Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale needs to fully reauthenticate if pfSense has been shut down for multiple days - Why ?

    Scheduled Pinned Locked Moved
    Tailscale
    1
    1
    484
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mfld LAYER 8
      last edited by mfld

      I think I have some misunderstanding about authentication / how pfSense logs into a Tailnet.

      I have 2 pfSense instances logged into a tailnet.

      Both were initially authed with an auth-key that has since expired.

      But the nodes are configured to never expire and not be ephermal:

      ephermal: false
      last seen: 2023-09-07 03:51:28
      expires: 0001-01-01 00:00:00 (i.e. never)
      status: offline

      If I reboot pfSense all is well. They come up and stay up.

      If I shut down pfSense and boot back up same day, no worries.

      If I shut down pfSense and place it in my sockdrawer of pfSense boxes (don't ask!) and power it up a few days / weeks later, it is logged out and won't log back in without a fresh auth-key even though the control server (headscale) has that client marked as never expiring.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post