[RELEASE] TAILMON v1.0.10 -May 12, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

[dom2114]

Interesting. Where did you read that? link?

I found it here:
https://github.com/MartineauUK/wireguard

| * NOTE: WireGuard® is incompatible with Hardware Acceleration * |
| * which is REQUIRED IF your WAN ISP speed is > 350 Mbps * |
| * * |
| * IF your WAN ISP speed is > 350 Mbps then you can * |
| * DISABLE Hardware Acceleration using command * |
| * * |
| * E:Option ==> fc disable * |
| * * |
| * but you will LIMIT ALL WAN throughput (not just * |
| * WireGuard® clients) to about 350 Mbps * |
| * * |
| * NOTE: WireGuard® Manager© will try and auto * |
| * ENABLE/DISABLE Hardware Aceleration based on * |
| * the number of ACTIVE "client" Peers * |

 

[RandomUser777]

I found it here:
https://github.com/MartineauUK/wireguard

| * NOTE: WireGuard® is incompatible with Hardware Acceleration * |
| * which is REQUIRED IF your WAN ISP speed is > 350 Mbps * |
| * * |
| * IF your WAN ISP speed is > 350 Mbps then you can * |
| * DISABLE Hardware Acceleration using command * |
| * * |
| * E:Option ==> fc disable * |
| * * |
| * but you will LIMIT ALL WAN throughput (not just * |
| * WireGuard® clients) to about 350 Mbps * |
| * * |
| * NOTE: WireGuard® Manager© will try and auto * |
| * ENABLE/DISABLE Hardware Aceleration based on * |
| * the number of ACTIVE "client" Peers * |

Tailscale works fine for me, hardware acceleration staying enabled. On a RT-AX88U_Pro, RT-AX86U_Pro, AX86U, AX86S.

 

[JGrana]

Me as well. I'm running Tailscale in a site-2-site - one an AX88U Pro the other an AX58U.
Both show hardware acceleration enabled.

 

[ColinTaylor]

I found it here:
https://github.com/MartineauUK/wireguard

| * NOTE: WireGuard® is incompatible with Hardware Acceleration * |
| * which is REQUIRED IF your WAN ISP speed is > 350 Mbps * |
| * * |
| * IF your WAN ISP speed is > 350 Mbps then you can * |
| * DISABLE Hardware Acceleration using command * |
| * * |
| * E:Option ==> fc disable * |
| * * |
| * but you will LIMIT ALL WAN throughput (not just * |
| * WireGuard® clients) to about 350 Mbps * |
| * * |
| * NOTE: WireGuard® Manager© will try and auto * |
| * ENABLE/DISABLE Hardware Aceleration based on * |
| * the number of ACTIVE "client" Peers * |

I don't see any mention of tailscale there. I know that tailscale uses WireGuard as the underlying protocol but there may be differences regarding compatibility with hardware acceleration. If you're running tailscale in userspace mode I don't think hardware acceleration is applicable anyway. Even in kernel mode you're going to be CPU limited. Streaming services don't need much bandwidth but whether tailscale provides enough for your requirements will probably come down to which model router you have.

 

[JGrana]

Interesting (but very good) experience with Tailscale/TAILMON.

I am running “kind of a” dual wan in my house. I have a T-Mobile Sagemcom modem plugged into an old AX58U with a unique SSID and IP network address range. It came as part of a deal with moving over to T-Mobile phones. It’s pretty low cost - and I have used it in the past when my main WAN (Starlink) gets flaky.
My primary WAN is Starlink plugged into an AX88U Pro. Again, unique SSID and a different (luckily) network address.

I installed TAILMON on both. Enabled advertise routes and also accept routes.

In the past I would changes SSID to which router I wanted to check/work on.

Now I can be on either but easily access the other. i.e I can have both WebUI windows open at the same time on my laptop. I can now mount my NAS on both routers, etc., if after updating the main router and my wife’s iPhone switches over to T-Mobile she can still print on a printer on the main network.

