So the issue is that I can’t provide a direct connection to a machine within a subnet behind a NAT that already has tail scale. It’s I assume hitting the subnet router (router) when I need to guide connections toward a second tailscale device within the subnet that isn’t the subnet router.
I believe you were running the tailscale CLI command. The --port argument is for tailscaled:
$ tailscaled --help
Usage of tailscaled:
...
-port value
UDP port to listen on for WireGuard and peer-to-peer traffic; 0 means automatically select (default 0)
You will likely need to use systemctl edit tailscaled to provide extra arguments to tailscaled.
The tailscaled binary on Windows does support using an alternate port. I don’t understand well enough how it gets started as a Windows Service to know where one could add arguments to it.
So I tried and tried, but no luck getting tailscale to use a port I defined.
Upnp and everything is enabled on all devices, but all stil tries to connect on port 41461, so most of them uses fallsback relay or DERP - only one gets direct contact at the time.
I have forwarded ports 41641 → 41649, and would like to uses those ports, but I cant get tailscale to do it.
I have googled and more for hours and hours.
-port 41642
–port 41642
-port=41642
–port=41642
Is some of the symtaxes I have seen.
CLI shows it like -port 41641, but it is not working.
Thank you for your time.
Yes, I was using tailscaled.
I’m trying to do as you suggest, but /etc is a read only dir. - I cant change that or do anything in /etc.
Some information I should have given is that I’m using coreelec/libreelec (just linux for kodi) and have installed tailscale though entware.
tailscaled --port=41462
logtail started
Program starting: v1.18.1-1.18.1, Go 1.17.4: []string{“tailscaled”, “–port=41462”}
LogID: 229c952f5aeb77fa9b1c0d4185b5ce82bce28d4a64929d45ff7609d40f69ff1b
logpolicy: using UserCacheDir, “/storage/.cache/Tailscale”
–statedir (or at least --state) is required
Could the last line be an issue?
tailscaled.state is located in ./opt/var
Well I did find and changed /etc/default/tailscaled on my Armbian machine
Set the port to listen on for incoming VPN packets.
Remote nodes will automatically be informed about the new port number,
but you might want to configure this in order to set external firewall
settings.
PORT=“41642”
Extra flags you might want to pass to tailscaled.
FLAGS=""
But I get port 56196 and traffic goes though a DERP
I did run sudo systemctl restart tailscaled
afterward I cant ping any off my devices, I get this ^Cread unix @->/run/tailscale/tailscaled.sock: use of closed network connection (tailscaled stopped running?)
But I do see status running tailscale status command.
Reboot do not help, and now I changed the port back to 41461 and run sudo systemctl restart tailscaled + reboot.
I stil cant to tailscale ping xx.xx.xxx.xxx
If needed, you can instead set RandomizeClientPort in Tailscale to affect all machines on the tailnet:
{
"RandomizeClientPort": true,
afterward I cant ping any off my devices, I get this
read unix @->/run/tailscale/tailscaled.sock: use of closed network connection (tailscaled stopped running?)
Does this show the process running? “ps auxw | grep tailscaled”
If not, “journalctl -u tailscaled” should show the last lines it printed which may say why it exited.
On Windows, I’ve gotten a Service to start with a specified port flag specified… however it is completely ignoring it. (Unlike launching the daemon from the commandline)
2022-05-24T11:46:07.714-07:00: Program starting: v1.24.2-t9d6867fb0-g2d0f7ddc3, Go 1.18.1-ts710a0d8610: []string{"C:\\Program Files (x86)\\Tailscale IPN\\tailscaled.exe", "--port=51234"}
2022-05-24T11:46:07.715-07:00: LogID: abe60bc8b1abd0726ea544870bee0abd58cdb1440bc6745885c49c557ab8431a
2022-05-24T11:46:07.715-07:00: logpolicy: using dir C:\ProgramData\Tailscale
2022-05-24T11:46:07.726-07:00: Running service...
2022-05-24T11:46:07.727-07:00: registry.OpenKey(SOFTWARE\Policies\Tailscale): The system cannot find the file specified.
2022-05-24T11:46:07.728-07:00: exec: "C:\\Program Files (x86)\\Tailscale IPN\\tailscaled.exe" [/subproc abe60bc8b1abd0726ea544870bee0abd58cdb1440bc6745885c49c557ab8431a]
2022-05-24T11:46:07.782-07:00: Program starting: v1.24.2-t9d6867fb0-g2d0f7ddc3: []string{"C:\\Program Files (x86)\\Tailscale IPN\\tailscaled.exe", "/subproc", "abe60bc8b1abd0726ea544870bee0abd58cdb1440bc6745885c49c557ab8431a"}
There’s that additional exec after the service starts that actually starts the daemon but then without any port flags.
So I tried adding a key to the HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\Tailscae\ {port:“51222”}
And the log entry for the open key error is gone, but still no dice on injecting a port into the tailscaled service.
If I start tailscaled.exe --port ##### with windows task scheduler at boot time I can get the service to come up on an alternate port. This is a workaround until the Windows build can accept the --port argument as part of the service startup.