Prefacing this that I used tailscale on kubernetes clusters a lot with great success and never had issues
I recently set up a managed cluster on vultr and have no luck ever getting a direct connection with tailscale. I’m using it in the sidecar configuration like I always do, that is working completely fine on my other non-vultr k8s clusters. So far here’s what I tried
- Disabled UFW (
ufw disable) on the host - Updated iptables to accept everything and not have any restrictions
- Removed any network firewall on vultr
- Added a network firewall group on vultr that explicitly allows everything
- Enabled IPv6 support on the entire kubernetes cluster with the hope that a direct GUA to the pod will make connection easier
RandomizeClientPort- Added
-portsetting to tailscaled, and created a NodePort service for the same port linked to the pod - Created a calico GlobalNetworkPolicy + NetworkPolicy that allows everything on all ports explicitly
Tailscale netcheck:
* UDP: true
* IPv4: yes, xxx:30747
* IPv6: yes, [xxx]:3763
* MappingVariesByDestIP: true
* HairPinning: false
* PortMapping:
* CaptivePortal: true
vultr is using calico cni for networking, but as I mentioned above, I already tried adding explicit policies
At this point I’m out of ideas. I tried everything I could think of, and I still can’t get a direct connection going. Neither to my machines at home, nor to any other servers in my tailnet. My inkling is that the host is making issues but no idea what to try outside of iptbales + ufw disable
I also opened a ticket with vultr support to see if they can help
Anyone got an idea what to try here?