TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

[ColinTaylor]

This is maybe a dumb question but is there any advantage for me to run TailMon on my Router, if I already have a Mac mini and a synology running Tailscale Subnet? all Im seeing for Me is downsides of higher CPU load on my router, another device to make sure is updated, and potential crashes that could take my router down, and therefore most of my Tailscale network. I certainly see in some instances where this would be perfect, but am I missing something?

Correct, I already have TS running a subnet and exit node on both Synology NAS and Mac mini, so redundancy also covered, as are all my cameras and devices I need to access from within the LAN. which is why I was wondering, other than adding additional work load to my router CPU, is there any Killer app to this that Im missing. Doesnt sound like it. I understand for people without spare desktops or NAS, allowing a Subnet /access to the LAN from the router is a huge win.

No you're not missing anything.

N.B. I'm talking about running Tailscale on the router in general, not specifically TAILMON which has additional monitoring/reporting features mentioned below.

 

[Viktor Jaep]

Correct, I already have TS running a subnet and exit node on both Synology NAS and Mac mini, so redundancy also covered, as are all my cameras and devices I need to access from within the LAN. which is why I was wondering, other than adding additional work load to my router CPU, is there any Killer app to this that Im missing. Doesnt sound like it. I understand for people without spare desktops or NAS, allowing a Subnet /access to the LAN from the router is a huge win.

Its a basic entry-level script for those not familiar with the installation procedure, or how to edit cfg files with the various options needed. The only other thing of interest is that it will force the tailscale service to start after a router reboot if it didn't come back up automatically, and will monitor it incase it does go down, and force a restart.

 

[alan6854321]

New version of Tailscale just came out - 1.70.0
Updated it using TAILMON and it all seems fine so far.

 

[jksmurf]

Its a basic entry-level script for those not familiar with the installation procedure, or how to edit cfg files with the various options needed. The only other thing of interest is that it will force the tailscale service to start after a router reboot if it didn't come back up automatically, and will monitor it incase it does go down, and force a restart.

Viktor is just being modest. It's actually much more than that, it also offers:

• a menu-based mechanism to update Tailscale; and
• a nice monitoring screen to allow you to see which devices are connected; and
• a mechanism to send you an alert (by email) if it does restart; and
• a way to easily change between userspace and kernel modes; and
• an easy way to uninstall tailscale

all without ever having to issue any commands via the CLI.

I think it's the cat's pyjamas; the bees knees. Take your pick

 

[Viktor Jaep]

Viktor is just being modest. It's actually much more than that, it also offers:

• a menu-based mechanism to update Tailscale; and
• a nice monitoring screen to allow you to see which devices are connected; and
• a mechanism to send you an alert (by email) if it does restart; and
• a way to easily change between userspace and kernel modes; and
• an easy way to uninstall tailscale

all without ever having to issue any commands via the CLI.

I think it's the cat's pyjamas; the bees knees. Take your pick

Oh and another popular feature seems to be the email alert you receive if your router happens to reboot spontaneously.

 

[rung]

Oh and another popular feature seems to be the email alert you receive if your router happens to reboot spontaneously.

Fyi, not sure if many people would want this, but I am the kind of person that goes after corner cases. So I updated my version of the script to have a new switch to just send an email and exit. Why? So I can call the script from services-start to send an email that says "hey, we are rebooting now and if you don't get a second email, tailmon never started correctly!". The corner case I was worried about was if the usb never mounted so the post-mount script would never run and tailmon didn't get kicked off.

Rung

 

[JGrana]

Tailmon/Tailscale is working well on my home network. Except for one case.
A QNap NAS - once enabled, I can no longer access the NAS via it’s local address (192.168.1.XXX). All other Tailscale enabled devices can be accessed locally.
If anyone has installed Tailscale on a QNap NAS, PM me…

 

[jksmurf]

If anyone has installed Tailscale on a QNap NAS, PM me…

Totally understand you separating this from the TAILMON discussion thread, but do come back and let us know how you got on with it, it might help someone else

EDIT: Lots of install instructions everywhere for QNAPs, was quite surprised. The lack of local access seems a common issue though? Right at the bottom someone has a suggestion, one being start Tailscale on the QNAP with the --accept-routes=FALSE flag?

 

[JGrana]

Totally understand you separating this from the TAILMON discussion thread, but do come back and let us know how you got on with it, it might help someone else

EDIT: Lots of install instructions everywhere for QNAPs, was quite surprised. The lack of local access seems a common issue though? Right at the bottom someone has a suggestion, one being start Tailscale on the QNAP with the --accept-routes=FALSE flag?

