Running Tailscale on Docker - working except "advertise-routes="
This is how I configured Tailscale to run via Docker as an exit node. It automatically starts (and updates the container on reboots).
The only thing that I cannot get working is routing to IP addresses that do not have the tailscale client installed. Any ideas on how to get that working?
---
I followed this recipe: https://help.firewalla.com/hc/en-us/articles/360053184374-Guide-Install-HomeBridge-on-Firewalla-
---
Docker Compose
Create directories for Docker and Tailscale
mkdir /home/pi/.firewalla/run/docker/
mkdir /home/pi/.firewalla/run/docker/tailscale
cd /home/pi/.firewalla/run/docker/tailscale
Create “docker-compose.yml” in ~/.firewalla/run/docker/tailscale
Make sure to update the "talescale up" command to match the parameters. This script enables an exit node and advertises routes.
cat > /home/pi/.firewalla/run/docker/tailscale/docker-compose.yml << EOF
version: "2.4"
services:
tailscale:
image: tailscale/tailscale:latest
container_name: firewalla-tailscale # This will become the tailscale device name
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
network_mode: "host"
volumes:
- "/home/pi/.firewalla/run/docker/tailscale:/var/lib" # State data will be stored in this directory
- "/dev/net/tun:/dev/net/tun" # Required for tailscale to work
privileged: true
cap_add: # Required for tailscale to work
- net_admin
- sys_module
command: tailscaled
EOF
Start the container:
sudo systemctl start docker
sudo docker-compose up -d
sudo docker exec firewalla-tailscale tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
sudo docker exec firewalla-tailscale tailscale status
Follow the instructions that are printed to authorize the node and the routes.
——
The docker service and container won't automatically start after a system reboot, to do so, create the following folder and file
mkdir /home/pi/.firewalla/config/post_main.d/
cd /home/pi/.firewalla/config/post_main.d/
cat > /home/pi/.firewalla/config/post_main.d/start_tailscale.sh <<EOF
#!/bin/bash
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - starting docker"
sudo systemctl start docker
sleep 60
cd /home/pi/.firewalla/run/docker/tailscale
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - pulling latest images"
sudo docker-compose pull
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - bringing containers up"
sudo docker-compose up -d
sleep 60
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - starting tailscale"
sudo docker exec firewalla-tailscale tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
sleep 15
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - checking status"
sudo docker exec firewalla-tailscale tailscale status
echo
echo "$0 - $(date "+%Y-%m-%d - %H:%M:%S") - pruning images"
sudo docker system prune -f
EOF
Make the file executable
chmod +x /home/pi/.firewalla/config/post_main.d/start_tailscale.sh
With this, you should have a working tailscale implementation, albeit without routing.
Please sign in to leave a comment.
Comments
2 comments