TAILMON TAILMON v1.0.19 -June 19, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

[jksmurf]

Do you think that this thread should be split in two.

One thread about TAILMON issues.
And one thread helping people to setup their Tailscale config.

What you think?

Tailscale’s own forum was sunsetted (see pic) a year ago but still has lots of descriptions on setting up Tailscale.
For general tailscale setup Tailscale’s own documentation site (see menu on LHS) is pretty good.

Then there’s the Tailscale Reddit and for the more technically-minded folk, the Tailscale issues site on GitHub.

Not to turn folks away, just to point out other resources for general Tailscale configuration and troubleshooting, independent from TAILMON.

 

[wantu]

I want to connect routers with Tailscale in a total of 3 regions.

Currently, I am using AC88U / AC88U / AC68U. I installed it with tailscale_nohf, so there is no problem with the installation. I am adjusting the settings, but when I run Tailscale, I get the following message.

Warning: couldn't check system's UDP GRO forwarding configuration, failed to retrieve TUN device features: operation not supported

Is there something I'm missing (or is this a configuration issue, or an issue with an older router...)?

I'd like to know if I can ignore the message above (and how to work around it if it's a feature limitation).

Translated with DeepL.com (free version)

 

[Viktor Jaep]

I want to connect routers with Tailscale in a total of 3 regions.

Currently, I am using AC88U / AC88U / AC68U. I installed it with tailscale_nohf, so there is no problem with the installation. I am adjusting the settings, but when I run Tailscale, I get the following message.

Warning: couldn't check system's UDP GRO forwarding configuration, failed to retrieve TUN device features: operation not supported

Is there something I'm missing (or is this a configuration issue, or an issue with an older router...)?

I'd like to know if I can ignore the message above (and how to work around it if it's a feature limitation).

Translated with DeepL.com (free version)

On which device is this happening? The AC88U or the AC68U?

 

[jksmurf]

I want to connect routers with Tailscale in a total of 3 regions.

Currently, I am using AC88U / AC88U / AC68U. I installed it with tailscale_nohf, so there is no problem with the installation. I am adjusting the settings, but when I run Tailscale, I get the following message.

Warning: couldn't check system's UDP GRO forwarding configuration, failed to retrieve TUN device features: operation not supported

Is there something I'm missing (or is this a configuration issue, or an issue with an older router...)?

I'd like to know if I can ignore the message above (and how to work around it if it's a feature limitation).

Translated with DeepL.com (free version)

Hi,

I'm not able to answer your query sorry, (others might be better placed) but I am unable to find any details (at all) on the Warning message, which is unusual.

I was wondering if this is an exact message produced by your system or whether it was also "Translated with DeepL.com"?

If the latter (i.e. it was also translated) could you send the actual message (in whatever language) or capture a screenshot of the actual message you see (and not the translated version) please?

I did find these links, which may or not be related to your issue.
I am not in a position to help with this but maybe @ColinTaylor or someone with stronger knowledge will find the links a useful starting point.

Increasing QUIC and UDP throughput

We’re releasing a set of changes that builds on the foundation of our earlier WireGuard performance work, significantly improving UDP throughput on Linux. As with the previous work, we intend to upstream these changes to WireGuard. Our changes improve throughput for HTTP/3, QUIC, and other...

tailscale.com

Performance best practices · Tailscale Docs

Learn how to get the most performance out of your Tailscale deployment.

tailscale.com

k.

[EDIT1] The only similar warning I have seen is "Warning: UDP GRO forwarding is suboptimally configured on eth0, UDP forwarding throughput capability will increase with a configuration change."

[EDIT2] Also, did you update Tailscale on all 3 devices (to 1.66.4?)

[EDIT3] @ColinTaylor see also https://github.com/tailscale/tailscale/blob/main/ipn/localapi/localapi.go (lines 1168 to 1181) which has some warnings related to GRO and UDP in a function which checks for the same. Not sure if that is way off-base or possibly related.

[EDIT4] See also https://akashrajpurohit.com/blog/tailscale-accessing-homelab-services-outside-my-network/

 

[wantu]

On which device is this happening? The AC88U or the AC68U?

Both are.

I also have one more symptom. I haven't tested all of them because they are physically far apart.
I have one router that I set as an exit node, and all of the devices connected to it are losing internet connectivity. When I shut down Tailscale, they all connect to the internet again.

Here's the CLI I used

tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-routes=true --snat-subnet-routes=false --stateful-filtering=false --accept-dns=false

 

[jksmurf]

Both are.

I also have one more symptom. I haven't tested all of them because they are physically far apart.
I have one router that I set as an exit node, and all of the devices connected to it are losing internet connectivity. When I shut down Tailscale, they all connect to the internet again.

Here's the CLI I used

tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-routes=true --snat-subnet-routes=false --stateful-filtering=false --accept-dns=false

Which mode are you using?

 

[wantu]

어떤 모드를 사용하고 있나요 ?

사용자 정의 모드를 사용하고 있습니다.

 

[wantu]

Hi,

I'm not able to answer your query sorry, (others might be better placed) but I am unable to find any details (at all) on the Warning message, which is unusual.