What is interesting is that I really did nothing to route tables, ip tables etc. Just installed TAILMON and let it run.
Easier then I thought.

Hmm, wonder if I could do some kind of Dual WAN Failover with tailscale as the core.

 

[Viktor Jaep]

Interesting (but very good) experience with Tailscale/TAILMON.

I am running “kind of a” dual wan in my house. I have a T-Mobile Sagemcom modem plugged into an old AX58U with a unique SSID and IP network address range. It came as part of a deal with moving over to T-Mobile phones. It’s pretty low cost - and I have used it in the past when my main WAN (Starlink) gets flaky.
My primary WAN is Starlink plugged into an AX88U Pro. Again, unique SSID and a different (luckily) network address.

I installed TAILMON on both. Enabled advertise routes and also accept routes.

In the past I would changes SSID to which router I wanted to check/work on.

Now I can be on either but easily access the other. i.e I can have both WebUI windows open at the same time on my laptop. I can now mount my NAS on both routers, etc., if after updating the main router and my wife’s iPhone switches over to T-Mobile she can still print on a printer on the main network.

What is interesting is that I really did nothing to route tables, ip tables etc. Just installed TAILMON and let it run.
Easier then I thought.

Hmm, wonder if I could do some kind of Dual WAN Failover with tailscale as the core.

I've had a similar revelation with all this as well, @JGrana ... I'm constantly blown away how I can just get to all my devices on different networks without having to constantly keep switching networks and whatnot. It makes life so much easier. It's almost like a network extender on steroids.

 

[XIII]

For those that want to run "latest & greatest": Tailscale 1.66.0 is now available.

The release notes contain this text:

We recommend updating all Tailscale clients to v1.66.0 or later to benefit from additional security improvements.

(Although that text seems rather generic it's not included for all releases)

I have updated and at first sight everything still seems to work.

 

[XIII]

I’m struggling with DNS as well:

I expected to be able to remotely access devices on my local network (home.lan) by hostname, when Tailscale is active, because I have set up a Split DNS for it (192.168.1.1 for home.lan, which is also a search domain).

Unfortunately, I can only access my devices by their local IP address (192.168.x.y).

(I’m using NextDNS as the global option in Tailscale and the NextDNS CLI on my router)

Eventually got this to work after adding this extra line to etc/dnsmasq.conf (via /jffs/configs/dnsmasq.conf.add):

interface=tailscale0

 

[XIII]

I think I solved this in my manual setup, but I can't remember how... Tips?

# Health check:
#     - Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight

That file is overwritten by the NextDNS CLI with this contents:

nameserver 45.90.28.xx
nameserver 45.90.30.yy

Seems to be "solved" by adding this fragment to the custom Tailscale parameters (in TAILMON):

--accept-dns=false

 

[thelonelycoder]

TAILMON is now available in amtm!

 

[Viktor Jaep]

TAILMON is now available in amtm!

WHOO! Thank you @thelonelycoder!!

 

[thelonelycoder]

WHOO! Thank you @thelonelycoder!!

This is your 5th script in amtm. You’re on steroids and might surpass @Jack Yaz soon.

 

[Viktor Jaep]

This is your 5th script in amtm. You’re on steroids and might surpass @Jack Yaz soon.

I am certainly not trying to... I thought I even put my foot down on TAILMON with a firm "no"... but @jksmurf asked so nicely, and I'm weak, and really enjoy a challenge!

 

[evo17paul]

Before this tailscale chat had started, I was actually already running tailscale on 1 of my 2 raspberry pi's.
Both pi's run my DHCP and run Pi-hole, and each of my internal devices have primary/secondary DNS pointing to the pi (along with the 86U DNS directory, ensuring all DNS goes via those Pi's as well).