I will come back and explain how I got it to work - assuming I do ;-)
It’s a pain since every time I try something - and it doesn’t work, I need to force a reboot - which takes quite some time.
I did see that —accept-routes=false. That’s my next test.

 

[Viktor Jaep]

I will come back and explain how I got it to work - assuming I do ;-)
It’s a pain since every time I try something - and it doesn’t work, I need to force a reboot - which takes quite some time.
I did see that —accept-routes=false. That’s my next test.

Have you tried both http and https? Does it need a special port, or just straight 80/443? Does it come back with anything or just a timeout/404?

 

[JGrana]

Yes, I tried both. Pings and ssh attempts failed as well.
It appears that starting the daemon (tailscaled) then running tailscale with "up --accept-routes=false" gets it working best.

I had first installed the Tailscale qpkg using the manual method from Tailscales web site (https://pkgs.tailscale.com/stable/#qpkgs)

This will setup the binaries and directories. I did NOT enable it though. Since it doesn't work how I wanted, I just took the manual setup a few steps further

I ended up adding a startup script in "autorun.sh" that starts tailscaled then does the "tailscale up --accept-routes=false".

I online fine now - both tailnet and local. The autorun.sh has it so tailscale survives reboots.

Here is the sequence I did:

1) Make sure "Run user defined processes during startup" is checked in Control Panel->System->Hardware
2) Mount the config ramblock (where config/autorun.sh lives):
       mount $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config
3) Edit /tmp/config/autorun.sh and add the following line:

     /share/CACHEDEV1_DATA/.qpkg/Tailscale/tailinit &

4) Make sure autorun.sh is executable (chmod +x autorun.sh)
5) Unmount /tmp/config
       umount /tmp/config
     
6) Go to the tailscale directory:
      cd /share/CACHEDEV1_DATA/.qpkg/Tailscale
     
7) Create/edit "tailinit" and add the following lines:

#!/bin/sh
CONF=/etc/config/qpkg.conf
QPKG_NAME="Tailscale"
QPKG_ROOT=`/sbin/getcfg ${QPKG_NAME} Install_Path -f ${CONF}`
QPKG_PORT=`/sbin/getcfg ${QPKG_NAME} Service_Port -f ${CONF}`
export QNAP_QPKG=${QPKG_NAME}
set -e

    mkdir -p /home/httpd/cgi-bin/qpkg
    ln -sf ${QPKG_ROOT}/ui /home/httpd/cgi-bin/qpkg/${QPKG_NAME}
    mkdir -p -m 0755 /tmp/tailscale
    if [ -e /tmp/tailscale/tailscaled.pid ]; then
        PID=$(cat /tmp/tailscale/tailscaled.pid)
        if [ -d /proc/${PID}/ ]; then
          echo "${QPKG_NAME} is already running."
          exit 0
        fi
    fi
    logger -t "tailinit" "Starting tailscaled"
    ${QPKG_ROOT}/tailscaled --port ${QPKG_PORT} --statedir=${QPKG_ROOT}/state --socket=/tmp/tailscale/tailscaled.sock 2> /dev/null &
    echo $! > /tmp/tailscale/tailscaled.pid

    sleep 3

    ${QPKG_ROOT}/tailscale up --accept-routes=false
    logger -t "tailinit" "Taiscale started"

exit 0

8) Make sure tailinit is executable:
    chmod +x tailinit

Before rebooting the NAS, you will need to run tailinit once from the command line for 2 reasons.
1 - to make sure it actually starts tailscaled and tailscale
2 - to authenticate the NAS. For the first time, it will stop and ask you to login with a specific login string. Put that line in a web browser and allow the QNap NAS

./tailinit

It should start up fine. The reason I created a separate "tailinit" file was that I can easily make changes to tailscale - without having to go through the re-mounting of the /tmp/config filesystem.

So far, working well!

 

[jksmurf]

… online fine now - both tailnet and local.

Awesome feedback! I don’t have such a device but I’m sure it’ll be appreciated by those who do.

 

[Viktor Jaep]

Yes, I tried both. Pings and ssh attempts failed as well.
It appears that starting the daemon (tailscaled) then running tailscale with "up --accept-routes=false" gets it working best.

