TailScale died unexpectedly

chudak

Two days ago upgraded to 24.03-RELEASE, and everything seemed to be working fine but today TS is completely dead :(

Error executing command (/usr/local/bin/tailscale status)
# Health check:
#     - not in map poll

unexpected state: NoState

Not sure what this means? Maybe the TS server is down?

yobyot

@chudak

This has suddenly started happening to my tailnet on restart of pfSense. I am almost certain that I've changed nothing.

If I ssh to pfSense and manually tailscale up with the proper parameters, I can sorta, kinda, force it to come up. But a restart of pfSense produces this as well.

I noticed a couple of things;

• I cannot logout of tailscale in the pfSense admin portal.
• The pfsense package in pfSense is very much behind the link accessed from the pfSense console.
• If you delete the machine from the tailscale portal, then force it with an up command, you cannot then use the tailscale portal to add subnets or assign that machine as an exit node.

I'd appreciate any pointers readers might have; this is the only post I've seen that mirrors what I am seeing recently.

chudak

@yobyot

It has something to do with combination of kea-dhcp, ts and Services Watchdog

TS keeps given headaches to me as well.
But if you keep restarting it will recover in time

I know this is not a good solution but so far I didn’t see anything better

yobyot

Thanks, @chudak

For future reference, here's what I did on pfSense CE 2.7.2 to fix Tailscale not coming up after a pfSense reboot.

1. Select logout & cleanup from pfSense Tailscale VPN settings
2. Remove machine from Tailscale admin console
3. Uninstall package from pfSense
4. Watch the very useful but a bit dated YouTube video, esp. for generating an authentication key starting at ~8:00
5. Re-install Tailscale
6. Generate auth key
7. Apply auth key
8. Start Tailscale

I then rebooted pfSense and the router joined the tailnet.

chudak

@yobyot said in TailScale died unexpectedly:

Thanks, @chudak

For future reference, here's what I did on pfSense CE 2.7.2 to fix Tailscale not coming up after a pfSense reboot.

1. Select logout & cleanup from pfSense Tailscale VPN settings
2. Remove machine from Tailscale admin console
3. Uninstall package from pfSense
4. Watch the very useful but a bit dated YouTube video, esp. for generating an authentication key starting at ~8:00
5. Re-install Tailscale
6. Generate auth key
7. Apply auth key
8. Start Tailscale

I then rebooted pfSense and the router joined the tailnet.

Thx
But I’m not sure it’s a permanent fix

See this fyi https://redmine.pfsense.org/issues/14977

yobyot

@chudak

Well, I am also running KEA and resetting Tailscale as above has worked for three restarts for me.

I'm not sure that whatever lead to this issue has anything to do with KEA.