What's new

TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Can you elaborate a bit more on the new (U)pdate option?

Here is my scenario. I installed Tailscale via the @ColinTaylor method on both my home AX88U Pro router and a remote (my cabin) AX86U router. I can now ssh into my remote system.

Unfortunately, I am back “home” (2200 miles away) and want to keep the connection.

If I then install and update TAILMON on the 2 routers do I risk losing the connection between the two during the updates?
 
Can you elaborate a bit more on the new (U)pdate option?

Here is my scenario. I installed Tailscale via the @ColinTaylor method on both my home AX88U Pro router and a remote (my cabin) AX86U router. I can now ssh into my remote system.

Unfortunately, I am back “home” (2200 miles away) and want to keep the connection.

If I then install and update TAILMON on the 2 routers do I risk losing the connection between the two during the updates?
Unless you have another way to backdoor your way into your router, I probably wouldn't risk doing a remote update like that. After the update completes, it recommends/requires a restart of the Tailscale services, which at this point, may cut off your connection. When doing it the manual way, it will also wipe out all your switches and settings, and bring it back to a vanilla install. With TAILMON, I have it restoring all these settings during the reset so it's more or less uninterrupted. But I would recommend being there in person incase it needs special attention, or for some web UI assistance.

Also... just know, @ColinTaylor recommends against doing this update due to possible compatibility issues. So this is all at your own risk. He has made the request to the entware devs to update the binary from 1.58... so there's not a huge rush. 1.58 works perfectly fine, and cannot even tell a functional difference between it and 1.64. I have not run into issues yet... <knock on wood>
 
Last edited:
Thanks @Viktor Jaep - good advice. For now I will leave it alone.
 
Unfortunately, I am back “home” (2200 miles away) and want to keep the connection.

If I then install and update TAILMON on the 2 routers do I risk losing the connection between the two during the updates?

My offset-distance is 9000kms so I understand the concern!

Referring to Viktor's backdoor note, for future reference, I’d suggest a low power device like an RPi4 (3B+ at pinch) or an AppleTV (certain models only) that you can attach as a backup subnet router, as an easy way to get back in to the router if you bork the Tailmon setup or update.

You can set one of them up as a subnet router, disable the key expiry and just leave it on the tailnet and just enable the subnet router function when the main subnet routers tailscale connection (your router) goes TU. Attach them via Ethernet, they operate as a backup subnet router, cheap and cheerful. I also experimented with a repurposed Dell Wyse 5070 running DietPi as a slightly more powerful, subnet router, but it has a higher power demand, so have dropped that for now.

The AppleTV is super easy to set up for this purpose. The RPi setup is a little harder, here’s a rough write up I did for mine a while ago.
 
Last edited:
I’ve set custom nameservers for my tailnet (the IPs of my AdGuard enabled SBCs) so I can use AdGuard outside the home. If I install Tailscale directly on the router using TAILMON, would it be possible (or would it even be necessary) to set the router to accept-dns=false? Or would the router by default keep using what I have set in the WAN DNS setting?
This would probably require some experimentation. Granted, my setup does not look like yours... but I'm using Unbound over VPN for DNS lookups, and from what I can tell, all DNS lookups continue out over that path... so it seems like it uses whatever is in place. In your case, the WAN DNS would likely continue to be used. But experiment, and let us know what you find. A lot of this is new to us as well. ;)
 
I’m struggling with DNS as well:

I expected to be able to remotely access devices on my local network (home.lan) by hostname, when Tailscale is active, because I have set up a Split DNS for it (192.168.1.1 for home.lan, which is also a search domain).

Unfortunately, I can only access my devices by their local IP address (192.168.x.y).

(I’m using NextDNS as the global option in Tailscale and the NextDNS CLI on my router)
 
Last edited:
I’ve set custom nameservers for my tailnet (the IPs of my AdGuard enabled SBCs) so I can use AdGuard outside the home. If I install Tailscale directly on the router using TAILMON, would it be possible (or would it even be necessary) to set the router to accept-dns=false? Or would the router by default keep using what I have set in the WAN DNS setting?
Screenshot 2024-05-02 212314.png


Add your Adguard ip running Tailscale here and It will be used to process dns requests. If you do not add any ip It will use the exit node dns settings.

You cannot access devices on a Tailnet network unless you are connected to Tailnet. So you have to connect using Tailscale to have access to Adguard from outside the home.
 
I’m struggling with DNS as well:

I expected to be able to remotely access devices on my local network (home.lan) by hostname, when Tailscale is active, because I have set up a Split DNS for it (192.168.1.1 for home.lan, which is also a search domain).

Unfortunately, I can only access my devices by their local IP address (192.168.x.y).

(I’m using NextDNS as the global option in Tailscale and the NextDNS CLI on my router)
I could never get Tailscale's split DNS or search domains to work in the way the documentation says. In the I settled on this, but it does mean that your tailnet is dependent on the router's DNS server always being available.

Untitled.png
EDIT: If you're using kernel mode you have to add an interface=tailscale0 line to /jffs/configs/dnsmasq.conf.add.
 
Last edited:
I could never get Tailscale's split DNS or search domains to work in the way the documentation says. In the I settled on this, but it does mean that your tailnet is dependent on the router's DNS server always being available.

View attachment 58404
Even that does not seem to work for me.

As soon as I switch to Cellular on my iPhone (and enable Tailscale) I can no longer resolve hostnames using `nslookup` (not even if explicitly specifying 192.168.1.1 as the nameserver to use) and `dig`.
 
Even that does not seem to work for me.

