled[65607]: 2024/03/15 18:31:12 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d")
Mar 15 18:31:17 pfSense tailscaled[65607]: 2024/03/15 18:31:17 [RATELIMIT] format("dns: resolver: forward: sendTCP: response code indicating server failure: %d") (7 dropped)
Mar 15 18:31:17 pfSense tailscaled[65607]: 2024/03/15 18:31:17 dns: resolver: forward: sendTCP: response code indicating server failure: 2
Mar 15 18:31:17 pfSense tailscaled[65607]: 2024/03/15 18:31:17 dns: resolver: forward: sendTCP: response code indicating server failure: 2
Mar 15 18:31:17 pfSense tailscaled[65607]: 2024/03/15 18:31:17 [RATELIMIT] format("dns: resolver: forward: sendTCP: response code indicating server failure: %d")
Mar 15 18:31:21 pfSense tailscaled[65607]: 2024/03/15 18:31:21 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d") (6 dropped)
Mar 15 18:31:21 pfSense tailscaled[65607]: 2024/03/15 18:31:21 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:21 pfSense tailscaled[65607]: 2024/03/15 18:31:21 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:21 pfSense tailscaled[65607]: 2024/03/15 18:31:21 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d")
Mar 15 18:31:29 pfSense tailscaled[65607]: 2024/03/15 18:31:29 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d") (5 dropped)
Mar 15 18:31:29 pfSense tailscaled[65607]: 2024/03/15 18:31:29 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:29 pfSense tailscaled[65607]: 2024/03/15 18:31:29 [RATELIMIT] format("dns: resolver: forward: sendTCP: response code indicating server failure: %d") (6 dropped)
Mar 15 18:31:29 pfSense tailscaled[65607]: 2024/03/15 18:31:29 dns: resolver: forward: sendTCP: response code indicating server failure: 2
Mar 15 18:31:32 pfSense tailscaled[65607]: 2024/03/15 18:31:32 dns: resolver: forward: recv: response code indicating server failure: 2
Mar 15 18:31:32 pfSense tailscaled[65607]: 2024/03/15 18:31:32 [RATELIMIT] format("dns: resolver: forward: recv: response code indicating server failure: %d")
Mar 15 18:31:32 pfSense tailscaled[65607]: 2024/03/15 18:31:32 dns: resolver: forward: sendTCP: response code indicating server failure: 2
Mar 15 18:31:32 pfSense tailscaled[65607]: 2024/03/15 18:31:32 dns: resolver: forward: sendTCP: response code indicating server failure: 2
Mar 15 18:31:32 pfSense tailscaled[65607]: 2024/03/15 18:31:32 [RATELIMIT] format("dns: resolver: forward: sendTCP: response code indicating server failure: %d")

NightlyShark

@Swiss-army-knife-of-tech Your tailscale tries to send packets faster than the physical connection. Try setting up a Limiter.

NightlyShark

@Swiss-army-knife-of-tech That is something I would expect if WiFi was involved...

Swiss-army-knife-of-tech

@NightlyShark Thank you for the reply.

Weird that it may be wifi related as my pfsense is not broadcasting any wireless networks. That is handled by a Unifi ap behind it.
However, as a test when I originally set up tailscale to share the wireless network with the tailnet.

Also in regards to the physical connection:

• I have a 2.5gb connection from the pfsense to the modem.

Not sure where the bottleneck would be. Even right now I am noticing these error when no other devices are connected to the tailnet except the pfsense itself.

NightlyShark

@Swiss-army-knife-of-tech Maybe the autonegotiation for the link speed fluctuates. Try a SFTP cable and ground the ports. (Check for voltage difference with a voltmeter between the port metal part and mains GROUND, in some cases, due to bad grounding, there may be static buildup, discharge with a resistive load, eg a lightbulb. If any voltage persists something might be wrong with the mains ground, so do not connect any grounded cables before consulting an electrician). Far-fetched, but...

NightlyShark

@Swiss-army-knife-of-tech Wait. The rate limit is for the dns resolver. Use wireshark to check the remote side for any stuck-infected-misconfigured devices. (Non-stop UDP packets to PfSense side Tailscale IP port 53)

Swiss-army-knife-of-tech

@NightlyShark said in Tailsclae process throwing failure errors:

Use wireshark to check the remote side for any stuck-infected-misconfigured devices. (Non-sto

Will do

Swiss-army-knife-of-tech

@NightlyShark Just wanted to give you an update. The issue stopped on its own shortly after I posted this.

I did not make any changes and I did not find anything in the logs that would indicate a fix happened.

dbayer

@Swiss-army-knife-of-tech

I had this same issue. I ended up solving it by turning on

"Strict Interface Binding" on the DNS Forwarder service.