TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

[peanstein]

I was hoping I get get a better understanding of the difference having tailscale installed on my RT-AX86S running 3004.388.6_2 and on my Truenas Scale 24.10.2. Is the exit node required for both or is that only needed on one of the 2 installations?

In my router tailscal settings, I advertised my subnet and seems to be running fine, and shows as connected to the tailscal devices page.
In my Truenas system, I advertised my subnet as well as selected it to be an exit node. It also shows as connected in tailscal devices page.

I have tailscale on two laptops, as well as two android phones. Everything connects fine via VPN when outside my intranet (cell network). I can access my Truenas system as well as router login page.

Do I have everything configured correctly or should I configure things differently?

Thanks!

 

[jksmurf]

@Viktor Jaep, do you think it would be possible to add a user selectable option that auto-checks for and then auto-updates both Tailmon and separately, the same for Tailscale?

I was inspired by relatively recent developments in MerlinAU along those lines….

 

[jksmurf]

Is the exit node required for both or is that only needed on one of the 2 installations?

Do I have everything configured correctly or should I configure things differently?

I’m hoping someone considerably more experienced like Colin Taylor will drop by, but I’ll give it a go. The answer is, it depends. If you want to keep it super simple, set up one subnet router and exit node on one device, the most powerful one on your tailnet.

A next step would be to add the other device as a subnet router but not to have the subnet active e.g. I have an RPi4 running TS setup so that I can enable it as ‘advertising’ if there’s an issue with my Router’s TS implementation.

The next step would be to have both running TS, each with its respective subnet routers advertising, one being the primary subnet router and the other acting as a failover. There is an order of subnet router use, see TS docs but it’s generally chronological order of setup date.

I’m less experienced on exit nodes and a lot of the capabilities surrounding country-specific exit nodes e.g. are beyond the personal plan. Having two exit nodes is definitely possible on the personal plan (and even a good idea for coffee shop use e.g. ), for those wanting to send specific traffic out a specified exit node.

So as I said in the beginning, it really depends (on what your needs are). It may be that you don’t know what is actually possible and if you do a wee bit of hunting around you end up using capabilities you were not even aware existed . HTH.

 

[Viktor Jaep]

@Viktor Jaep, do you think it would be possible to add a user selectable option that auto-checks for and then auto-updates both Tailmon and separately, the same for Tailscale?

I was inspired by relatively recent developments in MerlinAU along those lines….

I like those suggestions a lot, @jksmurf! I'll add these to my to-do list.

 

[Kenji]

Hello everyone, I use Tailmon on my Asus router and it works very well.

This is connected to the Fritzbox via an access point. Now I access my LAN externally with my mobile phone as an exit note (asus router) and that works. by the way, I also use a pihole that filters out everything.

Now my question, is it possible to activate the Mullvad VPN plugin on the Asus router with Tailmon so that I can get into the one vpn no matter where I access it externally? this saves me having to activate the VPN Mullvad on my mobile phone.

Internet - Fritzbox (Asus router (exit point with Mullvad VPN), Pihole)

lg.

 

[Brenneke]

I just installed TAILMON and do not find how I can set "Tailscale SSH" for devices in my tailnet.
Did I miss it?

 

[jksmurf]

I just installed TAILMON and do not find how I can set "Tailscale SSH" for devices in my tailnet.
Did I miss it?

All credit to @ColinTaylor here, this was an offline conversation we had when Tailmon was in its infancy and being tested, with @Viktor Jaep et al.

To Enable/Add/Run:

1. Assuming you have Tailmon installed and running correctly, from the Router’s command-line, using Putty or similar, issue the command tailscale set --ssh; this adds the SSH option to the Router Machine menu.
2. Run the SSH option, you get a dialogue box with 'root' as the default.
3. Change 'root' to other, type in the login of your machine, click to log in to SSH
4. You will get a Browser to login to to your Tailnet; then the familiar SSH Window will turn up.
   
   Make sure you do NOT have another SSH window running to the Router or the SSH session will fail (it did for me).
   
   
5. You should see the 'ephemeral' SSH "machine" in your tailnet.

https://imgur.com/a/QWdq0LI

To Disable and Remove:

1. First remove the 'ephemeral' machine. I do not know if that option disappears if you issue tailscale set --ssh=false first. I do not know how long they last for aka 'ephemeral'... but mine stayed overnight ...
2. Then from an SSH window issue tailscale set --ssh=false. See pics.

https://imgur.com/a/POicjF1

NOTE: If you just issue tailscale set --ssh=false it removes the SSH option from the Router machine, but appears to keep the ephemeral machine(s). I think I had two because I incorrectly tried to log in as root the first time.

You can probably re-enage these ephemeral machine(s) by just issuing tailscale set --ssh again.

Troubleshooting removal:

When you run tailscale set --ssh=false the SSH option disappears from the Admin Console but Tailmon may still report (idle) SSH devices.

So, how do you get rid of these device lines completely?

To remove, simply go back to the admin console. Do you see two ephemeral machines? Remove them.

I believe this is correct, just based on observations/trials.

Separately

While you’re at it, try Taildrop too (Send with Tailscale):

https://imgur.com/a/WB1ZngU

 

[Brenneke]

All credit to @ColinTaylor here, this was an offline conversation we had when Tailmon was in its infancy and being tested, with @Viktor Jaep et al.

