Noob: Installed TS on iPhone and Synology - active in dashboard but no connection

Noob: Installed TS on iPhone and Synology - now what?

Can’t seem to access anything using TS ip regardless of configuration settings.
Closest I get would be iOS Files App > Server > Synology TS IP > connects as blank page showing as read only. Directory does contain files and directories so even as read only I’d expect more than a blank screen.

I have everything working through DDNS hosts just fine… think configuration is accurate…keep experimenting w/no luck.

On occasion I’ll get a trust server request (telling me I’m connected) but credentials never accepted.

Can you access Synology DSM in your iPhone browser using https://[synology_tailscale_IP]:[DSMport]?

Able to access Synology DSM via desktop and iPhone browser using DDNS host ~ that works.
https://name.dnshost.com:####

Unable to access Synology DSM via desktop or iPhone browser using Tailscale ip ~ does NOT work.
https://tailsacaleip:####

Using Tailscale IP, page just hangs.
“server where this page is located isn’t responding.”

Ok if NAS inaccessible at Tailscale IP this suggests a connectivity issue. I have Tailscale installed on my Synology NAS and access it fine via its Tailscale IP, after accepting the certificate warnings (if you don’t have a certificate configured), so what you are attempting works for me.

Maybe a couple of other things to eliminate:

  1. Have you run sudo tailscale up on your NAS after installing the package?
  2. Can you see your NAS and iPhone both showing a green dot and “Connected” in the Tailscale admin web page https://login.tailscale.com/admin/machines?
  3. Also try running sudo tailscale up --reset on your NAS to return to Tailscale defaults
  4. Also turn off any beta features in the Tailscale admin web page
  5. Verify that your NAS has internet access by logging into DSM and opening the Package Centre. If packages are listed this will confirm internet access.
  1. Yes. Note that the dashboard showed both devices connected and active (green dot) prior to running the command line for the NAS. One would presume the green dots would mean devices are properly installed, configured and connected as expected.

  2. I am attaching a screen shot showing the green dot.

  3. Have not yet tried the reset and will give that try. Not sure how default configuration would have changed.

  4. No beta options were manually enabled. In hunting around not seeing any betas active, though there was a File Share alpha enabled so turned that off for the time being.

  5. When I can access the NAS from DDNS hosts via name and ip, and the green dot displays in the TS admin page for the NAS I presume internet is indeed connected and working. Yes, packages are listed in the Package Center.

Here are a few images from the iPhone.
One from iOS Files app shows connected, however blank page as read-only. When remotely connecting via dsns host name through webdav apps and such the files and directories display so presume this is not related to permissions.

The other images are attempts to use the TS IP through the Synology iOS Drive app.
(credentials are not missing btw, they were removed from the image). Unable to use the webdav apps (FileBrowser, File Explorer, etc) to connect using the TS IP, while these same apps connect as expected using the DDNS hostname or IP. 5006 is the port that works for the webdav apps, and many other ports were tried w/no change

(one image per post…)

Thanks for posting the screenshots, I think this is a certificate issue.

This arises because when you access your NAS via its Tailscale IP, your regular certificate tied to your domain name no longer matches the IP address you are using to access your NAS. This is why you get some certificate warnings.

Try again to connect to your Tailscale IP via safari on your iPhone, at https://tailscaleip:port. This will generate a “This Connection Is Not Private” warning. Tap Show Details, then visit this website to override the warning. Success here will confirm that you can access DSM through Safari.

If this still doesn’t work, you could try connecting to DSM at http://tailscaleip:httpport. This port number is usually one lower than the https port number.

Once you’ve confirmed you can access DSM using either method above, then focus on Drive app.

Drive app on your iPhone may not be able to connect because of the certificate issue when accessing via Tailscale IP. To overcome this, disable HTTPS in the Drive app, and try connecting to the Tailscale IP, but use your DSM’s http port number as above.

Using Drive app to connect via HTTPS with certificate validation won’t work as you are accessing at TailscaleIP not https://name.dnshost.com.

Tap the settings button in the bottom left of the Drive app and see if you can add the TailscaleIP as a trusted host. I’m not too familiar with Drive app so not sure how this is done, but once your TailscaleIP is “trusted”, you maybe able to connect using HTTPS from Drive app.

Ah my advice about port numbers may be inaccurate, I haven’t used Drive or any of the webdav apps, only the Files app which connects using standard http or https ports. Try downloading the Files app and seeing if you can connect with that using http or https ports.

Going to tailscaleip:#### (http,https, corresponding port numbers etc) from any browser on the iPhone continues to result in nothing more than a loading bar that pauses at 10% and nothing more until it times out w/the message “Safari could not open the page because the server stopped responding.”

There has been no request for credentials w/any attempts using TS IP.

Nope no port forwarding required, Tailscale is able to traverse most firewalls and I don’t do any port forwarding for my Synology and I can access it at TailscaleIP.

Does it make a difference whether you access DSM using Tailscale within your home network on wifi, or outside of it, using the cellular connection on your iPhone? Accessing within your home network should eliminate any NAT traversal issues.

You could also download Network Tools app on your iPhone (search in the App Store) and see if you can ping your NAS TailscaleIP from your iPhone while connected to Tailscale. That will establish whether basic connectivity is available and rule out any issues with the Drive app or the browser.

Unable to locate an iOS app called Files for Synology. There is the Apple iOS app called Files (which would be the primary app) then Synology apps called Dive / Photos / DS file / Secure Sign On / Moments …

No difference if iPhone is on local or foreign network.

Downloading Network Tools now.
Ping of the ip results in timeout error.
(ping using prefixes http/https or port numbers result in error 'Could not get host address" error.

Ah DS File is the one I meant, and I can confirm it works accessing NAS at TailscaleIP:port, with https turned off.

For Network Tools, go to the menu in the top left of the app, select Utilities and Ping in bottom left, and enter your Tailscale IP (no port required).

Right… time out errors.

(getting a little irked to discover iPhone keeps needing be reactivated…having to switch over to TS app frequently)

Hmm ok, so despite both your iPhone and your NAS showing as “Connected”, your phone can’t see your NAS via Tailscale.

I’m out of ideas but it could be worth installing Tailscale on a third device if you have access to a laptop or other computer. Then see if you can ping your NAS at its TailscaleIP, and also see if your NAS can ping your laptop at its own TailscaleIP.

The advantage of using your NAS and a laptop is that you can run sudo tailscale status on each to verify connection status, or you can use Tailscale’s built in ping command (see sudo tailscale -h).

If your iPhone keeps reactivating that suggests it’s not successfully completing the Tailscale connection? Is your iPhone a company-managed device, possible that Tailscale can be blocked if your device is prevented from installing apps that affect network settings.

If using iOS Files app, it appears I can ‘connect’ device at the TS IP, but as illustrated by the photos above it isn’t of much use (and I’m finding different versions also ‘connect’ in the same way leading me to think this isn’t a true connection.)

Yes, I can get TS installed on a laptop for testing purposes…primary use case would be iPhone. Getting TS on laptop now.

Ok, keep in mind that if you can’t ping a Tailscale IP from another Tailscale-connected device, then one or both of the devices aren’t visible to each other via Tailscale (or are configured to block connection attempts).

That you can connect using your regular DDNS host suggests you aren’t on a locked down network that would block connection attempts.

I believe you can post your Tailscale IPs to support and they can take a look and check if there are any issues specific to your devices, I’ve seen this posted in other threads.

Late in my timezone but will be back online tomorrow - good luck!

1 Like

Thank you Tamar… appreciate the insights and support.