Running tailscale on the host OS and advertising exit node capability works well. Clients can use this node as an exit node.
When running tailscale inside a container and advertising exit node capability, clients have no Internet access.
Does exit node capability need additional configs when running inside a container?
Thanks
Hello.
What is the host operating system that you’re using? I can try to reproduce your setup here and see what steps I need to take to get it working as expected.
Thanks for your help, Jay. The host operating system is balenaOS (balena.io) and tailscale is running in one of the containers. Everything works as expected except for subnet routes and exit node functionality.
@Jay I also have the same issue. Whenever I attempt to use a Tailscale exit node running within a Docker container on a Linux host, internet connectivity is lost.
I’ve tried a few different iOS clients without success. The exit node is running within Docker on an x86 Ubuntu host with the following Docker configuration:
version: "3"
services:
tailscale:
container_name: tailscale
hostname: host
image: tailscale/tailscale:latest
command: tailscaled
restart: always
volumes:
- ./config/tailscale:/var/lib
- /dev/net/tun:/dev/net/tun
privileged: true
network_mode: host
cap_add:
- net_admin
I think this is being tracked in Docker Breaks when Tailscale configured to use an exit node · Issue #3877 · tailscale/tailscale · GitHub
Facing the same issue. There are three kinds of error messages in the log for the tailscale container -
[unexpected] peerapi listen("...") error: listen tcp6 [...]:0: bind: cannot assign requested address
Drop: ICMPv4{...> ...} 56 destination not allowed
Drop: TCP{... > ...} 64 destination not allowed
Having a similar issue. It’s not the most reassuring to see that this has been a known issue for months and that no apparent action has been talen to address.
FYI cross referencing a solution posted for getting tailscale exit nodes to work in docker containers