I’m trying to setup a funnel for Jellyfin to get around a CGNAT, and I found two different commands for setting up the port. Which command would it be?
tailscale serve / proxy 8096
tailscale serve tcp 8096
Currently, serve / proxy doesn’t work at all, and serve tcp works while connected with tailnet. Should I just wait for the DNS to propagate?
/ proxy 8096 should work. Did you get any error or is the DNS just not fully propagated?
My funnel took about 24hrs to be fully available.
It’s been about 48 hours, no error but no DNS either.
Serve status:
https://[server address].tail7bf03.ts.net (Funnel on)
|-- / proxy http://127.0.0.1:8096
I’ve tried turning funnel off and on, https certificates are on, and the server has the right attribute.
I can access the server through the url when I’m on the VPN, but can’t from the outside.
Saw your comment in the other thread, I guess it’s just more waiting.
Hey team - I’m experiencing a similar issue. I enabled funnel last night around 8pm PT.
$ sudo tailscale serve status
https://<MACHINE>.<TAILNET>.ts.net (Funnel on)
|-- / proxy http://127.0.0.1:8096
I am able to access ..ts.net when connected to the tailnet.
When I run dig on a machine NOT connected to the Tailnet, I receive the following response:
$ dig <MACHINE>.<TAILNET>.ts.net
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>><MACHINE>.<TAILNET>.ts.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12708
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 44a55270173a0c880100000063bb34f8bc22280b252ba679 (good)
;; QUESTION SECTION:
;<MACHINE>.<TAILNET>.ts.net. IN A
;; AUTHORITY SECTION:
ts.net. 141 IN SOA ns1.dnsimple.com. admin.dnsimple.com. 1615419595 86400 7200 604800 300
;; Query time: 10 msec
;; SERVER: 172.27.96.1#53(172.27.96.1) (UDP)
;; WHEN: Sun Jan 08 13:26:16 PST 2023
;; MSG SIZE rcvd: 156
Hope this helps - happy to share the full URL in a PM.
I have also confirmed the following:
- Funnel enabled
- HTTPS certificates enabled by running
sudo tailscale cert <MACHINE>.<TAILNET>.ts.net
- Access controls modified