I am trying to make all my umbrel traffic use a vps as an exit node via tailscale.
Although I have a lot of trouble commanding tailscale to use the VPS as an exit node via the SSH terminal commands. Even when using the docker commands.
Does anyone have any experience here?
I had the same issue few weeks ago. The Tailscale docker app never routed my traffic when used as an exit node. I removed the Tailscale dock and manually installed the app from the command line.
Then I started it using the command sudo tailscale up --advertise-exit-node
I can then route the traffic from another node using sudo tailscale up --exit-node=umbrel_node_name
Yeah I did the same thing . SSH into umbrel and then install tailscale outside of the docker. I then rerouted all umbrel traffic to exit node my a vps. Seems to work well . But wonder if there are any issues with doing this i am not aware of.
I think the Tailscale docker is just missing the –advertise-exit-node argument which then prevents the routing feature.
I would have spent a bit more time trying to figure out how to add this argument within the Umbrel Tailscale docker but then on every update there is the risk of losing any manual workaround…
Don’t think there are any issues doing this, we’re just removing this “docker layer”. Also the tailscale version we manually installed has a newer version than the Umbrel version.
Only drawback is if you want to keep Tailscale updated you have to run an apt-get update & apt-get install from the shell instead of the nicely check for update button
I created Allow setting exit node in Tailscale · Issue #816 · getumbrel/umbrel-apps · GitHub to track this, but in hindsight I think you guys are right, it’s a limitation of the tail scale docker image.
The docker image documents a TS_EXTRA_ARGS
environment variable which passes extra args to tailscale set
(see Tailscale Docker image · Tailscale Docs)
tailscale set
allows the --exit-node <ip|name>
flag (see Tailscale CLI · Tailscale Docs)
Therefore we should be able to update the docker-compose.yml
to use that environment variable like so:
services:
web:
network_mode: "host" # TODO: We can remove this later with some iptables magic
image: tailscale/tailscale:v1.48.1@sha256:51c756718c30b15d1d3d228b1f4425cba646ec15da5d188a0d55c32b8ea4f378
restart: on-failure
stop_grace_period: 1m
command: "sh -c 'tailscale web --listen 0.0.0.0:8240 & exec tailscaled --tun=userspace-networking'"
volumes:
- ${APP_DATA_DIR}/data:/var/lib
environment:
TS_EXTRA_ARGS: "--exit-node <ip|name>"
this is great! thanks for sharing
where is the docker-compose.yml
to add these lines? Could the app GUI be fixed instead to avoid losing changes on the umbrel home update/upgrade?
It is probably best to use these steps here now and I believe this would persist between updates:
- Open a terminal window on your computer. On macOS, you can open the Terminal app that’s installed by default on every Mac. On Windows, you can open Command Prompt or the PowerShell app.
- Type in the following command
ssh -t umbrel@umbrel.local
and press the Enter key - Run
sudo docker exec -it tailscale_web_1 /bin/sh
- Then run
tailscale up --advertise-exit-node --accept-routes
Note, you will then need to approve it from the admin console login.tailscale.com/admin/machines
now I can use it as exit node but it was just missing a flag and returned an error.
here’s the fixed command
tailscale up --accept-routes --advertise-exit-node --ssh
I executed it without ssh, directly from the GUI terminal at
umbrel.local/settings/terminal/app/tailscale
Hopefully the app settings are persistent in the next upgrade.
Thanks for the hints
Do you know how to make Umbrel machine use an external exit-node? I have tried all the possibilities trying to make Umbrel use another exit-node to route traffic and I always get the message about route node is off.
I am trying to do this: