I need to restart tailscale service after pfsense reboot
-
For some odd reason, even though the service seems UP, and routes (apparently from tailscale) looks fine, the service itself is not working.
E.g. I cannot connect to other hosts on my tailscale network. From pfsense itself it works, but not from my e.g. my LAN.
As soon as I restart the tailscale service in the UI it works immediately after.
-
@lbm_ I have the same problem: pfSense v25.07.1 on FreeBSD 15-Current, Netgate 6100. Could you let me know if you found a solution? I haven't. I have been updating Tailscales from Freshports while keeping the Tailscale Package installed. I have recently read that this can cause problems with routes, interfaces, firewall rules, and others. I am leaning towards deleting the Tailscale package.
-
This post is deleted! -
This post is deleted! -
Discussion and solution: link text
-
For me I might have fixed (without kinda complicated solution which I could find).
Since it worked when I did an restart in the UI, and that the tailscale service in pfsense was actually running, I came to the conclusion, that maybe some other tailscale service was started at boot, so I tried below.
I tried to reboot it after, and tailscale came up just fine. I haven't tested it further though. LIke power it down completely, or do multiple reboots.
/usr/local/etc/rc.d/pfsense_tailscaled enable /usr/local/etc/rc.d/tailscaled disable -
@lbm_ I found a solution yesterday but yours is simpler and makes sense; While troubleshooting I had dicovered that with the Package and Freshports-update both installed, pfSense was running two services that were clashing on reboot. I can post my solution if anyone’s interested, but the simplest solution is always best.
Netgate 6100, pfSense+ 25.07.1 FreeBSD15, Tailscale Package + Tailscale updated to 1.90.6_1.
-
For what it’s worth, we may have had the same issue but for different reasons. I checked, and my system has the duplicate two files. Therefore, I asked Grok.ai about “/usr/local/etc/rc.d/pfsense_tailscaled enable
/usr/local/etc/rc.d/tailscaled disable” versus the solution it had provided me yesterday. See the answer below. (Grok.ai used sources that included this Netgate forum, Lawrence Systems Forums – Networking & Firewalls, and https://forum.tailscale.com/.)The Two Service Files: Quick Breakdown
Before diving into the relation, let’s clarify what those files are (based on standard pfSense Tailscale package behavior on 25.07.x/FreeBSD 15-CURRENT):
• /usr/local/etc/rc.d/tailscaled: This is the generic FreeBSD/Tailscale rc.d script. It originates from the underlying tailscale package (the one you manually installed via' pkg add' for version 1.90.6). It’s a basic daemon starter/stopper that just runs /usr/local/bin/tailscaled without any pfSense-specific smarts (e.g., no auto-auth, no route advertising, no GUI integration).
• /usr/local/etc/rc.d/pfsense_tailscaled: This is the pfSense-specific wrapper script. It’s installed by the official pfSense-pkg-Tailscale package. It wraps the generic tailscaled binary but adds pfSense magic: it reads your GUI config (auth key, advertised routes, exit node flags), writes them to /usr/local/etc/rc.conf.d/pfsense_tailscaled (e.g., pfsense_tailscaled_authkey="yourkey"), and handles the full tailscale up with flags on boot. It’s what makes the service “pfSense-aware.”
In a stock official package install (without your manual binary upgrade), only pfsense_tailscaled exists and runs everything. When you force-installed the newer tailscale pkg on top, it added the generic tailscaled script as a side effect—but your fixed script (the one we pasted into /usr/local/etc/rc.d/tailscaled) overrode it to behave correctly.