TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

[xexets]

Hello, new to this world almost entirely. I find myself away from my Asus 86u (merlin) router for a prolonged period and 'luckily' by mistake I had turned remote connection on. I now want to disable that remote connection and install tailscale for security reasons.
So via WAN SSH (big no-no, I know, but I have no other way of accessing it at the moment), I installed enware on jffs (again, not recommended, but I am away and cannot physically plug in a usb stick), then tailmon. Had several hiccups but in the end I got it to work, I see the router on my tailnet, I was able to access the router interface via tailnet address, I checked in tailmon and I had YES to start after reboot. So I rebooted the router to check and tailscale does not start.
I SSH back into the router and when I type talemon it starts the installer all over again. BUT - it cannot continue because it says I don't have entware installed. So I guess the reboot wiped the both tailmon and entware installs? Can anyone please help?
Thanks

 

[Viktor Jaep]

I ran update twice and after both times I’m still in 1.0.18. Updated version showing empty like last picture

I ran the command in the picture attached. It looks normal.

I would like to add that I’m connected to the device remotely through Tailscale and during the update processes and tailmon restart I was not kicked out of terminal/connection.

This is extremely unusual... Seems like your router both can't see github correctly to pull down the right version... and unable to write files under the /jffs/addons/tailmon.d subfolder structure. Are you seeing anything unusual in your syslog?

What happens if you try to manually create this file?

{
echo "1.0.19"
} > /jffs/addons/tailmon.d/version.txt

 

[Viktor Jaep]

Hello, new to this world almost entirely. I find myself away from my Asus 86u (merlin) router for a prolonged period and 'luckily' by mistake I had turned remote connection on. I now want to disable that remote connection and install tailscale for security reasons.
So via WAN SSH (big no-no, I know, but I have no other way of accessing it at the moment), I installed enware on jffs (again, not recommended, but I am away and cannot physically plug in a usb stick), then tailmon. Had several hiccups but in the end I got it to work, I see the router on my tailnet, I was able to access the router interface via tailnet address, I checked in tailmon and I had YES to start after reboot. So I rebooted the router to check and tailscale does not start.
I SSH back into the router and when I type talemon it starts the installer all over again. BUT - it cannot continue because it says I don't have entware installed. So I guess the reboot wiped the both tailmon and entware installs? Can anyone please help?
Thanks

I have a feeling that you will continue to deal with issues in this unsupported configuration, @xexets ... I would really recommended getting this set up correctly, with an external USB drive, installing entware normally, adding a swap, etc... I think you're introducing a lot of uncertainty and strain on the router going down this path. In fact, I'm surprised you didn't exceed the limits of JFFS straight of the gate, as it usually can only handle a max of about 40MB. If things weren't able to save their own settings, such as configuring TAILMON to start on reboot, then you very well may have run out of space on that partition.

If it's remote, see if you can get a friend or family member to plug a USB drive into it... get it formatted, and prepped for your router. That might be your best next step!

 

[xexets]

I have a feeling that you will continue to deal with issues in this unsupported configuration, @xexets ... I would really recommended getting this set up correctly, with an external USB drive, installing entware normally, adding a swap, etc... I think you're introducing a lot of uncertainty and strain on the router going down this path. In fact, I'm surprised you didn't exceed the limits of JFFS straight of the gate, as it usually can only handle a max of about 40MB. If things weren't able to save their own settings, such as configuring TAILMON to start on reboot, then you very well may have run out of space on that partition.

If it's remote, see if you can get a friend or family member to plug a USB drive into it... get it formatted, and prepped for your router. That might be your best next step!

Thank you! Yes, I thought that much. And I don't want to leave SSH over WAN / web access on more than strictly needed, so for now I have configured wireguard access (the only security issue is that it needs DDNS on, which seems to be much less of an issue than SSH over WAN / web access), and will configure TAILMON when I am back on a USB drive. Thank you!

