Tailscale not online

IanMcLeish

Hi, I'm running PFSense 2.7.2 on a Protectli 4 port device. Tailscale has run flawlessly for about 18 months, but while looking at a different issue I saw that it was offline in the tailscale web admin page, since yesterday.

I removed the PFSense from the tailscale web page and with some difficulty removed the tailscale packages and rebooted the pfsense.

I reinstalled the package for tailscale and generated a new auth key on the site. Tailscale is still not coming online, I recall the first time i did this it was nearly instantaneous.

I'm getting these errors in the status page on pfsense;

Tailscale Status (/usr/local/bin/tailscale status)
Error executing command (/usr/local/bin/tailscale status)
Logged out.

Tailscale IP (/usr/local/bin/tailscale ip)
Error executing command (/usr/local/bin/tailscale ip)

This is exactly the same error that I had before I removed everything to start again.

Any suggestions anyone?

My previous key was set to not expire, my current key expires in 3 months, but I thought that could be changed in the admin pages on the tailscale website, but only if the machine is recognised there..

I was running the tailscale to allow all local devices access without having it installed on each device. My current usage is free - about 15 devices on the tailnet.

Be appreciative if anyone can suggest where i go from here- as far as i can tell i unchecked every box which might persist data after package removal to do a clean install.

mcury

@IanMcLeish Facing the same problem.
It happens after a few months, even if they key is set to "Do not expire".

Reported this not long ago: 16004

IanMcLeish

@mcury

Can you get your's back online though?

I have uninstalled everything and reinstalled. Deleted the instance in the Tailscale admin page and made a new key. But I am still offline and no further forward.

IanMcLeish

@mcury

Did you have any joy with the --unattended option?

And where would I add that if you did?

Thanks

mcury

@IanMcLeish said in Tailscale not online:

Can you get your's back online though?

I have uninstalled everything and reinstalled. Deleted the instance in the Tailscale admin page and made a new key. But I am still offline and no further forward.

Yeap, you need to delete the device in the tailnet, generate a new key, paste it to pfsense and save.
This alone will make it go online again.

Then, check the tailnet IP your device got and changed the virtual IP for the NAT to match it.
Accept the advertised routes if any, and that is it.

Did you have any joy with the --unattended option?

I didn't do anything yet besides of reporting the problem.

IanMcLeish

@mcury said in Tailscale not online:

@IanMcLeish said in Tailscale not online:

Can you get your's back online though?

I have uninstalled everything and reinstalled. Deleted the instance in the Tailscale admin page and made a new key. But I am still offline and no further forward.

Yeap, you need to delete the device in the tailnet, generate a new key, paste it to pfsense and save.
This alone will make it go online again.

Then, check the tailnet IP your device got and changed the virtual IP for the NAT to match it.
Accept the advertised routes if any, and that is it.

Did you have any joy with the --unattended option?

I didn't do anything yet besides of reporting the problem.

Aargh.

This is not working for me, it isn't going online again!

Ill try removing the packages again and starting over - i would rather not remove the entire pfsense and start again!! I was following Tom Lawrence's Youtube video. it worked for me before.

mcury

@IanMcLeish said in Tailscale not online:

Ill try removing the packages again and starting over - i would rather not remove the entire pfsense and start again!!

Did you generate a new key ?
Go to the tailnet, click add device, choose linux server, set the expiry to 90 days and click generate install script.
Then, you will see a code being generated at the bottom of the page, copy from the tskey onwards and paste in pfsense tailscale authentication tab.
After that, just follow the instructions in my last post.

IanMcLeish

@mcury

I was generating a key in the tailscail admin domain. I did try your method as well, but still no luck.
Thanks for your help.

I wonder what went wrong on Feb 3 to cause this?

I tried restoring an older backup as well from before Feb 3 and that too made not a jot of a difference.

I think I will give up.

Personally, I know a router can be complicated, as networks and firewall are complicated, but tailscale is so simple on most every product, except this one.

mcury

@IanMcLeish said in Tailscale not online:

I think I will give up.

Weird, those exactly steps worked for me yesterday..

IanMcLeish

@mcury
I got it!

I had to go to the command prompt and run the command tailscale up which then gave me a link to the tailscale web admin page to authenticate. I kinda thought that the whole point of the key was to avoid that, but it is back up and running anyway.

Thanks for your help - was nice at least to know i wasn't doing anything stupid, but maybe missing that last part was me doing something stupid!?

mcury

@IanMcLeish said in Tailscale not online:

I got it!

great

totalimpact

This still seems to be an issue, and makes the Tailscale client unreliable. I have 4 nodes down now with expiry disabled, after some unknown time, and then a router reboot they can no longer authenticate.

Error executing command (/usr/local/bin/tailscale status)
# Health check:
#     - not logged in, last login error=invalid key: API key does not exist

unexpected state: NoState

From the CLI I can run tailscale login, and it re-authenticates the same node, I can tailscale down + up and it connects fine, status on the webpage looks good, but if I reboot or restart the Tailscale service in the webpage it can no longer connect again with the same error needing to login again. The only way to make it work reliably is to clear the config, delete the node and reconnect as a new node.

Pfsense 2.7.2, Tailscale package 0.1.4

elvisimprsntr

@totalimpact

Tailscale 1.54.0 is 2+ years out of date. Tailscale has made quite a number of changes since Tailscale 1.54.0, likely rendering it incompatible with their servers.

I would consider manually updating the Tailscale FreeBSD package.

FreshPorts does not maintain an archive of all the releases, only the latest compiled by the volunteer maintainers.

The key to manually upgrading is knowing which FreeBSD version your pfSense release is running, i.e. 14 or 15.

You can following along here.

ryan.goodfellow

Upgraded 25.07 and Tailscale is broken in the way users here describe. I can manually log in using sudo /usr/local/bin/tailscale login, but the tailscale service in pfSense does not pick this up and restarting the service clobbers the login state. Given 16004 was logged 7 months ago with zero activity, this is an indication that Netgate devices no longer support Tailscale.