I was wondering if this is an exact message produced by your system or whether it was also "Translated with DeepL.com"?

If the latter (i.e. it was also translated) could you send the actual message (in whatever language) or capture a screenshot of the actual message you see (and not the translated version) please?

I did find these links, which may or not be related to your issue.
I am not in a position to help with this but maybe @ColinTaylor or someone with stronger knowledge will find the links a useful starting point.

Increasing QUIC and UDP throughput

We’re releasing a set of changes that builds on the foundation of our earlier WireGuard performance work, significantly improving UDP throughput on Linux. As with the previous work, we intend to upstream these changes to WireGuard. Our changes improve throughput for HTTP/3, QUIC, and other...

tailscale.com

Performance best practices · Tailscale Docs

Learn how to get the most performance out of your Tailscale deployment.

tailscale.com

k.

[EDIT1] The only similar warning I have seen is "Warning: UDP GRO forwarding is suboptimally configured on eth0, UDP forwarding throughput capability will increase with a configuration change."

[EDIT2] Also, did you update Tailscale on all 3 devices (to 1.66.4?)

[EDIT3] @ColinTaylor see also https://github.com/tailscale/tailscale/blob/main/ipn/localapi/localapi.go (lines 1168 to 1181) which has some warnings related to GRO and UDP in a function which checks for the same. Not sure if that is way off-base or possibly related.

[EDIT4] See also https://akashrajpurohit.com/blog/tailscale-accessing-homelab-services-outside-my-network/

I'm using deepl, sorry (my English is not very good)

I'll take a closer look at what you've told me, and I'll try to post my situation clearly in an area I can understand.

Thank you for your kindness.

 

[jksmurf]

사용자 정의 모드를 사용하고 있습니다.

OK that translates to Custom Mode; but I believe Custom behaves as if it is Kernel mode if you do not change the first two (of the first 3) Arguments, so you should be OK. Maybe check it retained the Kernel mode arguments (it should).

 

[jksmurf]

TAILMON keeps a record in it's own config what items you want on your command lines... when you run other commands outside of TAILMON, it has no idea what has been done, and just tries to start/execute what it knows about, or what has been configured. It's really mean for simple use, ie. making your router and/or subnet visible for remote access. When you are dealing with multi-network bridging like this, you're going outside the purview of what TAILMON was designed to do, and would recommend discontinuing use, and focus on your own commandlines at this point, until you have something working that you might be able to replicate into TAILMON for any sort of monitoring purpose if you so wish.

Hi Viktor, quick Q for you, as this relates to @wantu 's query and also possibly to @Dr.Rom:

There are 3 modes in TAILMON

1. Userspace (default)

https://imgur.com/9i8QxTF

2. Kernel; and

https://imgur.com/Ae2BFH4

3. Custom

https://imgur.com/LGmNF2Z

Colin's test for Dr.Rom has a successful connection in Kernel Mode only.

However if you want to add additional config lines to tailscale up (the 4th of the configurable lines), you have to choose Custom mode.

Can you confirm that for the purposes of the running of Tailscale, TAILMON’s Custom Mode acts as if it is in Kernel Mode?

From the pics above (my own system) this would seem to be the case if you answer (n) do not change any parameters (at least not yet) in Custom Mode.

I also believe (correct me if I am wrong) that the 4th line (tailscale up) does not dictate in any way whether it reverts to Userspace or Kernel Mode; only the added PRECMD line and amended ARGS line define this right?

I tested going from (i) Kernel to Custom and then (ii) Userspace to Custom and as far as I can tell for the first trial it retains the 3 first Arguments i.e. (Kernel retained) and for the second trial it changes them from Userspace Parameters to 'equivalent' Kernel ones.

 

[Viktor Jaep]

Can you confirm that for the purposes of the running of Tailscale, TAILMON’s Custom Mode acts as if it is in Kernel Mode?

That's correct... when selecting custom mode, it basically configures itself into Kernel mode, and gives you the freedom to change the various command lines.

I also believe (correct me if I am wrong) that the 4th line (tailscale up) does not dictate in any way whether it reverts to Userspace or Kernel Mode; only the added PRECMD line and amended ARGS line define this right?

The difference is that PRECMD and the tun= command in the ARGS that make the difference between Userspace and Kernel.

 

[ColinTaylor]

Warning: couldn't check system's UDP GRO forwarding configuration, failed to retrieve TUN device features: operation not supported

I've seen this message when trying to enable subnet routing but you have no connection to the internet.

 

[jksmurf]

I've seen this message when trying to enable subnet routing but you have no connection to the internet.

Hi Colin, for future reference would you happen to have the exact wording of the error message you see? No problem if not, just couldn’t find it anywhere.

 

[ColinTaylor]

Hi Colin, for future reference would you happen to have the exact wording of the error message you see? No problem if not, just couldn’t find it anywhere.

The exact wording is what I quoted.

 

[Viktor Jaep]

New release with a few small changes for older model routers running older kernels requiring the "tailscale_nohf" package instead. Enjoy! Thanks to @ColinTaylor and @jksmurf for their help with this.