 

[Viktor Jaep]

Thank you! Yes, I thought that much. And I don't want to leave SSH over WAN / web access on more than strictly needed, so for now I have configured wireguard access (the only security issue is that it needs DDNS on, which seems to be much less of an issue than SSH over WAN / web access), and will configure TAILMON when I am back on a USB drive. Thank you!

Good luck with this project! Sounds like a fun one!! Definitely report back in when you have achieved your goals - would love to hear!

 

[Dr.Rom]

This is extremely unusual... Seems like your router both can't see github correctly to pull down the right version... and unable to write files under the /jffs/addons/tailmon.d subfolder structure. Are you seeing anything unusual in your syslog?

What happens if you try to manually create this file?

{
echo "1.0.19"
} > /jffs/addons/tailmon.d/version.txt

I don’t see anything unusual in the log file. Writing the txt file was unproblematic (the one which I deleted before). I ran the update (twice) and it says that it is downloading version 1.0.19 but I keep ending with 1.0.18 instead. What I only noticed is that in amtm update menu that amtm takes a bit longer to check updates for the scripts but everything’s runs normally I just need to wait a little bit longer.

 

[Viktor Jaep]

I don’t see anything unusual in the log file. Writing the txt file was unproblematic (the one which I deleted before). I ran the update (twice) and it says that it is downloading version 1.0.19 but I keep ending with 1.0.18 instead. What I only noticed is that in amtm update menu that amtm takes a bit longer to check updates for the scripts but everything’s runs normally I just need to wait a little bit longer.

Could you do a "ls -alh" in your /jffs/scripts folder please?

And yeah, not seeing anything of interest in your syslogs... hum.

 

[Viktor Jaep]

@Dr.Rom ... just tried to duplicate your experience. I loaded 1.0.12, and went through the upgrade process to 1.0.19... everything went smooth.

 

[Dr.Rom]

Could you do a "ls -alh" in your /jffs/scripts folder please?

And yeah, not seeing anything of interest in your syslogs... hum.

here is the result of the command

Just a reminder that I installed 1.0.12 not through amtm rather directly through curl sh line you provided.

After that I found that my only route to upgrade was to re use that command again for each update.

 

[jksmurf]

ohere is the result of the command
View attachment 59681

Just a reminder that I installed 1.0.12 not through amtm rather directly through curl sh line you provided.

After that I found that my only route to upgrade was to re use that command again for each update.

If your router is not remote might be easiest to just uninstall TAILMON completely, consider doing an option 3 entware reinstall, then install TAILMON via the AMTM menu this time?

Not that the curl approach doesn’t work, but the AMTM based install and updates has been tested a fair bit.

[EDIT] I see your router is remote, perhaps you could install (or use if installed) Wireguard or OpenVPN to accomodate the remote logon temporarily to do the uninstall/reinstall I suggested?

Or, a bit OT, if you have one attached to that remote subnet, temporarily change to your alternative subnet router in your Tailnet (using the Tailscale console) e.g. I have an AppleTV device with Tailscale installed as a backup subnet router (but disabled in the console) then I just enable the AppleTV's subnet router capability in the console and disable my Router's subnet router status. You can still access the router via SSH to do work on it, it is accessible, just not enabled in your tailnet. When you have finished re-installing Tailmon (and entware), you can then re-enable the Router and disable the AppleTV.

 

[Viktor Jaep]

here is the result of the command
View attachment 59681

Just a reminder that I installed 1.0.12 not through amtm rather directly through curl sh line you provided.

After that I found that my only route to upgrade was to re use that command again for each update.

Yeah, I basically did the same step, bypassing AMTM. I can't find an issue. Agree with @jksmurf. See if you can uninstall the script... then try it from AMTM? Perhaps that will provide you with some better luck? I have never seen this behavior before... if you have time, I would seriously also think about doing a complete router reset from scratch, format your USB drive, etc... there's something awfully fishy going on. It really seems permission-related... which is a hard one to solve, and might be easier to solve by resetting.