I had first installed the Tailscale qpkg using the manual method from Tailscales web site (https://pkgs.tailscale.com/stable/#qpkgs)

This will setup the binaries and directories. I did NOT enable it though. Since it doesn't work how I wanted, I just took the manual setup a few steps further

I ended up adding a startup script in "autorun.sh" that starts tailscaled then does the "tailscale up --accept-routes=false".

I online fine now - both tailnet and local. The autorun.sh has it so tailscale survives reboots.

Here is the sequence I did:

1) Make sure "Run user defined processes during startup" is checked in Control Panel->System->Hardware
2) Mount the config ramblock (where config/autorun.sh lives):
       mount $(/sbin/hal_app --get_boot_pd port_id=0)6 /tmp/config
3) Edit /tmp/config/autorun.sh and add the following line:

     /share/CACHEDEV1_DATA/.qpkg/Tailscale/tailinit &

4) Make sure autorun.sh is executable (chmod +x autorun.sh)
5) Unmount /tmp/config
       umount /tmp/config
    
6) Go to the tailscale directory:
      cd /share/CACHEDEV1_DATA/.qpkg/Tailscale
    
7) Create/edit "tailinit" and add the following lines:

#!/bin/sh
CONF=/etc/config/qpkg.conf
QPKG_NAME="Tailscale"
QPKG_ROOT=`/sbin/getcfg ${QPKG_NAME} Install_Path -f ${CONF}`
QPKG_PORT=`/sbin/getcfg ${QPKG_NAME} Service_Port -f ${CONF}`
export QNAP_QPKG=${QPKG_NAME}
set -e

    mkdir -p /home/httpd/cgi-bin/qpkg
    ln -sf ${QPKG_ROOT}/ui /home/httpd/cgi-bin/qpkg/${QPKG_NAME}
    mkdir -p -m 0755 /tmp/tailscale
    if [ -e /tmp/tailscale/tailscaled.pid ]; then
        PID=$(cat /tmp/tailscale/tailscaled.pid)
        if [ -d /proc/${PID}/ ]; then
          echo "${QPKG_NAME} is already running."
          exit 0
        fi
    fi
    logger -t "tailinit" "Starting tailscaled"
    ${QPKG_ROOT}/tailscaled --port ${QPKG_PORT} --statedir=${QPKG_ROOT}/state --socket=/tmp/tailscale/tailscaled.sock 2> /dev/null &
    echo $! > /tmp/tailscale/tailscaled.pid

    sleep 3

    ${QPKG_ROOT}/tailscale up --accept-routes=false
    logger -t "tailinit" "Taiscale started"

exit 0

8) Make sure tailinit is executable:
    chmod +x tailinit

Before rebooting the NAS, you will need to run tailinit once from the command line for 2 reasons.
1 - to make sure it actually starts tailscaled and tailscale
2 - to authenticate the NAS. For the first time, it will stop and ask you to login with a specific login string. Put that line in a web browser and allow the QNap NAS

./tailinit

It should start up fine. The reason I created a separate "tailinit" file was that I can easily make changes to tailscale - without having to go through the re-mounting of the /tmp/config filesystem.

So far, working well!

That is *QUITE* the workaround, @JGrana! I just remembered back when I was trying out "kernel mode", for the life of me, I couldn't connect to my own router's web UI... and then @Rajjco made the great suggestion to use the tailscale serve command.

It basically specifies which IP you want to serve up as an internal web server, can specify ports, etc. Did you happen to look into this? Here's his note:

TAILMON - TAILMON v1.0.19 -June 19, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

Haha maybe you or @ColinTaylor can raise a ticket on Tailscales GitHub. Maybe other Arch Linux users (GLiNET, Openwrt) have a similar issue and it’ll gain traction (unless someone already complained..) Meh. It's either probably "by design", or "for security reasons", or "due to limitations in...

www.snbforums.com

 

[rung]

Fyi, not sure if many people would want this, but I am the kind of person that goes after corner cases. So I updated my version of the script to have a new switch to just send an email and exit. Why? So I can call the script from services-start to send an email that says "hey, we are rebooting now and if you don't get a second email, tailmon never started correctly!". The corner case I was worried about was if the usb never mounted so the post-mount script would never run and tailmon didn't get kicked off.