What's new?
v1.0.14 - (June 8, 2024)
- PATCH: As noted by a few running older hardware and earller versions of the kernel, they were having trouble getting Tailscale to install correctly. This is apparently due to the fact that these older devices needed a different installer package. TAILMON now checks for the kernel and architecture, and if it matches arm7 with kernel 2.6, then it will install the tailscale_nohf package. Uninstall also ensures it will be removing the correctly named package. Huge thanks to @ColinTaylor and @jksmurf for helping distill this into a working fix within TAILMON.
- PATCH: General cleanup and organization throughout the script.

Download link (or update directly within AMTM/TAILMON):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"

 

[jksmurf]

New release with a few small changes for older model routers running older kernels

Thank you Viktor, you’re an absolute star!

While no one will notice what gets done “under the hood” these are the models I believe (so far) this will help i.e. folks no longer have to install the nohf package manually. [Currently supported AsusWRT Merlin models of the older architecture].

• RT-AC3100: 2.6.36.4brcmarm armv7l
• RT-AC5300: 2.6.36.4brcmarm armv7l @Ratfink @vorski
• RT-AC58U: 2.6.36.4brcmarm armv7l
• RT-AC68U: 2.6.36.4brcmarm armv7l @wantu
• RT-AC88U: 2.6.36.4brcmarm armv7l @wantu

For those on newer kernels it won’t help those rare cases where you have an old version of entware installed, you will have to uninstall entware and reinstall anew.

k.

 

[Viktor Jaep]

Thank you Viktor, you’re an absolute star!

While no one will notice what gets done “under the hood” these are the models I believe (so far) this will help I.e. folks no longer have to install the nohf package manually. [Currently supported AsusWRT Merlin models of the older architecture].

• RT-AC3100: 2.6.36.4brcmarm armv7l
• RT-AC5300: 2.6.36.4brcmarm armv7l @Ratfink @vorski
• RT-AC58U: 2.6.36.4brcmarm armv7l
• RT-AC68U: 2.6.36.4brcmarm armv7l @wantu
• RT-AC88U: 2.6.36.4brcmarm armv7l @wantu

For those on newer kernels it won’t help those rare cases where you have an old version of entware installed, you will have to uninstall entware and reinstall anew.

k.

Thanks for the great writeup and summary, @jksmurf!

 

[Wheemer1]

Hello

Thanks for the addon, was working fine. However after latest update I am getting and error concerning --accept-routes.

I can't seem to find a setting for that, however I though it was there before. It enabled and I need it, however tailscale is restarted without that option so does not come up.

Any help is appreciated.

 

[rung]

New release with a few small changes for older model routers running older kernels requiring the "tailscale_nohf" package instead. Enjoy! Thanks to @ColinTaylor and @jksmurf for their help with this.

What's new?
v1.0.14 - (June 8, 2024)
- PATCH: As noted by a few running older hardware and earller versions of the kernel, they were having trouble getting Tailscale to install correctly. This is apparently due to the fact that these older devices needed a different installer package. TAILMON now checks for the kernel and architecture, and if it matches arm7 with kernel 2.6, then it will install the tailscale_nohf package. Uninstall also ensures it will be removing the correctly named package. Huge thanks to @ColinTaylor and @jksmurf for helping distill this into a working fix within TAILMON.
- PATCH: General cleanup and organization throughout the script.

Download link (or update directly within AMTM/TAILMON):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"

First of all - thank you! This is a great tool.

Feedback on a fresh install on a RT-AX86U PRO. From TAILMON, the Entware install of tailsale would fail because it could not find "tailscale_nohf" (not sure why it thought my router was "old"). I then manually installed tailscale at the command line with "opkg install tailscale" and returned to TAILMON. Then the tool kept trying to start up the tailscaled deamon but it kept failing. Finally I updated the tailscale version from TAILMON. After that it was smooth sailing!!!

Note what really drew me to tailscale is as an emergency backup in case my isp router provides a private IP instead of a WAN IP (which I seen happen once). I could fix it by turning WAN on and off. But I could not do that remotely if that happened. So this app gives me peace of mind.

Thanks again,
Rung

 

[Viktor Jaep]

First of all - thank you! This is a great tool.

Feedback on a fresh install on a RT-AX86U PRO. From TAILMON, the Entware install of tailsale would fail because it could not find "tailscale_nohf" (not sure why it thought my router was "old"). I then manually installed tailscale at the command line with "opkg install tailscale" and returned to TAILMON. Then the tool kept trying to start up the tailscaled deamon but it kept failing. Finally I updated the tailscale version from TAILMON. After that it was smooth sailing!!!

Note what really drew me to tailscale is as an emergency backup in case my isp router provides a private IP instead of a WAN IP (which I seen happen once). I could fix it by turning WAN on and off. But I could not do that remotely if that happened. So this app gives me peace of mind.

Thanks again,
Rung

Thanks for the feedback on this. You were absolutely correct - that was an error on my part. Please download and overwrite TAILMON with the same version. I've pushed a small patch out that fixes this. Version stays the same.

Apologies for having to jump through all those hoops. That frustration could have been avoided... my bad.