Outbound Synology Not Working

I upgraded to DSM 7.1-42661 Update 2 last night on my Synology DS1821+.

After that I updated Tailscale from pkgs.tailscale.com to the newest version 1.26.0-260007-dsm7 (tailscale-x86_64-1.26.0-260007-dsm7.spk: 64-bit x86 (amd64)).

I can no longer reach outbound connections. I have tried to ping multiple times, and remote servers are not reachable that use Tailscale for Active Backup For Business.

I have followed the steps on the Synology outbound article multiple times. (Access Synology NAS from anywhere · Tailscale)

Is there a known issue with DSM 7.1-42661 Update 2 and Tailscale?

Firewall on NAS is disabled. (not publicly exposed)

I can reach inbound to the NAS fine.

NAS is at Tailscale IP: 100.93.74.125

Thanks!

1 Like

Same behavior here with DSM 7.1-42261 update 2 using tailscale-x86_64-1.26.0-260007-dsm7.spk.

Bug report ID: BUG-b31692068a7bbb304a4185131b109fe90f412b0311bfe42853b80b5d19169209-20220610185837Z-f69b1ed76e162730

@H123 were you able to figure this out? If so, could you share your solution?

@zetsueii
Haven’t had much time to work on it, but still not working for me. Normal troubleshooting steps for the issue from Tailscale site don’t seem to make a difference.

I’m going to try to upgrade Tailscale on another Synology NAS tonight that is on the prior update. Maybe that will give an indication if it is the DSM update or Tailscale PKG.

No response from Tailscale on the forum yet.

1 Like

Replying so I can keep track of this issue. Same happening here.

Tried the newest Tailscale PKG update with another Synology NAS (DS220+) on DSM 7.0.1-42218 (pre “Update 2”) and it works after the normal “outbound configuration steps.” So it definitely seems that Version: 7.1-42661 Update 2 is breaking something.

1 Like

Same issue here.
Problem with site to site connections using Synology NAS - Tailscale About articles (troubleshooting, info) - Tailscale.
I’ll have a play with RRAS on windows servers with tailscale clients installed over the weekend. Probably an exercise in frustration but what the hell. :slight_smile:

Received a reply from support suggesting to use

sudo /var/packages/Tailscale/target/bin/tailscale configure-host

instead of sudo setcap. I tried that but it didn’t work for me. I am also running Synology on Update 2. Anyone else?

On DSM update 2, I did both the setcap and configure-host steps but no luck, unfortunately.

“sudo /var/packages/Tailscale/target/bin/tailscale configure-host” and then the “sudo synosystemctl restart pkgctl-Tailscale.service” command that it returns seemed to work for me. Ping works and now I can reach Hyper-V hosts for Synology ABFB backup. Odd that it doesn’t seem to be working for everyone. As stated before I’m on update 2 as well.

See image below:

1 Like

Thanks for the update. Interesting, I’ve done it now and it is working for me as well.

The different is that I have removed the routes announcement from the Synology node.

My Hyper Backup instance can also see the Hyper-V server now.

Thanks again.

1 Like

Still not working for me. Could you explain “removed the routes announcement from the Synology node”?

Thanks

Same here @captgoodhope. I can confirm Tailscale is running with userspace-networking mode rather than hybrid.

Same problem here. I’ve installed the latest package (1.26.1-260017) after upgrading DSM to 7.1-42661 Update 2 and I can’t connect.

The extra wrinkle for my setup is that Tailscale is telling me that the client on my Synology box has expired (a couple of weeks ago by the look of it) and I can’t figure out how to update that configuration/certificate.

Okay thank you. I don’t have this setting, mine says This machine does not expose any routes.

Looks like a permission issue was causing my problem but changing /dev/net to 0755 and restarting Tailscale did the trick! Taken from: Synology DSM7 Cant ping External (already ran steps) · Issue #4928 · tailscale/tailscale · GitHub

root@NAS:~# ls -ld /dev/net
drwx------ 2 root root 60 Jun 22 11:32 /dev/net
root@NAS:~# chmod 755 /dev/net
root@NAS:~# synosystemctl restart pkgctl-Tailscale.service
[pkgctl-Tailscale.service] restarted.
root@NAS:~# ping 100.68.252.94
PING 100.68.252.94 (100.68.252.94) 56(84) bytes of data.
64 bytes from 100.68.252.94: icmp_seq=1 ttl=64 time=241 ms
64 bytes from 100.68.252.94: icmp_seq=2 ttl=64 time=58.2 ms
64 bytes from 100.68.252.94: icmp_seq=3 ttl=64 time=52.6 ms
64 bytes from 100.68.252.94: icmp_seq=4 ttl=64 time=52.8 ms
^C
--- 100.68.252.94 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 52.614/101.166/241.135/80.842 ms
root@NAS:~#

That worked! Thank you!

Hello all

I was going to post a new topic, but I thought it might be easier to continue on this thread but my issue is slightly different.

I’ve recently tried to enable another subnet (3rd one) on my tailscale network which is at home on my Synology box (currently running DSM 7 latest) also using latest tailscale 1.38.4.

Before this issue arose, I had the following tailscale services enabled and working perfectly on my synology box at home:

  1. Tailscale
  2. Outbound connection to another subnet at the office local IP of 192.168.8.xyz. The synology box is currently setup to run the following command as root on reset of the service described on your site: /var/packages/Tailscale/target/bin/tailscale configure-host; synosystemctl restart pkgctl-Tailscale.service
  3. Exit node

However now that I have enabled the subnet on ‘Synology’ the outbound connection is not working to connect to local IP address 192.168.8.xyz despite restarting the app and running command as root from point 2 above.

Connections which are still working:

  1. Tailscale
  2. exit node
  3. subnet access to “Synology’
  4. Outbound connection to other tailscale IP’s. I tested using Tailscale ping to various other devices.

Connections not working:

  1. Outbound connection to another subnet at the office local IP of 192.168.8.xyz. I tested in the terminal using sudo ping 192.168.8.xyz

I’ve also checked and updated this in terminal aswell: chmod 755 /dev/net

I’m not sure how to resolve this issue, could it be a bug in the system?

thanks