 

[Fuechslein]

Would it be possible to add the option to set the "--login-server" parameter through the gui instead of having to use "Custom Operation Mode"? (Just like Exitnode, advertise and accept routes options) Would make it much easier to use it toegther with a selfhosted headscale server.

 

[jksmurf]

Would it be possible to add the option to set the "--login-server" parameter through the gui instead of having to use "Custom Operation Mode"? (Just like Exitnode, advertise and accept routes options) Would make it much easier to use it toegther with a selfhosted headscale server.

Hi and I hope you’re enjoying @Viktor Jaep’s work.

Anything is possible and the final call is @Viktor Jaep’s, but we had a discussion about what made sense as standard options at the development and testing phase and you’re probably aware more than most just how many options and switches tailscale has.

Whilst adding options as a stand-alone is one thing, when you start combining these it gets even more complicated; with increasing potential to ‘break’ things. If there were a 1000 users all clamouring for this option he might reconsider .

Anyway ultimately it is @Viktor Jaep who will decide.

 

[Viktor Jaep]

Would it be possible to add the option to set the "--login-server" parameter through the gui instead of having to use "Custom Operation Mode"? (Just like Exitnode, advertise and accept routes options) Would make it much easier to use it toegther with a selfhosted headscale server.

Yeah, I think unfortunately this is one of those special cases that is best reserved for the use of "Custom Operations Mode"... because these are advanced features that 99.9% of the tailscale users will probably never touch. The goal here was to provide the very basics using TAILMON that let the other 99% use Tailscale from their router without having to intimately know Tailscale and all that goes into it. Really, it can be complicated enough right now with the features available. Thanks for asking though... best of luck with your headscale setup!

 

[Fuechslein]

Thanks for taking the time answer and explain the reasoning behind it.

Just for reference, got tailmon working together with headscale without any problems. Multiple asus routers (with tailmon ), site2site networking and several client devices. All working flawlessly. Big upgrade over my previous wireguard setup.

 

[Viktor Jaep]

Thanks for taking the time answer and explain the reasoning behind it.

Just for reference, got tailmon working together with headscale without any problems. Multiple asus routers (with tailmon ), site2site networking and several client devices. All working flawlessly. Big upgrade over my previous wireguard setup.

Absolutely. Thanks for introducing me to headscale. I definitely need to dive into it more. If you found any good resources on that, please don't hesitate to post any links regarding it!

 

[jksmurf]

Thanks for introducing me to headscale.

Oh No... HEADMON ....

 

[Threska49]

Oh No... HEADMON ....

Software that comes with it's own shampoo.

 

[Fuechslein]

Absolutely. Thanks for introducing me to headscale. I definitely need to dive into it more. If you found any good resources on that, please don't hesitate to post any links regarding it!

Official documentation under https://headscale.net/, I didn't need anything else. Deployed the latest available version with docker and put it behind a reverse proxy. Has been running flawlessly for some days now.
Since the only way to manage headscale is through the CLI, I wouldn't recommend it for novice users. No nice UI.

Oh No... HEADMON ....

Unfortunately I don't think it can be run on a router...

Spoiler

YET

EDIT:

Seems to launch just fine, would need to do some testing if it also works as intended.

EDIT2:

Well, good luck with headmon.

 

[Viktor Jaep]

Official documentation under https://headscale.net/, I didn't need anything else. Deployed the latest available version with docker and put it behind a reverse proxy. Has been running flawlessly for some days now.
Since the only way to manage headscale is through the CLI, I wouldn't recommend it for novice users. No nice UI.



Unfortunately I don't think it can be run on a router...

Spoiler

YET

EDIT:

View attachment 59811

Seems to launch just fine, would need to do some testing if it also works as intended.

EDIT2:

View attachment 59813

View attachment 59815

Well, good luck with headmon.

Wow, that's pretty crazy... what are your thoughts on this FAQ? Are you seeing any issues?

Can I use headscale and tailscale on the same machine?¶​

Running headscale on a machine that is also in the tailnet can cause problems with subnet routers, traffic relay nodes, and MagicDNS. It might work, but it is not supported.