Tailscale on Mikrotik


As a contribution to the community I created the project below that provides a guide to deploy Tailscale on Mikrotik routers using containers.

As noted this is a development project that is based on RouterOS 7, currently in beta.

Please let me know of any suggestions or feedback.




That is pretty cool. Didn’t have to build my own if I would have looked here first :wink: Too late.

I had previously used tailscale on kubernetes (fantastic by the way) and therefore used the official container instead of building from source.
With that container, all you need is an entrypoint file. Figured I’d also share what I came up with:

It’s called run.sh

echo "Starting.."
if [[ -e /tmp/tailscaled.sock ]]; then
   echo "Deleting previous sock file"
   rm -rf /tmp/tailscaled.sock

echo "Starting tailscaled"
tailscaled --tun=userspace-networking --socket=/tmp/tailscaled.sock &> /dev/null &
echo "Done, PID=$!"


echo "Waiting for sock file"
while [[ ! -e /tmp/tailscaled.sock ]]; do
    echo The counter is $COUNTER
    ls -l /tmp/tailscaled.sock
    sleep 1
echo "Sock file found at:"
ls -l /tmp/tailscaled.sock

echo "Starting tailscale"
tailscale --socket=/tmp/tailscaled.sock up $args --authkey=$authkey
echo "Done, tailscale started"

wait ${PID}
echo "Done"

The file needs to be copied into the official container and pushed to a repo or exported as a tar file for used on Mikrotik

FROM ghcr.io/tailscale/tailscale:unstable
COPY run.sh /run.sh
CMD "/run.sh"

Two env variables are required, $args and the $authkey.
For args I use

--accept-dns=false --accept-routes=false --advertise-exit-node --advertise-routes=

authkey is self-explanatory

There is no access from the lan to the tailscale network due to userspace mode being used however, the socks proxy could be enabled to gain access from the lan into the tailnet.