I’m fairly sure this isn’t a Tailscale issue per se, but it is reproducible in certain circumstances and maybe you could work around it. The issue is:
Tailscale running on iOS (all updates)
Cellular connection, no WiFi in range
Everything is fine, can access public and private networks as you would expect
iPhone travels through an area of terrible cellular coverage (won’t be able to receive calls/sms/use data network)
When cellular coverage is restored the iOS data networking is half broken
The symptoms are that basically any higher level network apps will fail, whether they are accessing the Tailscale network or the public one. So a Twitter client won’t load, web pages won’t load, Calendars won’t refresh, ssh to private Tailscale IPs fail). The Tailscale client shows as connected, and the iOS VPN status in settings does too.
Even though most networking fails, functions like ping to 8.8.8.8 work fine, making the network seem functional to some degree. The fix is to turn Tailscale off then back on and things are back to normal.
The reason I don’t think this is unique to Tailscale is that I’ve seen the same behavior using the Guardian iOS firewall (https://guardianapp.com). This is implemented as a VPN as well, and it exhibits the exact same behavior (I’m not using them at the same time, but they do the same thing independently).
This seems like it is an issue with iOS, but if you can detect it the fix seems to be something that Tailscale could implement. The problem shouldn’t be very widespread…I have never seen it in an urban setting, but I regularly travel through some rural areas where it happens each time.
It is simple to reproduce, but only in the correct network environment (poor cellular coverage)
Enable Tailscale on iPhone (in good coverage, so everything works)
Travel through an area of poor/no cellular coverage (e.g. just drive or walk through)
Return to an area of good coverage
At this point Tailscale and Settings → VPN will show connected, however, data networking (even to non-Tailscale sites/IP addresses) will fail.
I have DNS set (not Magic DNS), but I really can’t disable it as it would disrupt the whole company’s Tailscale use. I don’t seem to be able to disable this client side either.
Everything returns to normal when I disable Tailscale (at that point the DNS server shown goes to the one provided by my LAN). Things stay normal if I re-enable Tailscale (I again see the Tailscale DNS but connectivity is fine).
So it seems that something like:
Tailscale and/or iOS thinks the tunnel is up and so sets the DNS
Tunnel is down so DNS is not reachable (nor are private IP addresses)
DNS lookups fail, even to public addresses
The issue here is that it makes Tailscale fairly disruptive in poor coverage areas. It means that I lose public network access just by passing through one.
I can’t use this during the issue b/c I can’t reach it.
Hi @caphill This is curious.
Could you also try toggling in and out of airplane mode for us?
The idea here is to force iOS to generate an event to see if that helps.
If this does not work, send an email to support@tailscale.com with:
Link to this forum post (so you don’t have to rewrite everything)
Tailscale phone IP
Rough time that this happens
We’ll then take a look at the debug logs and see if we can figure this out!
Can you please provide us with the following details for troubleshooting this connection issue?
source IP
destination IP (and ideally port)
time (with timezone)
Tailscale version of the source machine
Tailscale version of destination machine (or the Tailscale subnet relay machine)