TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

[Viktor Jaep]

TAILMON v1.0.20
Released July 27, 2024

First off – Wanted to give huge thanks to @jksmurf for lighting this fire… He opened my eyes to Tailscale and its capabilities, and only became natural to want to fullfill his wishes to create a formal installer/monitor for this valuable tool for others to enjoy. He, along with @Aiadi, @kuki68ster and @ColinTaylor made a fantastic team that has been working diligently in the background testing the capabilities, limits and stability of Tailscale on our routers. Hats off to all these gentlemen for their help and insight that went into making this tool.

Executive Summary: Tailscale is a free and open source service, based on WireGuard®, that helps users build no-hassle virtual private networks. Once you’ve created a Tailscale network (tailnet), you can securely access services and devices on that tailnet from anywhere in the world. TAILMON is a posix shell script that assists with the install, configuration and monitoring of Tailscale, running on your Asus-Merlin FW router. What is Tailscale you ask? Read more here!

Use-case: TAILMON allows you to download and install Tailscale via Entware onto your router, in order to join your router to your Tailscale network (tailnet). When joined, you can optionally designate your router to become an exit node, and/or advertise access to your subnet in order to allow access to devices running on your network… think NAS devices, TVs, Raspberry Pi’s, Ubuntu servers, security cameras. Once installed, you can monitor your Tailscale service and connection with TAILMON, which will optionally restart the service/connection should something bring it down. To make life easier, TAILMON can continue running/monitoring in the background using the SCREEN utility.

WIKI: Based on our group's findings and extensive testing, @ColinTaylor built this fantastic Tailscale on Merlin WIKI which dives more into the underlying components and how to manually use the Tailscale tools to make a successful connection. Thank you for providing this great instruction manual!

TAILMON is free to use under the GNU General Public License version 3 (GPL 3.0).

This project is hosted on GitHub

Latest release notes: <available here!>

Changelog here | What's new: Added Site-to-Site capabilities, Arm7-2.6 Architecture/Kernel compatibility, Mostly maintenance items, Tailscale Updates, Reboot Protection + showing TS versions, Initial Release!

Screenshots:

How is this script supposed to run?

In a normal, daily mode, this script would run from a standard SSH connection. In monitoring mode, it would be running under the SCREEN utility. Instructions:

1. Download and install directly using your favorite SSH tools, copy & paste this command (or install directly from AMTM!):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"

2. Run TAILMON for the first time to get it setup, or just running the script normally using this command:

sh /jffs/scripts/tailmon.sh

3. Configure advanced settings using this command (or by pressing (C) from the operations menu in the UI):

sh /jffs/scripts/tailmon.sh -setup

4. To make things easier, you can now just type the script name itself (without the path/extension), like so… NOTE: You will need to completely exit your SSH session, and log back in for this feature to immediately start working – basically logout/login!

tailmon

5. Running it under the SCREEN utility is also easy... Make sure to exit the SCREEN session properly by pressing CTRL A + D!

tailmon -screen

 

[Viktor Jaep]

How do I set up TAILMON and Tailscale!?

Here are steps on installing the script and getting it configured for Tailscale...

1.) First, go to https://tailscale.com, and create a free account. The free version of Tailscale lets you manage up to 3 individual user accounts, and 100 devices! That should be plenty for us experimental enthusiast crowd!

2.) Upon downloading TAILMON, and running it for the first time (sh /jffs/scripts/tailmon.sh), you will be prompted with an "Install Dependencies" screen. This will install a few Entware tools that are used by TAILMON.

3.) Once complete, you will be prompted with the "Initial Setup" screen. Here you have a choice between "Express Install" and "Advanced Install". For those new to Tailscale, I would recommend the "Express Install" to get you up and running as quickly and easily as possible.

4.) During the "Express Install" process, you will see Tailscale getting downloaded and installed, after which, it will try to join your router to your Tailscale Network (tailnet). You need to copy and paste the URL it presents into your browser, in order to validate that this is the equipment you want to add to your tailnet.

5.) After you validate the machine, it will continue on to the main UI. From here you have some keyboard shortcuts available from the Operations Menu on the very top. Below that will show Tailscale service and connection status. As you add more devices to your tailnet, you will see the list growing under the "Tailscale Connection Status". Finally, it will also show exactly what service and commandline switches it is utilizing to establish and maintain your connection to Tailscale.