Rung

In case anyone wants to add this (or if Viktor wants to add), here are the simple changes I made to the script:

--- tailmon_orig.sh
+++ tailmon_new.sh
@@ -1750,6 +1753,19 @@
       printf "behavior continues to persist.\n"
       printf "\n"
       } > "$tmpEMailBodyFile"
+
+# Rung: added request email functionality
+    elif [ "$2" == "Tailmon email requested" ]; then
+      emailSubject="WARNING: Router Has Unexpectedly Restarted"
+      emailBodyTitle="WARNING: Router Has Unexpectedly Restarted"
+      {
+      printf "<b>Date/Time:</b> $(date +'%b %d %Y %X')\n"
+      printf "\n"
+      printf "<b>WARNING: TAILMON</b> has been requested to send this email from the services-start script.\n"
+      printf "If no additional email is received, this means that TAILMON has failed to start for some reason.\n"
+      printf "Please investigate if this behavior continues to persist.\n"
+      printf "\n"
+      } > "$tmpEMailBodyFile"
     fi
     _SendEMailNotification_ "TAILMON v$version" "$emailSubject" "$tmpEMailBodyFile" "$emailBodyTitle"
   fi
@@ -2478,7 +2494,8 @@
 fi

 # Check and see if an invalid commandline option is being used
-if [ "$1" == "-h" ] || [ "$1" == "-help" ] || [ "$1" == "-setup" ] || [ "$1" == "-bw" ] || [ "$1" == "-noswitch" ] || [ "$1" == "-screen" ] || [ "$1" == "-now" ]
+# Rung: adding email switch
+if [ "$1" == "-h" ] || [ "$1" == "-help" ] || [ "$1" == "-setup" ] || [ "$1" == "-bw" ] || [ "$1" == "-noswitch" ] || [ "$1" == "-screen" ] || [ "$1" == "-now" ] || [ "$1" == "-email" ]
   then
     clear
   else
@@ -2515,6 +2532,15 @@
   echo -e "${CClear}"
   exit 0
 fi
+
+# Rung: added email switch
+if [ "$1" == "-email" ]
+  then
+  amtmemailfailure=1
+  sendmessage 1 "Tailmon email requested"
+  exit 0
+fi
+

 # Check to see if a second command is being passed to remove color
 if [ "$1" == "-bw" ] || [ "$2" == "-bw" ]

I then added the following to the services-start script:

(sleep 30 && /jffs/scripts/tailmon.sh -email) >/dev/null 2>&1  & # reboot warning

Rung

 

[Viktor Jaep]

In case anyone wants to add this (or if Viktor wants to add), here are the simple changes I made to the script:

--- tailmon_orig.sh
+++ tailmon_new.sh
@@ -1750,6 +1753,19 @@
       printf "behavior continues to persist.\n"
       printf "\n"
       } > "$tmpEMailBodyFile"
+
+# Rung: added request email functionality
+    elif [ "$2" == "Tailmon email requested" ]; then
+      emailSubject="WARNING: Router Has Unexpectedly Restarted"
+      emailBodyTitle="WARNING: Router Has Unexpectedly Restarted"
+      {
+      printf "<b>Date/Time:</b> $(date +'%b %d %Y %X')\n"
+      printf "\n"
+      printf "<b>WARNING: TAILMON</b> has been requested to send this email from the services-start script.\n"
+      printf "If no additional email is received, this means that TAILMON has failed to start for some reason.\n"
+      printf "Please investigate if this behavior continues to persist.\n"
+      printf "\n"
+      } > "$tmpEMailBodyFile"
     fi
     _SendEMailNotification_ "TAILMON v$version" "$emailSubject" "$tmpEMailBodyFile" "$emailBodyTitle"
   fi
@@ -2478,7 +2494,8 @@
 fi

 # Check and see if an invalid commandline option is being used
-if [ "$1" == "-h" ] || [ "$1" == "-help" ] || [ "$1" == "-setup" ] || [ "$1" == "-bw" ] || [ "$1" == "-noswitch" ] || [ "$1" == "-screen" ] || [ "$1" == "-now" ]
+# Rung: adding email switch
+if [ "$1" == "-h" ] || [ "$1" == "-help" ] || [ "$1" == "-setup" ] || [ "$1" == "-bw" ] || [ "$1" == "-noswitch" ] || [ "$1" == "-screen" ] || [ "$1" == "-now" ] || [ "$1" == "-email" ]
   then
     clear
   else
@@ -2515,6 +2532,15 @@
   echo -e "${CClear}"
   exit 0
 fi
+
+# Rung: added email switch
+if [ "$1" == "-email" ]
+  then
+  amtmemailfailure=1
+  sendmessage 1 "Tailmon email requested"
+  exit 0
+fi
+

 # Check to see if a second command is being passed to remove color
 if [ "$1" == "-bw" ] || [ "$2" == "-bw" ]

I then added the following to the services-start script:

(sleep 30 && /jffs/scripts/tailmon.sh -email) >/dev/null 2>&1  & # reboot warning

Rung

Please feel free to add this mod to the develop branch for TAILMON if you wish, OK? Sounds like great additions!

