Running tailscale on the host OS and advertising exit node capability works well. Clients can use this node as an exit node.

When running tailscale inside a container and advertising exit node capability, clients have no Internet access.

Does exit node capability need additional configs when running inside a container?

Thanks

Hello.
What is the host operating system that you’re using? I can try to reproduce your setup here and see what steps I need to take to get it working as expected.

Thanks for your help, Jay. The host operating system is balenaOS (balena.io) and tailscale is running in one of the containers. Everything works as expected except for subnet routes and exit node functionality.

@Jay I also have the same issue. Whenever I attempt to use a Tailscale exit node running within a Docker container on a Linux host, internet connectivity is lost.

I’ve tried a few different iOS clients without success. The exit node is running within Docker on an x86 Ubuntu host with the following Docker configuration:

version: "3"

services:
  tailscale:
    container_name: tailscale
    hostname: host
    image: tailscale/tailscale:latest
    command: tailscaled
    restart: always
    volumes:
      - ./config/tailscale:/var/lib
      - /dev/net/tun:/dev/net/tun
    privileged: true
    network_mode: host
    cap_add:
      - net_admin

I think this is being tracked in Docker Breaks when Tailscale configured to use an exit node · Issue #3877 · tailscale/tailscale · GitHub

Facing the same issue. There are three kinds of error messages in the log for the tailscale container -

[unexpected] peerapi listen("...") error: listen tcp6 [...]:0: bind: cannot assign requested address

Drop: ICMPv4{...> ...} 56 destination not allowed

Drop: TCP{... > ...} 64 destination not allowed