Hi 
We use tailscale to let everyone in the company connect to an exit node to use a service that we have to provide a set of IP addresses to. The exit node is hosted on fly.io so I assumed it would just use the static ip of the fly app to connect to the internet but it seems to be a different one and also one that always changes when you redeploy your exit node. Is there a way to have a static IP for an exit node?
You’re referring to the public IP address of the exit node? The one which other websites see when you visit them through the exit node?
If so: Tailscale doesn’t control that IP address, the hosting provider does (fly, in this case).
If you mean the Tailscale IP address 100.x.y.z:
For apps running in an environment like Fly, all of the relevant node state is stored in /var/lib/tailscale/tailscaled.state. To preserve the IP address you’d need to save and restore the /var/lib/tailscale/tailscaled.state file across redeployments of the app.
For this to work it would be very important that only one container be running at a time. If two nodes try to use the same tailscaled.state file, they just fight.
I meant the public IP address, TIL that the ip for outgoing requests is not static and is also not the same as the one for incoming requests. Thanks for your help, the part about the talescale state files is very useful to know! Would it be a problem if 2 nodes run using the same config file for 30sec or so, basically just the time between a new node coming online and the old one shutting of?
They’ll recover when the old node finally shuts off, and no lasting damage will be done.
It may perturb the tailnet operation for those 30 seconds, if they actively fight over which one owns the node key.
The old node and new node have little chance of actually working to contact the tailnet during that 30 seconds. Once the old node is gone, the new node should begin functioning on the tailnet.
Ok, I moved the exit node to a DigitalOcean droplet now since they are static ips even for exit nodes. But now that I have a static IP I am facing another issue, while the speed is fast, there seem to be problems with DNS, when you open a new page the page does not even start loading, and then loads very quickly. But for some people on MAC they have ERR_NAME_NOT_RESOLVED Because of that I assume it’s a problem with DNS we don’t use Magic DNS or have anything configured there. The Droplet was running a Wireguard server before that we used as an “exit node” before with no problems.
There is a fix which might help regarding DNS on exit nodes in the unstable track https://pkgs.tailscale.com/unstable/ and which will be in the 1.22 release. It would only need to be installed on the exit node, the rest of the clients can stay on 1.20.x.