Tailscale as an Addon: Polite request for a Coder to implement

[jksmurf]

Hi,

Hopefully this won’t be taken the wrong way, but now that a few of us have successfully installed and are running Tailscale on Asus Merlin and the thread has 11K views (not sure if that’s a lot, but shows it has some interest) I was wondering if some kind soul would be willing to take up the baton and make a Tailscale install Addon, so lonelycoder could add it to the amtm menu?

Viktor Jaep has politely declined but (him/her) being involved in a number of other Addon Projects I can understand this.

Start of Tailscale Thread is Here

lonelycoders comment regarding adding it to amtm

Initial observations on Install Menu

If nothing else this post would hopefully make a potential addon more visible to users than the current location in Asus Wireless and either generate sufficient interest or allow folks (us) to see whether it will just whither on the vine .

There’s a few glitches (documented in the thread) wrt updates and entware and other things I don’t fully understand (I’m sure a coder would), but anyway, I thought I’d give this wee request a shot.

Cheers

k.

[EDIT]

• A more sophisticated Tailscale implementation with an install script has been developed and shown here by JA93; not an Addon yet, but hopefully…

 

[kuki68ster]

I second that…

 

[Viktor Jaep]

@jksmurf I just successfully installed tailscale... Wrapping my head around this, as it's counter intuitive from any other remote desktop app I've ever tried. I was trying endlessly trying to connect to my router from outside my network by going to it's tailscale IP (like https://101.22.193.44), but then I realized I can hit the router (and SSH) to it by just going to it's internal 192.168.50.x address. DERP.

I take it, if you want to remotely view any machines on your network, you'd have to use RDP? Seems tailscale simply provides the access to the machine itself, and stops there.

Couple of questions...

What's the best way to get tailscale to run as a service, so that it survives a reboot, running in the background? I didn't see anything in your links above on how to configure that portion?

EDIT:
I think I found what I was looking for (from your thread):

ETA: Also, I forgot to make sure to mention that these entries are also in my services-start script:
-------
/opt/etc/init.d/S06tailscaled start
tailscale up --accept-routes --advertise-routes=192.168.50.0/24

 

[visortgw]

@jksmurf I just successfully installed tailscale... Wrapping my head around this, as it's counter intuitive from any other remote desktop app I've ever tried. I was trying endlessly trying to connect to my router from outside my network by going to it's tailscale IP (like https://101.22.193.44), but then I realized I can hit the router (and SSH) to it by just going to it's internal 192.168.50.x address. DERP.

I take it, if you want to remotely view any machines on your network, you'd have to use RDP? Seems tailscale simply provides the access to the machine itself, and stops there.

Couple of questions...

What's the best way to get tailscale to run as a service, so that it survives a reboot, running in the background? I didn't see anything in your links above on how to configure that portion?

Sounds like @Viktor Jaep may be biting!

 

[jksmurf]

@jksmurf I just successfully installed tailscale...

That’s great Viktor, really appreciate you taking a look to see what it’s about. I’m not affiliated with Tailscale in any way, and my primary driver to install it in the first instance was that it has the ability to offer simple access to a network behind CGNAT Internet by my ISP, employing its easy to use “subnet router” implementation.

I’m pretty green with any sort of VPN, more of a casual user and there are many members of this forum whose experience and expertise extend well beyond that description, so may view Tailscale as a bit of a ‘VPN for dummies’, (TIC) but for what I need it for it fits the bill.

I did run OpenVPN and Wireguard on that particular network (on the Router) before I signed up to that ISP, and both worked well too. They both take a bit more tinkering IMO, whereas once I had Tailscale’s TailNet up and running, adding new devices and managing them was pretty simple.

The devices showing up in the Tailscale admin page and the ability to swap between my two TailNets, some with common devices, is pretty neat.

Tailscale’s website does a pretty good job of explaining differences between Tailscale and other VPNs e.g. https://tailscale.com/compare/wireguard and https://tailscale.com/compare/openvpn.

Is it as fast as these two? From reading and limited experience, not as fast as WG direct and certainly not if it can only negotiate a DERP connection. My experience has been positive on mostly direct connections though.

Wrapping my head around this, as it's counter intuitive from any other remote desktop app I've ever tried. I was trying endlessly trying to connect to my router from outside my network by going to it's tailscale IP (like https://101.22.193.44), but then I realized I can hit the router (and SSH) to it by just going to it's internal 192.168.50.x address. DERP.

