Hi
As a contribution to the community I created the project below that provides a guide to deploy Tailscale on Mikrotik routers using containers.
As noted this is a development project that is based on RouterOS 7, currently in beta.
Please let me know of any suggestions or feedback.
Regards
Frank
5 Likes
That is pretty cool. Didn’t have to build my own if I would have looked here first Too late.
I had previously used tailscale on kubernetes (fantastic by the way) and therefore used the official container instead of building from source.
With that container, all you need is an entrypoint file. Figured I’d also share what I came up with:
It’s called run.sh
echo "Starting.."
if [[ -e /tmp/tailscaled.sock ]]; then
echo "Deleting previous sock file"
rm -rf /tmp/tailscaled.sock
fi
echo "Starting tailscaled"
tailscaled --tun=userspace-networking --socket=/tmp/tailscaled.sock &> /dev/null &
echo "Done, PID=$!"
PID=$!
echo "Waiting for sock file"
COUNTER=0
while [[ ! -e /tmp/tailscaled.sock ]]; do
echo The counter is $COUNTER
let COUNTER=COUNTER+1
ls -l /tmp/tailscaled.sock
sleep 1
done
echo "Sock file found at:"
ls -l /tmp/tailscaled.sock
echo "Starting tailscale"
tailscale --socket=/tmp/tailscaled.sock up $args --authkey=$authkey
echo "Done, tailscale started"
wait ${PID}
echo "Done"
The file needs to be copied into the official container and pushed to a repo or exported as a tar file for used on Mikrotik
FROM ghcr.io/tailscale/tailscale:unstable
COPY run.sh /run.sh
CMD "/run.sh"
Two env variables are required, $args and the $authkey.
For args I use
--accept-dns=false --accept-routes=false --advertise-exit-node --advertise-routes=172.17.0.0/16
authkey is self-explanatory
There is no access from the lan to the tailscale network due to userspace mode being used however, the socks proxy could be enabled to gain access from the lan into the tailnet.
Cheers