 

[Viktor Jaep]

Advanced Options:

1.) From the main UI, you can press (C) for the Configuration/Setup Menu (or you can get to this same screen directly using sh /jffs/scripts/tailmon.sh -setup). This menu also functions as the "Advanced Install" menu, giving you full control over the install/uninstall of the Tailscale service/connection, lets you stop/start, and bring the connection up/down. You are also able to update the Tailscale binary here to the latest version, as well as being able to issue a 'tailscale up --reset' command. Here is also where you can set the Operating Mode, configure the router as an exit node, and advertise routes for your own subnet to your tailnet.

2.) Pressing (3) "Set Tailscale Operating Mode" lets you choose between "Userspace", "Kernel" and "Custom". Userspace Mode is used by default, and seems the least intrusive to the router, and tends to overlay on top of the OS. Kernel mode has a much tighter integration with the OS, which may interfere with some processes. Which of these modes is the best? They both seem to perform about the same, so it's really a toss-up, unless I uncover further info based on performance or other issues to sway my mind. In both of these modes, the main service and commandline options are chosen for you to utilize these modes. In the Custom mode, you have full control over all options, and can add your own custom settings and commandline options.

3.) Continuing from the screen above, choosing Option (3) for the Custom Operating Mode gives you access to edit all major sections that control the Tailscale Service and Connection:

4.) From the Configuration/Setup Menu, pressing option (6) "Custom Configuration Options" gives you a bit more functionality to manage your Tailscale install. Here's a brief explanation for each function:

• Keep Tailscale Service Alive - Setting to Yes will monitor the Tailscale Service, and if it determines that it's down, will automatically restart it.
• Timer Check Loop Interval - The amount of seconds that it checks for Tailscale Service issues
• Custom Event Log size - The number of rows the eventlog will grow to before it starts trimming itself down
• AMTM Email Notifications - Requires AMTM email to be setup and configured, but will send you success/failure events via email
• Keep settings on Tailscale Entware updates - If Tailscale is upgraded, it will lose it's settings. This function will make sure that settings will be synced back and survive an update without downtime.
• Autostart TAILMON on Reboot - This option autostarts TAILMON if your router happens to reboot, and continues monitoring your Tailscale service/connection in a Screen session.

If anyone has any questions on the functionality of TAILMON or Tailscale in general, feel free to post questions in the thread below! ENJOY!

 

[thanhnam1601]

I hope that there will be a function to support the use of Exit Node (as a client / VPN Gateway).
There are some ideas:

• Users are able to Select Exit Node (which advertised on their tailnet).
• Users are able to Forward LAN (select ports) / Wi-Fi / or force All traffic to the Exit Node.

With that, users can utilize their router as a travel router, similar to the function advertised by GL iNet travel routers. Also inspired by OpenWRT setup.

[OpenWrt Wiki] Tailscale

openwrt.org

 

[Viktor Jaep]

I hope that there will be a function to support the use of Exit Node (as a client / VPN Gateway).
There are some ideas:

• Users are able to Select Exit Node (which advertised on their tailnet).
• Users are able to Forward LAN (select ports) / Wi-Fi / or force All traffic to the Exit Node.

With that, users can utilize their router as a travel router, similar to the function advertised by GL iNet travel routers. Also inspired by OpenWRT setup.

Good thing TAILMON has a thing called "custom mode", which lets you use any command you wish like this one.

 

[jksmurf]

Good thing TAILMON has a thing called "custom mode", which lets you use any command you wish like this one.

The Tailscale Website might help you with the CLI on the Router for Exit Nodes:

• Setting up Exit Nodes
• Suggested (auto-exit) Exit Nodes

Seems that Mandatory Exit Nodes are Premium Plan only though. Auto should be fine for one exit node...

The (now closed) original Tailmon thread has some folks using it, so the syntax is like this (below). although I have a vague recollection there was an issue when using one of userspace or kernel mode (Custom also uses kernel mode) and some messages from tailscale (that can be ignored).

tailscale up --advertise-exit-node --advertise-routes=192.168.0.0/24 --accept-dns=false

 

[chuckle9]

hello. great work on this, but i have a question. this comes up when i check tailscale status on my laptop.

# Health check:
# - Exit node misconfiguration: The following issues on your machine will likely make usage of exit nodes impossible: [interface "enp0s31f6" has strict reverse-path filtering enabled interface "tailscale0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1

 

[Viktor Jaep]

hello. great work on this, but i have a question. this comes up when i check tailscale status on my laptop.

# Health check:
# - Exit node misconfiguration: The following issues on your machine will likely make usage of exit nodes impossible: [interface "enp0s31f6" has strict reverse-path filtering enabled interface "tailscale0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1

What does your tailmon config look like? Are you using custom mode? Please give us a little more info or screenshots to go on?