As far as I am aware it’s not actually a RDP App; nor does it have those capabilities.

It’s simply a VPN, like OVPN and WG, so yes once I’m outside my network or accessing a separate one 9k km away, it just allows me to access the remote router’s WebGui or I can SSH in to the remote router, or an RPI 3B I have attached to it, all as if I was inside the network typing in “local” IP addresses.

Most times (issue “tailscale status” via SSH on a connected device) it tells me I am connected directly, not via a DERP relay. Plus it shows TX RX speeds.

I take it, if you want to remotely view any machines on your network, you'd have to use RDP? Seems tailscale simply provides the access to the machine itself, and stops there.

That is my understanding yes. Like OVPN, like WG.

Couple of questions...

What's the best way to get tailscale to run as a service, so that it survives a reboot, running in the background? I didn't see anything in your links above on how to configure that portion?

EDIT:
I think I found what I was looking for (from your thread):

ETA: Also, I forgot to make sure to mention that these entries are also in my services-start script:
-------
/opt/etc/init.d/S06tailscaled start
tailscale up --accept-routes --advertise-routes=192.168.50.0/24

Yep, that is my understanding as to how it survives a reboot.

It’s not really ‘my thread’ btw it’s @RandomUser777 work, all I did was spend so much time trying to get my head around it and write the steps down for myself that I was able to help one other person, pay it forward .

Note please that @JA93 has made a (now) ipk installable version in this thread which (should) greatly enhance the install experience and reduce the headaches from using a script. So far it's only been tested on one architecture armv7sf-k2.6 (the authors) so might need some time to nut out the gremlins.

How this will interface with amtm (@lonelycoder) and what the plans are for long term maintenance of it under amtm, we shall see , but it’s a very positive development. Wanted you to be aware of this so work is not duplicated and ideas for features and improvements can be shared.

k.

 

[Viktor Jaep]

That’s great Viktor, really appreciate you taking a look to see what it’s about. I’m not affiliated with Tailscale in any way, and my primary driver to install it in the first instance was that it has the ability to offer simple access to a network behind CGNAT Internet by my ISP, employing its easy to use “subnet router” implementation.

Well, I love to tinker and try new things... this was interesting to me!

I’m pretty green with any sort of VPN, more of a casual user and there are many members of this forum whose experience and expertise extend well beyond that description, so may view Tailscale as a bit of a ‘VPN for dummies’, (TIC) but for what I need it for it fits the bill.

It seems like a really well-implemented custom wireguard mesh network now that I have had some time to play with it. I did seem to have some serious latency or lag issues, trying to connect to my local network from my phone on 5G... it would just kind of hang. The android app seems to create a VPN connection to tailscale to do its thing... Not sure what that was all about, but worked much better from my laptop. I'll continue playing with it.

As far as I am aware it’s not actually a RDP App; nor does it have those capabilities.

Yeah, I was assuming it was a remote desktop app, like teamviewer of sorts... but you're right. It provides secure accessibility to your internal network so you can interact with those devices whichever way you want.

Note please that @JA93 has made a (now) ipk installable version in this thread which (should) greatly enhance the install experience and reduce the headaches from using a script. So far it's only been tested on one architecture armv7sf-k2.6 (the authors) so might need some time to nut out the gremlins.

How this will interface with amtm (@lonelycoder) and what the plans are for long term maintenance of it under amtm, we shall see , but it’s a very positive development. Wanted you to be aware of this so work is not duplicated and ideas for features and improvements can be shared.

Sounds like it's well underway... I'll definitely be watching with interest!

Thanks for putting a spotlight on this!

 

[heysoundude]

Hi,

Hopefully this won’t be taken the wrong way, but now that a few of us have successfully installed and are running Tailscale on Asus Merlin and the thread has 11K views (not sure if that’s a lot, but shows it has some interest) I was wondering if some kind soul would be willing to take up the baton and make a Tailscale install Addon, so lonelycoder could add it to the amtm menu?

Viktor Jaep has politely declined but (him/her) being involved in a number of other Addon Projects I can understand this.

