Make Tailscale use Exit Node

Razzaq · January 26, 2023, 3:33pm

I am trying to make all my umbrel traffic use a vps as an exit node via tailscale.
Although I have a lot of trouble commanding tailscale to use the VPS as an exit node via the SSH terminal commands. Even when using the docker commands.
Does anyone have any experience here?

Cagliostro · January 31, 2023, 2:31pm

I had the same issue few weeks ago. The Tailscale docker app never routed my traffic when used as an exit node. I removed the Tailscale dock and manually installed the app from the command line.

Then I started it using the command sudo tailscale up --advertise-exit-node

I can then route the traffic from another node using sudo tailscale up --exit-node=umbrel_node_name

Razzaq · February 7, 2023, 9:03pm

Yeah I did the same thing . SSH into umbrel and then install tailscale outside of the docker. I then rerouted all umbrel traffic to exit node my a vps. Seems to work well . But wonder if there are any issues with doing this i am not aware of.

Cagliostro · February 7, 2023, 9:37pm

I think the Tailscale docker is just missing the –advertise-exit-node argument which then prevents the routing feature.
I would have spent a bit more time trying to figure out how to add this argument within the Umbrel Tailscale docker but then on every update there is the risk of losing any manual workaround…

Don’t think there are any issues doing this, we’re just removing this “docker layer”. Also the tailscale version we manually installed has a newer version than the Umbrel version.

Only drawback is if you want to keep Tailscale updated you have to run an apt-get update & apt-get install from the shell instead of the nicely check for update button

johnpc · October 27, 2023, 4:56pm

I created Allow setting exit node in Tailscale · Issue #816 · getumbrel/umbrel-apps · GitHub to track this, but in hindsight I think you guys are right, it’s a limitation of the tail scale docker image.

The docker image documents a TS_EXTRA_ARGS environment variable which passes extra args to tailscale set (see Tailscale Docker image · Tailscale Docs)

tailscale set allows the --exit-node <ip|name> flag (see Tailscale CLI · Tailscale Docs)

Therefore we should be able to update the docker-compose.yml to use that environment variable like so:


services:
  web:
    network_mode: "host" # TODO: We can remove this later with some iptables magic
    image: tailscale/tailscale:v1.48.1@sha256:51c756718c30b15d1d3d228b1f4425cba646ec15da5d188a0d55c32b8ea4f378
    restart: on-failure
    stop_grace_period: 1m
    command: "sh -c 'tailscale web --listen 0.0.0.0:8240 & exec tailscaled --tun=userspace-networking'"
    volumes:
      - ${APP_DATA_DIR}/data:/var/lib
    environment:
      TS_EXTRA_ARGS: "--exit-node <ip|name>"

smolgrrr · October 28, 2023, 12:59am

this is great! thanks for sharing