Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    "Tailscale is not online" problem

    Scheduled Pinned Locked Moved Tailscale
    43 Posts 9 Posters 11.9k Views 11 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      manupfdude
      last edited by manupfdude

      Hi all,

      I wanted to share that I’m also experiencing issues with Tailscale (v1.86.4) on the latest pfSense CE (v2.8.0).
      After either a pfSense reboot or a Tailscale service restart, my node is logged out of Tailscale — exactly as many of you have described here.

      It bothered me enough that I opened a support ticket with the Tailscale team. I explained the problem, included details, and linked this thread as a reference. The good news is that support responded quickly and said they’re setting up a pfSense VM to reproduce the issue.

      In the meantime, they suggested a workaround:

      “Based on the behavior described here and in the thread, it looks like the auth key used for authentication may be expiring. Since OAuth clients don’t expire, switching to an OAuth Client rather than an Auth Key might resolve this.
      See our docs here:
      https://tailscale.com/kb/1215/oauth-clients#registering-new-nodes-using-oauth-credentials

      I tested this, and after configuring Tailscale with OAuth, everything worked!
      Tailscale now stays connected and authenticated even after a reboot or service restart.

      That said, I did tell support that while OAuth solves the issue, it used to work out of the box with the simpler interactive login / auth key flow. Something seems to have changed on the Tailscale side, and I hope they identify and fix it. But until then, the OAuth workaround is a solid fix.

      I’d love to hear how it’s working for the rest of you.
      Anyone else try OAuth yet?

      Cheers

      Y 1 Reply Last reply Reply Quote 0
      • Y Offline
        yobyot @manupfdude
        last edited by

        @manupfdude This is a very inventive approach!

        I'd like to try it but have a couple of questions about pfSense implementation.

        Where did you enter the key and secret? And what scopes did you grant the Tailscale OAuth client?

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          manupfdude @yobyot
          last edited by manupfdude

          @yobyot
          I've SSHed into pfsense
          and for the sake of testing I've simply run the command:

          tailscale up --auth-key=tskey-client-kQ_THE_REST_IS_A_SECRET\?preauthorized=true\&ephemeral=false --accept-dns=false --accept-routes --advertise-exit-node --advertise-routes=X.X.X.X/24 --advertise-tags=tag:pfsense

          Note the preauthorized=true and ephemeral=false
          I gave this key all permissions (temporarly as I just wanted to verify it's working)
          of course I had to register the tag used also in the ACL tags pane:
          https://login.tailscale.com/admin/acls/visual/tags

          so far so good

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.