Start of Tailscale Thread is Here

lonelycoders comment regarding adding it to amtm

Initial observations on Install Menu

If nothing else this post would hopefully make a potential addon more visible to users than the current location in Asus Wireless and either generate sufficient interest or allow folks (us) to see whether it will just whither on the vine .

There’s a few glitches (documented in the thread) wrt updates and entware and other things I don’t fully understand (I’m sure a coder would), but anyway, I thought I’d give this wee request a shot.

Cheers

k.

[EDIT]

• A more sophisticated Tailscale implementation with an install script has been developed and shown here by JA93; not an Addon yet, but hopefully…

Why tailscale over WireGuard? my recollection is that TailScale is basically a Packaged WireGuard:
depending on which kernel your router can run, and whether Asus is more current with their kernel usage, Wireguard has been part of the linux kernel since i want to say k5.4. Another recollection I have which is probably mistaken as well is that the Wireguard GO version is to be avoided due to it being not as secure or having issues in that regard, so while it may be able to run on hardware constrained by older kernels, it should be avoided if privacy/security is of any concern to you and your users (and it should be, because nobody truly has "nothing to hide")

 

[Viktor Jaep]

Why tailscale over WireGuard? my recollection is that TailScale is basically a Packaged WireGuard:
depending on which kernel your router can run, and whether Asus is more current with their kernel usage, Wireguard has been part of the linux kernel since i want to say k5.4. Another recollection I have which is probably mistaken as well is that the Wireguard GO version is to be avoided due to it being not as secure or having issues in that regard, so while it may be able to run on hardware constrained by older kernels, it should be avoided if privacy/security is of any concern to you and your users (and it should be, because nobody truly has "nothing to hide")

After looking into it more, it's because they have built out a very powerful wireguard-based architecture to securely network and manage your infrastructure from behind a firewall. This pretty much sums is up: https://tailscale.com/why-tailscale

I'm still a bit green when it comes to wireguard, but I'm pleasantly surprised with Tailscale's capabilities.

 

[nachito]

This one outlines the Tailscale additions, built on top of Wireguard - https://tailscale.com/compare/wireguard
"Tailscale manages key distribution and all configurations for you. This can be particularly useful if some of the devices belong to non-technical users."

I believe the main value-add of Tailscale is centrally managed config and key distribution. It's most useful for large, multi-site situations where transferring and configuring multiple keys/configs starts to become burdensome. You could accomplish the very same thing using just Wireguard if you're willing to manually configure it.

 

[jksmurf]

Why tailscale over WireGuard? my recollection is that TailScale is basically a Packaged WireGuard:
depending on which kernel your router can run, and whether Asus is more current with their kernel usage, Wireguard has been part of the linux kernel since i want to say k5.4. Another recollection I have which is probably mistaken as well is that the Wireguard GO version is to be avoided due to it being not as secure or having issues in that regard, so while it may be able to run on hardware constrained by older kernels, it should be avoided if privacy/security is of any concern to you and your users (and it should be, because nobody truly has "nothing to hide")

Hopefully without appearing to cop out, I’m going to let the far more technically savvy and experienced folks explain why. I’ve used both and as detailed above, for my personal requirements I could use either, use behind a CGNAT permitting, something which of the two, only Tailscale can do, but just find TS easier.

 

[jksmurf]

Sounds like it's well underway... I'll definitely be watching with interest!

Cheers and if you get an idle moment (TIC), maybe give JA93’s install a try; a couple of us had issues on aarch64 so an independent trial would be good.

I’m hoping it doesn’t make TS go TU on your system but a heads up it might, so it’s really a “I’ve got a few hours free” trial ;-).

Thanks for putting a spotlight on this!

Just paying it forward with what very modest abilities I have, you and your colleagues pumping out scripts deserve an enormous amount of credit, thanks for all you do.

 

[sfx2000]

Hopefully this won’t be taken the wrong way, but now that a few of us have successfully installed and are running Tailscale on Asus Merlin and the thread has 11K views (not sure if that’s a lot, but shows it has some interest) I was wondering if some kind soul would be willing to take up the baton and make a Tailscale install Addon, so lonelycoder could add it to the amtm menu?

How much are you willing to pay?

Not to sound mercenary, but someone is looking forward to kindness of others...

 

[jksmurf]

How much are you willing to pay?

Not to sound mercenary, but someone is looking forward to kindness of others...