To Enable/Add/Run:

1. Assuming you have Tailmon installed and running correctly, from the Router’s command-line, using Putty or similar, issue the command tailscale set --ssh; this adds the SSH option to the Router Machine menu.
2. Run the SSH option, you get a dialogue box with 'root' as the default.
3. Change 'root' to other, type in the login of your machine, click to log in to SSH
4. You will get a Browser to login to to your Tailnet; then the familiar SSH Window will turn up.
   
   Make sure you do NOT have another SSH window running to the Router or the SSH session will fail (it did for me).
   
   
5. You should see the 'ephemeral' SSH "machine" in your tailnet.

https://imgur.com/a/QWdq0LI

To Disable and Remove:

1. First remove the 'ephemeral' machine. I do not know if that option disappears if you issue tailscale set --ssh=false first. I do not know how long they last for aka 'ephemeral'... but mine stayed overnight ...
2. Then from an SSH window issue tailscale set --ssh=false. See pics.

https://imgur.com/a/POicjF1

NOTE: If you just issue tailscale set --ssh=false it removes the SSH option from the Router machine, but appears to keep the ephemeral machine(s). I think I had two because I incorrectly tried to log in as root the first time.

You can probably re-enage these ephemeral machine(s) by just issuing tailscale set --ssh again.

Troubleshooting removal:

When you run tailscale set --ssh=false the SSH option disappears from the Admin Console but Tailmon may still report (idle) SSH devices.

So, how do you get rid of these device lines completely?

To remove, simply go back to the admin console. Do you see two ephemeral machines? Remove them.

I believe this is correct, just based on observations/trials.

Separately

While you’re at it, try Taildrop too (Send with Tailscale):

https://imgur.com/a/WB1ZngU

Ohhh.....
When I had regular Tailscale installed prior to TAILMON I could just do "tailscale up --ssh" normally and it worked perfectly.
Everything you just shared, is this because of TAILMON? If so I will uninstall.

 

[jksmurf]

Ohhh.....
When I had regular Tailscale installed prior to TAILMON I could just do "tailscale up --ssh" normally and it worked perfectly.
Everything you just shared, is this because of TAILMON? If so I will uninstall.

Look, I was just giving you an option, with as much detail as possible, that might help others too.

EDIT: No it’s nothing to do with Tailmon AFAIK, but may be due to the way Tailscale is installed on the Router via Entware. I found this site, which uses the tailscale set --ssh implementation as a result of the 'init' script which I believe the entware install also uses for Tailscale, although I’m not 100% sure (@ColinTaylor might be able to confirm).

I actually tried to use tailscale up --ssh initially during the conversation with Colin, but was advised to use tailscale set --ssh. I don’t see that being any more complicated TBH, but of course if Tailmon doesn’t meet your requirements, you’re free to uninstall it.

 

[jksmurf]

Now my question, is it possible to activate the Mullvad VPN plugin on the Asus router with Tailmon so that I can get into the one vpn no matter where I access it externally? this saves me having to activate the VPN Mullvad on my mobile phone.

...

lg.

Hi,

I am hoping someone more expert on Tailscale (or Mullvad) would swing by to help but absent that I’ve had a look at what’s possible. Seems like you need to purchase a Mullvad App (5 devices) to integrate with Tailscale, I have posted some set up details below if you haven'ty seen these, HTH.

• Tailscale Docs with Background on Tailscale+Mullvad
• Simplest Tailscale+Mullvad setup resource
• More advanced details on the same

Please do us let us know how you get on (and how you did it), you’re a bit of a Guinea pig here I think, unless someone has done it but not let on...

 

[jksmurf]

Ohhh.....
When I had regular Tailscale installed prior to TAILMON I could just do "tailscale up --ssh" normally and it worked perfectly.
Everything you just shared, is this because of TAILMON? If so I will uninstall.

Hi Brenneke,

I was thinking about this overnight as it bugged me a wee bit. If "tailscale up --ssh" worked for you with Tailscale on the Router that was not installed using Tailmon, I am guessing it should work in Tailmon too.

So, with this in mind, have you tried entering your "tailscale up --ssh" option in a Custom Tailscale Commandline?

i.e. from the Tailmon Menu, select (C), then (3), then (3), then (e), then after restart TS prompt, (y), then (4), then replace your current commandline that runs "tailscale up --ARGUMENTS" (normally set by Tailmon) to e.g. for my machine:

--ssh --advertise-routes=192.168.9.0/24

then (e), (y) to restart. You can amend the line via the (O) option later if you make an error. See sequence (roughly in order) in the 18# screenshots on imgur.

It appears to work for me, although I had to wait a little while (and go into the Tailmon screen to check the SSH Connection was listed) but I was able to connect via SSH using the Custom commandline which adds arguments to tailscale up. I reverted to Kernel mode and removed the ephemeral SSH instance using the procedure noted above (see also pics in the post above).

I did have a bit of an issue when I reverted to just Kernel mode in that the connection remained disconnected, showing "Tailscale is stopped".
I could not get it restarted despite selecting (U) for Up, and changing to Kernel or Userspace mode; nor via a Router reboot. When I tried (T) from the main menu I got an error about Tailscale needing a --reset. Fortunately @Viktor Jaep already included such an animal in the main menu (C), then select (I), so I reset it (whereupon it connected again), and then I changed to my preferred Kernel mode. The green SSH flag also disappeared from the Admin Console as expected. All good.

@Viktor Jaep provided this works sufficiently well (maybe @ColinTaylor or @Brenneke can advise after they try it on their own machines) if the "--ssh" argument is something you think would be a good default addition to the built-in set of Custom Options, that other users could add?, do you think you could add it in? Or simply not enough use?

k.

https://imgur.com/a/kF95W4s