Tailscale version: 1.28.0, as used in the linked instructions
Your operating system & version: Alpine 3.16 (in a container, w/ golang1.19.0)
===========
Having followed the instructions on “Using Tailscale on Azure App Services” (Using Tailscale on Azure App Services · Tailscale) the resulting container is only able to register, not to actually function.
It becomes listed as a machine, but never shows as connected.
After altering the approach to involve manually issuing “tailscale up” via SSH, the result is the same.
The message about following a link shows up; using that link from another computer results in a message saying it worked; but the result is as described–machine is listed and not connected.
In the SSH session, the message about using the link just sits there.
The userspace networking command from the instructions is used. I’ve tried with and without VNet integration (with and without “route all” enabled).
Could MS have changed something in Azure App Service networking that makes even the customized networking (userspace) approach doesn’t work? Has anyone else implemented this lately?
================
Instructions: Using Tailscale on Azure App Services · Tailscale
Image version: Docker Hub
Code commit: GitHub - sophware/azureastailscaletest at 184750f7198060f945d91099f0009efb90a3a13e
Log of SSH session:
Welcome to Alpine!
The Alpine Wiki contains a large amount of how-to guides and general
information about administrating Alpine systems.
See <http://wiki.alpinelinux.org/>.
You can setup the system with the command: setup-alpine
You may change this message by editing /etc/motd.
3ba87cdbaa25:~#
3ba87cdbaa25:~#
3ba87cdbaa25:~# sudo su
3ba87cdbaa25:~# TSFILE=tailscale_1.28.0_amd64.tgz
3ba87cdbaa25:~# cd /app
3ba87cdbaa25:/app# wget https://pkgs.tailscale.com/stable/${TSFILE} && tar xzf ${TSFILE} --strip-components=1
Connecting to pkgs.tailscale.com (167.172.11.40:443)
saving to 'tailscale_1.28.0_amd64.tgz'
tailscale_1.28.0_amd 100% |********************************************************************************************************************************************| 18.5M 0:00:00 ETA
'tailscale_1.28.0_amd64.tgz' saved
3ba87cdbaa25:/app# /app/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 &
3ba87cdbaa25:/app# logtail started
Program starting: v1.28.0-t80313cdee-gd26dd4a68, Go 1.18.4-ts149f7d88f1: []string{"/app/tailscaled", "--tun=userspace-networking", "--socks5-server=localhost:1055"}
LogID: 7fb31f5289f9456ad00c39e4b19e1628c7522797876f8a1d37a1b2e3ff5f4f0d
logpolicy: using system state directory "/var/lib/tailscale"
logpolicy.ConfigFromFile /var/lib/tailscale/tailscaled.log.conf: open /var/lib/tailscale/tailscaled.log.conf: no such file or directory
logpolicy.Config.Validate for /var/lib/tailscale/tailscaled.log.conf: config is nil
wgengine.NewUserspaceEngine(tun "userspace-networking") ...
dns: using dns.noopManager
link state: interfaces.State{defaultRoute=eth0 ifs={} v4=false v6=false}
magicsock: SetNetworkUp(false)
magicsock: disco key = d:bcdda682e7a577eb
Creating WireGuard device...
Bringing WireGuard device up...
Bringing router up...
Clearing router settings...
Starting link monitor...
Engine created.
Start
using backend prefs; created empty state for "_daemon": Prefs{ra=true dns=true want=false routes=[] nf=on Persist=nil}
Backend: logs: be:7fb31f5289f9456ad00c39e4b19e1628c7522797876f8a1d37a1b2e3ff5f4f0d fe:
control: setPaused(true)
Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
blockEngineUpdates(true)
wgengine: Reconfig: configuring userspace WireGuard config (with 0/0 peers)
wgengine: Reconfig: configuring router
wgengine: Reconfig: configuring DNS
dns: Set: {DefaultResolvers:[] Routes:{} SearchDomains:[] Hosts:0}
dns: Resolvercfg: {Routes:{} Hosts:0 LocalDomains:[]}
dns: OScfg: {Nameservers:[] SearchDomains:[] MatchDomains:[]}
control: mapRoutine: awaiting unpause
health("overall"): error: state=NeedsLogin, wantRunning=false
./tailscale up
ipnserver: conn2: connection from userid 0; root has access
Start
control: client.Shutdown()
control: client.Shutdown: inSendStatus=0
control: mapRoutine: quit
control: Client.Shutdown done.
using backend prefs; created empty state for "_daemon": Prefs{ra=true dns=true want=false routes=[] nf=on Persist=nil}
generating new machine key
machine key written to store
Backend: logs: be:7fb31f5289f9456ad00c39e4b19e1628c7522797876f8a1d37a1b2e3ff5f4f0d fe:
control: setPaused(true)
Switching ipn state NoState -> NeedsLogin (WantRunning=true, nm=false)
blockEngineUpdates(true)
StartLoginInteractive: url=false
control: client.Login(false, 2)
control: mapRoutine: awaiting unpause
control: LoginInteractive -> regen=true
control: doLogin(regen=true, hasUrl=false)
control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
control: Generating a new nodekey.
control: RegisterReq: onode= node=[gjTQ5] fup=false
control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=false; authURL=true
control: AuthURL is https://login.tailscale.com/a/28e53f8d0ab3
Received auth URL: https://login.tailsc...
popBrowserAuthNow: url=true
blockEngineUpdates(true)
stopEngineAndWait...
requestEngineStatusAndWait
requestEngineStatusAndWait: waiting...
requestEngineStatusAndWait: got status update.
stopEngineAndWait: done.
control: doLogin(regen=false, hasUrl=true)
To authenticate, visit:
https://login.tailscale.com/a/something
control: RegisterReq: onode= node=[gjTQ5] fup=true
control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
blockEngineUpdates(false)