Absolutely fair point, especially if I was running a business on the back of these, which I’m not. Look I don’t ‘need’ this in amtm, I can make it run without, which for my personal setup works just fine.

My request for a “coder” in the subject heading, which is probably what prompted your question, was simply because here lonelycoder said he would add it to amtm if “another coder would do the grunt work and write an amtm-compatible script that gets some reasonable attention on this board.”

The inner geek in me thinks it would be neater to have it there, so others who have the same sparse technical skills as myself can implement it without the hassle.

So let’s say I’m happy to pay what all the other folks who have used scripts in amtm as Addons for personal use are paying (donations aside).

 

[JA93]

I tried to add tailscale to router gui but command doesnt work... (pressing button does nothing)

Install Script:

#!/bin/sh

source /usr/sbin/helper.sh

# Does the firmware support addons?
nvram get rc_support | grep -q am_addons
if [ $? != 0 ]
then
logger "Tailscale" "This firmware does not support addons!"
exit 5
fi

# Tailscale.asp is in /jffs/addons/tailscale/
am_get_webui_page /jffs/addons/tailscale/tailscale.asp

if [ "$am_webui_page" = "none" ]
then
logger "Tailscale" "Unable to install Tailscale page"
exit 5
fi
logger "Tailscale" "Mounting Tailscale page as $am_webui_page"

# Copy custom page directly from addon directory
cp /jffs/addons/tailscale/tailscale.asp /www/user/$am_webui_page

# Copy menuTree
if [ ! -f /tmp/menuTree.js ]
then
cp /www/require/modules/menuTree.js /tmp/
mount -o bind /tmp/menuTree.js /www/require/modules/menuTree.js
fi

# Insert link at the end of the Tools menu
sed -i "/url: \"Advanced_TOR_Content.asp\", tabName:/a {url: \"$am_webui_page\", tabName: \"Tailscale\"}," /tmp/menuTre >
# sed and binding mounts don't work well together, so remount modified file
umount /www/require/modules/menuTree.js && mount -o bind /tmp/menuTree.js /www/require/modules/menuTree.js

Tailscale.asp:

<!DOCTYPE html>
<html>
<head>
<title>Tailscale Manager</title>
<link rel="stylesheet" type="text/css" href="/index_style.css">
<style>
/* Add your custom CSS styles here */
</style>
</head>
<body>
<div class="main-container">
<h2>Tailscale Manager</h2>
<div id="status"></div>
<button onclick="startTailscaled()">Start Tailscaled</button>
<button onclick="stopTailscaled()">Stop Tailscaled</button>
<button onclick="restartTailscaled()">Restart Tailscaled</button>
<button onclick="checkTailscaled()">Check Tailscaled</button>
<button onclick="killTailscaled()">Kill Tailscaled</button>
<button onclick="reconfigureTailscaled()">Reconfigure Tailscaled</button>
<br>
<button onclick="tailscaleUp()">Tailscale Up</button>
<button onclick="tailscaleDown()">Tailscale Down</button>
<script>
function startTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled start %>';
document.getElementById('status').innerHTML = output;
}

function stopTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled stop %>';
document.getElementById('status').innerHTML = output;
}

function restartTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled restart %>';
document.getElementById('status').innerHTML = output;
}

function checkTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled check %>';
document.getElementById('status').innerHTML = output;
}

function killTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled kill %>';
document.getElementById('status').innerHTML = output;
}

function reconfigureTailscaled() {
var output = '<% /opt/etc/init.d/S06tailscaled reconfigure %>';
document.getElementById('status').innerHTML = output;
}

function tailscaleUp() {
var output = '<% tailscale up %>';
document.getElementById('status').innerHTML = output;
}

function tailscaleDown() {
var output = '<% tailscale down %>';
document.getElementById('status').innerHTML = output;
}
</script>
</div>
</body>
</html>

 

[jksmurf]

Thank you JA93, it’s way out of my comfort zone so I’m not really qualified to comment on these. I don’t think it’s possible to make amendments to the GUI without interfacing with @RMerlin though.

I would say that any script would need to integrate with amtm, have the ability to install and be removed to restore any changes, and maintained by whoever wrote it over a sustained period.

Perhaps @lonelycoder would comment at this point in time?

[EDIT] Please see the released Tailmon Script by Viktor Jaep