As I recently changed to Community Fibre, and that is running a CGNAT I lost my previous OpenVPN capability, and hence why I found tailscale and installed on my pi. This allowed me secure connectivity into my home, but also allowed my browsing to continue via Pi-hole (just a single one) and more importantly continued my ad-blocking experience

I can now say, I've installed tailscale on the router, allowed subnet-routing to happen and have turned off tailscale on my Pi. I can now hit both my Pi's and get access to my home network through the router, ala like my previous OpenVPN implementation.

Still looking at tailscale for many things it can achieve, but wanted to thank the great work by @thelonelycoder for AMTM implementation and @Viktor Jaep for the tailmon script

 

[Viktor Jaep]

Before this tailscale chat had started, I was actually already running tailscale on 1 of my 2 raspberry pi's.
Both pi's run my DHCP and run Pi-hole, and each of my internal devices have primary/secondary DNS pointing to the pi (along with the 86U DNS directory, ensuring all DNS goes via those Pi's as well).

As I recently changed to Community Fibre, and that is running a CGNAT I lost my previous OpenVPN capability, and hence why I found tailscale and installed on my pi. This allowed me secure connectivity into my home, but also allowed my browsing to continue via Pi-hole (just a single one) and more importantly continued my ad-blocking experience

I can now say, I've installed tailscale on the router, allowed subnet-routing to happen and have turned off tailscale on my Pi. I can now hit both my Pi's and get access to my home network through the router, ala like my previous OpenVPN implementation.

Still looking at tailscale for many things it can achieve, but wanted to thank the great work by @thelonelycoder for AMTM implementation and @Viktor Jaep for the tailmon script

Fantastic, @evo17paul! I'm really starting to take a liking to it as well after seeing what it's capable of. How did I live without it for this long is a better question!

 

[evo17paul]

Fantastic, @evo17paul! I'm really starting to take a liking to it as well after seeing what it's capable of. How did I live without it for this long is a better question!

Indeed... or should we be afraid as its too simple

 

[jksmurf]

TAILMON is now available in amtm!

Wouldn’t normally reply when a like would suffice but in this instance I have to add a personal note of thanks, you were good to your word.

You said (paraphrasing) that if you can find someone to code it (and @Viktor Jaep certainly stood up here) and they have an install/uninstall routine, you would add it to amtm.

.

 

[XIII]

For those that want to run "latest & greatest": Tailscale 1.66.0 is now available.

The release notes contain this text:

(Although that text seems rather generic it's not included for all releases)

I have updated and at first sight everything still seems to work.

This is the issue they fixed: https://tailscale.com/security-bulletins#ts-2024-005

(PS: Tailscale 1.66.1 is out as well, for unix systems only, so also our routers)

 

[alan6854321]

Hi there,

I've been using Tailscale for a while so I thought I'd try installing it on my router now it has the amtm seal of approval. But I'm struggling.

I used the 'tm' option in amtm to install it, and it appears to be installed OK.
But every command I try seem to result in

/opt/etc/init.d/S06tailscaled: .: line 10: can't open '/opt/etc/init.d/rc.func'

/opt/etc/init.d/rc.func doesn't exist.

I used 'L' to read the log, and it appears to suggest the service is running..

May 10 2024 15:15:54 RT-AX88U_Pro-0998 TAILMON[2978] - INFO: TAILMON config has been updated.
 2 May 10 2024 15:16:27 RT-AX88U_Pro-0998 TAILMON[2978] - INFO: Tailscale Entware package installed.
 3 May 10 2024 15:17:14 RT-AX88U_Pro-0998 TAILMON[2978] - INFO: Tailscale Service started.
 4 May 10 2024 15:18:03 RT-AX88U_Pro-0998 TAILMON[2978] - INFO: Tailscale Connection started.
 5 May 10 2024 15:25:16 RT-AX88U_Pro-0998 TAILMON[11838] - INFO: Tailscale Service started.

Any ideas where to go from here?

 

[ColinTaylor]

Any ideas where to go from here?

Post the output of the following command:

opkg list-installed