Intermittent failures w/ subnet

SupportBot · October 28, 2020, 3:46pm

Tailscale user:
Hi, we’re trying to use tailscale to advertise a subnet, so I can connect to two services in it (cassandra at port 9042, and redis at 6739)

I’m able to connect to cassandra on its private IP in the subnet, but with redis I get “EHOSTUNREACH”. The cassandra connection will also sometimes report a “timeout” or host unreachable

I don’t see anything in the tailscaled logs on the gateway/advertising node—I attached the log here

I opened port 41641/udp on my firewall; but I don’t really understand why cassandra would work and redis wouldn’t (they’re both TCP). I tried googling but didn’t find much. Any help would be really great

SupportBot · October 28, 2020, 3:29pm

Tailscale support:
Hello! This is a guess, but is there any chance that you need to modify your redis.conf file to accept incoming connections from the Tailscale IP (or the IP of the machine on the same network where Tailscale is installed)? (See https://redis.io/topics/security).

If that doesn’t help, could you elaborate a bit more on your network set up? I.e. where have you installed the Tailscale client? Is it on the same machine(s) as Cassandra and/or Redis, or on some other machine on the same network?

SupportBot · October 28, 2020, 3:45pm

Tailscale user:
I think I figured it out—I moved tailscale to it’s own machine that can work as the gateway/relay; when I was having that problem it was because redis was on the same instance as tailscale–cassandra wasn’t

One thing I had to figure out to get it working was to add the “tailscale0” interface to my “trusted” zone (firewalld)—this is centos with a default firewall setup

Anyway, it’s all working now. Tailscale is awesome! Using it to connect low-bandwidth applications between AWS and Packet/Equinix Metal. I think we’ll start using it for more traditional VPN use cases too now (securing servers / private infrastructure)
Thanks!