Hey! New Tailscale user here. I’ve just authenticated into a VPN and tailscale seems able to see every aspect of the network without any trouble. Trouble starts when I try to do the same outside the CLI tool, like pinging one of the VPN subnet addresses etc… My requests just hang and my ip route and route output lists none of the subnet addresses visible in tailscale status (tailscale ping works well though!) I am passing --accept-routes, my tailscaled is started via the NixOS option and its port is enabled for both TCP and UDP. my firewall checkReversePath setting is “loose”.
Pasting tailscaled logs, including right after saying `tailscale up --accept-routes=true --accept-dns=true:
Nov 17 15:53:08 stanix tailscaled[37271]: control: control server key from https://controlplane.tailscale.com: ts2021=[fSeS+], legacy=[nlFWp]
Nov 17 15:53:08 stanix tailscaled[37271]: control: RegisterReq: onode= node=[083Kd] fup=false
Nov 17 15:53:08 stanix tailscaled[37271]: control: RegisterReq: got response; nodeKeyExpired=false, machineAuthorized=true; authURL=false
Nov 17 15:53:08 stanix tailscaled[37271]: active login: stan@pyth.network
Nov 17 15:53:08 stanix tailscaled[37271]: Switching ipn state NoState -> Starting (WantRunning=true, nm=true)
Nov 17 15:53:08 stanix tailscaled[37271]: health("overall"): error: state=Starting, wantRunning=true
Nov 17 15:53:08 stanix tailscaled[37271]: magicsock: SetPrivateKey called (init)
Nov 17 15:53:08 stanix tailscaled[37271]: wgengine: Reconfig: configuring userspace wireguard config (with 2/4 peers)
Nov 17 15:53:08 stanix tailscaled[37271]: wgengine: Reconfig: configuring router
Nov 17 15:53:09 stanix tailscaled[37271]: monitor: RTM_NEWROUTE: src=, dst=10.101.0.0/16, gw=, outif=10, table=52
Nov 17 15:53:09 stanix tailscaled[37271]: monitor: RTM_NEWROUTE: src=, dst=10.102.0.0/16, gw=, outif=10, table=52
Nov 17 15:53:09 stanix tailscaled[37271]: monitor: RTM_NEWROUTE: src=, dst=10.11.0.0/16, gw=, outif=10, table=52
Nov 17 15:53:09 stanix tailscaled[37271]: monitor: RTM_NEWROUTE: src=, dst=10.12.0.0/16, gw=, outif=10, table=52
Nov 17 15:53:09 stanix tailscaled[37271]: wgengine: Reconfig: configuring DNS
Nov 17 15:53:09 stanix tailscaled[37271]: dns: Set: {DefaultResolvers:[] Routes:{cluster.local.:[10.101.0.10 10.201.0.10]} SearchDomains:[cluster.local.] Hosts:5}
Nov 17 15:53:09 stanix tailscaled[37271]: dns: Resolvercfg: {Routes:{.:[192.168.8.1 fe80::de73:85ff:fe8c:13b6%wlp3s0] cluster.local.:[10.101.0.10 10.201.0.10]} Hosts:5 LocalDomains:[]}
Nov 17 15:53:09 stanix tailscaled[37271]: dns: OScfg: {Nameservers:[100.100.100.100] SearchDomains:[cluster.local.] MatchDomains:[]}
Nov 17 15:53:09 stanix tailscaled[37271]: peerapi: serving on http://100.70.210.36:60204
Nov 17 15:53:09 stanix tailscaled[37271]: peerapi: serving on http://[fd7a:115c:a1e0:ab12:4843:cd96:6246:d224]:60204
Nov 17 15:53:09 stanix tailscaled[37271]: magicsock: home is now derp-22 (waw)
Nov 17 15:53:09 stanix tailscaled[37271]: magicsock: adding connection to derp-22 for home-keep-alive
Nov 17 15:53:09 stanix tailscaled[37271]: control: NetInfo: NetInfo{varies=false hairpin=false ipv6=false udp=true derp=#22 portmap= link=""}
Nov 17 15:53:09 stanix tailscaled[37271]: magicsock: 1 active derp conns: derp-22=cr0s,wr0s
Nov 17 15:53:09 stanix tailscaled[37271]: derphttp.Client.Connect: connecting to derp-22 (waw)
Nov 17 15:53:09 stanix tailscaled[37271]: Switching ipn state Starting -> Running (WantRunning=true, nm=true)
Nov 17 15:53:09 stanix tailscaled[37271]: magicsock: endpoints changed: <censored>
Nov 17 15:53:09 stanix tailscaled[37271]: magicsock: derp-22 connected; connGen=1
Nov 17 15:53:09 stanix tailscaled[37271]: health("overall"): ok
This is the NixOS config snippet that runs tailscaled, it doesn’t seem to have more defaults than just the interface name
tailscale = {
enable = true;
permitCertUid = "drozdziak1";
};
NetworkManager logs are pretty much empty.
How do I at least get the routes to install on my machine?