As soon as I switch to Cellular on my iPhone (and enable Tailscale) I can no longer resolve hostnames using `nslookup` (not even if explicitly specifying 192.168.1.1 as the nameserver to use) and `dig`.
Make sure "Override local DNS" is enabled so your client is using 100.100.100.100 as their DNS server. Although additionally specifying 192.168.1.1 should also work.

EDIT: Are you using userspace mode? I don't think my DNS settings work in kernel mode.

EDIT 2: Actually they do work in kernel mode but you have to add an interface=tailscale0 line to dnsmasq.conf.
 
Last edited:
I am using kernel mode, but adding the interface line (and restarting dnsmasq) did not help.

A lookup for just a hostname immediately returns NXDOMAIN and a lookup for hostname.home.lan shows a (DNS) server/address before returning NXDOMAIN.
 
I am using kernel mode, but adding the interface line (and restarting dnsmasq) did not help.

A lookup for just a hostname immediately returns NXDOMAIN and a lookup for hostname.home.lan shows a (DNS) server/address before returning NXDOMAIN.
Maybe it's an Apple thing and it's circumventing the way Tailscale redirects DNS queries. It works on my android phone, but Override local DNS must be enabled otherwise it just uses it's normal DNS.

EDIT: It could also be because you're using NextDNS CLI which has been known to cause problems more generally IIRC.
 
Last edited:
I have override dns to on and dns set to 192.168.50.1, have to have a subnet router to on, I have my router (now, thanks!!!!!!!) and a Apple TV (recommend to have at least 2). I have unbound going over openvpn to airvpn and all is working perfect! I can access my router while connected. This is a screenshot of my phone connected to my tailnet with split dns.

 
Shoring up a few items... hopefully helping with a reduction in certain error messages at certain times, and a cleaner system on an uninstall. Thanks to @jksmurf for noticing that these folders were sticking around even after Tailscale was supposedly uninstalled. ;)

What's new?
v1.0.8 - (May 3, 2024)
- PATCH: Increased the timer by a few seconds
after the Tailscale service is started to hopefully reduce any possible error messages you would see when issuing a "tailscale up" command. It's a theory that when the service is started and not completely ready to go yet, that when the "up" command is given, that this may cause an benign unresponsive tailscale error message, and would require a successive "up" command to get it going.
- PATCH: Included a few more Tailscale folders in the uninstall routine, as the v1.64 version of Tailscale adds a couple of different locations where files are being kept. These will all now be cleaned up after any uninstall of the Tailscale package.

Download link (or install directly within TAILMON):
Code:
curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/TAILMON/master/tailmon.sh" -o "/jffs/scripts/tailmon.sh" && chmod 755 "/jffs/scripts/tailmon.sh"
 
I have switched from Custom to Kernel and removed the custom flag `--accept-dns=false`. I briefly see this error:

Code:
Error: changing settings via 'tailscale up' requires mentioning all
non-default flags. To proceed, either re-run your command with --reset or
use the command below to explicitly mention the current value of
all non-default settings:

    tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --accept-dns=false

I can fix this using `tailscale up --reset` on the command line, but how does TAILMON handle this?
 
I can fix this using `tailscale up --reset` on the command line, but how does TAILMON handle this?
It doesn't at the moment... you're venturing into the "custom" usage world of using Tailscale... ;) ...and setting/resetting custom flags like this will require some manual intervention at this point. I may build in some option to execute a "tailscale up --reset" for those who may need it.
 
Thanks for this, Viktor, great stuff as always.

Just wondering if it’s possible (and if it makes sense) to setup the router as an exit node and have traffic hitting NordVPN before reaching the internet in this case for anonymity?

e.g. Device (on tailnet)->Router (acting as tailnet exit node)->NordVPN->Internet
 
Thanks for this, Viktor, great stuff as always.

Just wondering if it’s possible (and if it makes sense) to setup the router as an exit node and have traffic hitting NordVPN before reaching the internet in this case for anonymity?

e.g. Device (on tailnet)->Router (acting as tailnet exit node)->NordVPN->Internet
That's a great question... We'll have to look into seeing if it's possible to specify a specific interface for inbound/outbound traffic.
 
Thanks for this, Viktor, great stuff as always.

Just wondering if it’s possible (and if it makes sense) to setup the router as an exit node and have traffic hitting NordVPN before reaching the internet in this case for anonymity?

e.g. Device (on tailnet)->Router (acting as tailnet exit node)->NordVPN->Internet
I'm wondering what everyone's opinion is of this... but I would think that if I specified the internal private IP address of my VPN connection, and stuck that in this --exit-node setting, that I would be able to route internet traffic across my VPN connection. Thoughts?

Code:
 --exit-node string
        Tailscale exit node (IP or base name) for internet traffic, or empty string to not use an exit node

I'm going to try this out... BRB.

FAIL: I guess it refers to a device that's already assigned an exit node IP. Forget it. ;)

EDIT2: I'm wondering if it even matters... it's basically a peer-to-peer secure, wireguard-enabled mesh VPN. Not sure if running it across yet another VPN provider even helps at this point.
 
Last edited:
I'm wondering if it even matters... it's basically a peer-to-peer secure, wireguard-enabled mesh VPN. Not sure if running it across yet another VPN provider even helps at this point.
I’m hoping to set and forget the vpn on for example iOS devices for convenience.

Given iOS only allows one active vpn connection at any time hence I’ll have to enable tailscale if looking to access devices on the mesh and disable it + enable NordVPN to remain anonymous on the internet - will be super if there is a way to achieve both at the same time.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top