 

[ColinTaylor]

hello. great work on this, but i have a question. this comes up when i check tailscale status on my laptop.

# Health check:
# - Exit node misconfiguration: The following issues on your machine will likely make usage of exit nodes impossible: [interface "enp0s31f6" has strict reverse-path filtering enabled interface "tailscale0" has strict reverse-path filtering enabled], please set rp_filter=2 instead of rp_filter=1

I believe this message is referring to your laptop's network configuration and not tailmon/tailscale running on the router.

 

[chuckle9]

What does your tailmon config look like? Are you using custom mode? Please give us a little more info or screenshots to go on?

It's custom, running on keenal. Router set as exit node. I also have Skynet and. Adguard on the router. This is what comes up on the router

# Health check:
# - Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight

Tailscale Service Options (Kernel Mode)
PRECMD: modprobe tun
ARGS: --state=/opt/var/tailscaled.state --statedir=/opt/var/lib/tailscale PREARGS: nohup

Tailscale Connection Commandline
--advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-routes

 

[chuckle9]

I couldn't get my laptop to access lan, but it had Internet I was thinking the first post has something to do with the laptop's network, but it said something about exit node not configured correctly. My phone can connect to lan, and has Internet. Unless I am on someone's WiFi . Then it only has Internet. That might be a different issue though.

 

[Viktor Jaep]

It's custom, running on keenal. Router set as exit node. I also have Skynet and. Adguard on the router. This is what comes up on the router

# Health check:
# - Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight

Tailscale Service Options (Kernel Mode)
PRECMD: modprobe tun
ARGS: --state=/opt/var/tailscaled.state --statedir=/opt/var/lib/tailscale PREARGS: nohup

Tailscale Connection Commandline
--advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-routes

Did you configure your router to act as an exit node?

 

[chuckle9]

Yes.

 

[Viktor Jaep]

Yes.

What OS is running on your laptop? I'm having a hard time telling whether or not this error is coming from your laptop, or from your router. Do you see any error messages on your router when you check its health?

There is this thread here that touches on this subject... did you see this? https://www.snbforums.com/threads/how-to-use-exit-nodes.92865/

 

[chuckle9]

What OS is running on your laptop? I'm having a hard time telling whether or not this error is coming from your laptop, or from your router. Do you see any error messages on your router when you check its health?

There is this thread here that touches on this subject... did you see this? https://www.snbforums.com/threads/how-to-use-exit-nodes.92865/

I didn't see that. I will check it out. The laptop is running Ubuntu. Thanks. This is what it says on the router.

Health check:
# - Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight

I figure it something to do with adguard.

 

[Viktor Jaep]

I didn't see that. I will check it out. The laptop is running Ubuntu. Thanks.

Yeah, especially that last post about setting the rp_filter...

This is what it says on the router.

Health check:
# - Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight

I figure it something to do with adguard.

I think that message is fairly normal and shouldn't hurt anything.

 

[joe scian]

I cant get tailscale operational on my AX86U or AC86U. The tailscale service is dead after installation and will never show as alive no matter what I do. I have uninstalled and reinstalled 30 times on both routers same result,. I am stumped totally.

 

[jksmurf]

I cant get tailscale operational on my AX86U or AC86U. The tailscale service is dead after installation and will never show as alive no matter what I do. I have uninstalled and reinstalled 30 times on both routers same result,. I am stumped totally.

A long while back when I had some issues with TS not starting, I finally ended up doing an entware repair install, maybe you could try that in desperation, or even a complete entware uninstall/reinstall (as well as Tailmon).

Could you explain a wee bit more what message(s) or actions you’re seeing?

What does tailscale status issued from the command line show?

 

[joe scian]

A long while back when I had some issues with TS not starting, I finally ended up doing an entware repair install, maybe you could try that in desperation, or even a complete entware uninstall/reinstall (as well as Tailmon).

Could you explain a wee bit more what message(s) or actions you’re seeing?

What does tailscale status issued from the command line show?

message - failed to connect to local tailscaled; it dosent appear to be running- i will try but im sure ive done this too countless times. Well I did it again chose repair option and its all working again. A big shout out to you jksmurf - thanks heaps

 

[Viktor Jaep]

message - failed to connect to local tailscaled; it dosent appear to be running- i will try but im sure ive done this too countless times. Well I did it again chose repair option and its all working again. A big shout out to you jksmurf - thanks heaps

Perhaps it may help if you provided some screen shots as you go through the initial setup of tailmon?