 

[Viktor Jaep]

New release including some changes attributed by @rung! Thanks very much!

What's new?
v1.0.20 - (July 27, 2024)
- PATCH: Thanks to @rung, he has contributed some changes to TAILMON that adds an "-email" switch to the script. Per @rung: Adds a new switch "-email" to be used by services-start script to warn the user that tailmon should be sending a successful start email soon. To automate at install, tailmon would have to create/update the services-start script and add something like:

(sleep 30 && /jffs/scripts/tailmon.sh -email) >/dev/null 2>&1  & # reboot warning

Thank you!

Download links (or update directly within AMTM/TAILMON):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"

 

[rung]

New release including some changes attributed by @rung! Thanks very much!

What's new?
v1.0.20 - (July 27, 2024)
- PATCH: Thanks to @rung, he has contributed some changes to TAILMON that adds an "-email" switch to the script. Per @rung: Adds a new switch "-email" to be used by services-start script to warn the user that tailmon should be sending a successful start email soon. To automate at install, tailmon would have to create/update the services-start script and add something like:

(sleep 30 && /jffs/scripts/tailmon.sh -email) >/dev/null 2>&1  & # reboot warning

Thank you!

Download links (or update directly within AMTM/TAILMON):

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"

Updated and works!

 

[joe scian]

Hi Victor
am trying to reinstall Tailmon to AC86U -

I deleted /var/run/tailscale expecting it to be recreated on reinstallation which it isnt. There were two config files in there originally but no tailscaled.sock. I manually created it and service starts. However as soon as i press U tailscale connection it stops service and remains dead. Version 1.7



Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory

Cannot connect any idea - I removed and tried to reinstall - same deal

Reset Tailscale Connection?
[y/n]: y

Messages:

Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory
Executing: tailscale up --reset

failed to connect to local tailscaled; it doesn't appear to be running

Messages:

Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory
Messages:

Executing: tailscale up --advertise-routes=192.168.2.0/24

failed to connect to local tailscaled; it doesn't appear to be running

[Tailscale Connection Successfully Reset]

Press any key to continue...

 

[jksmurf]

Hi Victor
am trying to reinstall Tailmon to AC86U -

I deleted /var/run/tailscale expecting it to be recreated on reinstallation which it isnt. There were two config files in there originally but no tailscaled.sock. I manually created it and service starts. However as soon as i press U tailscale connection it stops service and remains dead. Version 1.7



Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory

Cannot connect any idea - I removed and tried to reinstall - same deal

Reset Tailscale Connection?
[y/n]: y

Messages:

Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory
Executing: tailscale up --reset

failed to connect to local tailscaled; it doesn't appear to be running

Messages:

Executing: tailscale down

error fetching current status: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory
Messages:

Executing: tailscale up --advertise-routes=192.168.2.0/24

failed to connect to local tailscaled; it doesn't appear to be running

[Tailscale Connection Successfully Reset]

Press any key to continue...

I recall this comment by @ColinTaylor from the testing phase:

If you're going to remove the /var/run/tailscale and /var/lib/tailscale directories then it's only logical to remove the corresponding /opt/var/run/tailscale and /opt/var/lib/tailscale directories also. (ColinTaylor)

Maybe delete those directories as well, reboot, check entware (when testing for another Addon I ended up needing a repair of entware), then retry the reinstall?

k.

 

[joe scian]

I recall this comment by @ColinTaylor from the testing phase:

If you're going to remove the /var/run/tailscale and /var/lib/tailscale directories then it's only logical to remove the corresponding /opt/var/run/tailscale and /opt/var/lib/tailscale directories also. (ColinTaylor)

Maybe delete those directories as well, reboot, check entware (when testing for another Addon I ended up needing a repair of entware), then retry the reinstall?

k.

Deleted all those directories and reinstalled fresh from amtm. Also repaired binaries to entware. After installation -
1. 1 file in /var/run/tailscale ( tailscaled.sock) sometimes tailscaled.sock is created - sometimes not - seems intermittent.
2.var/lib/tailscale - 3 files
3. opt/var/run/tailscale - does not exist
4./opt/var/lib/tailscale - does not exist
5. there is no taildns in opt/bin

exactly same errors as previously