Unable to run TailScale in Synology Docker (DSM7)

1

Hi
What I’m trying to do is run 2 containers on my Synology NAS.
1st is PiHole with a custom IP to serve the LAN as well as requests coming via TailScale VPN
2nd is TailScale to handle the connections to PiHole via the tailscale VPN

I’m struggling to get tailscale to come up and I’m not sure why it’s erroring.

Here’s what I’ve done so far
I setup a macvlan in docker for the PiHole so it can have a unique LAN IP separate from Synology:

docker network create -d macvlan \
--subnet=192.168.0.0/24 \
--ip-range=192.168.0.201/28 \
--gateway=192.168.0.1 \
-o parent=ovs_bond0 mycustommacvlan

Then I created the PiHole:

docker run -d \
--name pihole \
-h PiHole2 \
--net mycustommacvlan \
-p 53/tcp \
-p 53/udp \
-p 67/udp \
-p 80/tcp \
--ip 192.168.0.200 \
-e ServerIP=192.168.0.200 \
-e PIHOLE_DNS_=1.1.1.1\;8.8.8.8 \
-e DHCP_RAPID_COMMIT=True \
-e DNSMASQ_USER=root \
-e DNSMASQ_LISTENING=local \
-e IPv6=False \
-e HOSTNAME=pihole2 \
-e PIHOLE_DOMAIN=mydomain \
-e HOME=/root \
-e TZ=EUROPE/LONDON \
-v /my/full/local/path/to/pihole:/etc/pihole \
-v /my/full/local/path/to/dnsmasq.d:/etc/dnsmasq.d \
--cap-add CAP_NET_ADMIN \
--restart=unless-stopped \
pihole/pihole:latest

That all works fine and is usable by all devices on the LAN @ 192.168.0.200
Pihole is set to “Permit all origins” for DNS requests so t will work with both networks
So far so good.
So now I try to install tailscale:

docker run -d \
--name=tailscaled \
--network=host \
-v /my/full/local/path/to/lib:/var/lib \
-v /dev/net/tun:/dev/net/tun \
--privileged \
tailscale/tailscale:latest

It pulled the latest image down and installed fine, but when I try to start tailscale from within the container (docker exec tailscaled tailscale up) I get this error:

failed to connect to local tailscaled (which appears to be running as tailscaled, pid 7). Got error: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial unix /var/run/tailscale/tailscaled.sock: connect: no such file or directory

I confirmed that /dev/net/tun exists (just in case)

Google searches found examples where synology packages wouldn’t run, but not docker IN synology, so I’m a bit stuck. Any help would be appreciated

Thanks
CW

2

Following. Having the same issue as well. @callumw better to create this post in github issues as well.

3

Done

4

Hi.
I found a fix for this which I added to the github bug report, but adding here to make it easier for others to find:

Addendum - I found the solution to the error: “/var/run/tailscale/tailscaled.sock does not exist”

Checking the processes inside the container I see:

/usr/local/bin # ps -ef | grep -i tailscale
    1 root      0:00 /bin/sh /tailscale/run.sh
    7 root      0:00 tailscaled --socket=/tmp/tailscaled.sock --state=mem: --tun=userspace-networking
    8 root      0:00 tailscale --socket=/tmp/tailscaled.sock up --accept-dns=false

The .sock is there, just not in /var/run

So I created a symbolic link from the /tmp folder to the /var by typing the following:

cd /var/run
mkdir tailscale
ln -s /tmp/tailscaled.sock /var/run/tailscale/tailscaled.sock

Now when I run tailscale up I get the URL to authenticate

5

linking the issue in github here.

1 Like
7

Another way to run TailScale is inside the PiHole container.
There’s no TUN file accessible (or systemctl), so we have to start the process every time the container runs.
A bit of research shows that a @reboot in the cron doesn’t work because the cron daemon isn’t included with the base docker unix image.

So, rather than install crontab and all the necessary components just for this one task, it’s easier to just append it to the PiHole’s start --execution command, which in this case is: /s6-init

Below is the code to install TailScale within a PiHole Container.

echo This is to install TailScale within the (official) PiHole Container
-------
docker exec -it pihole /bin/bash

echo  Once in the container, run:
apt-get update -y && apt-get upgrade -y && apt-get autoremove -y && apt-get autoclean -y
curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
curl -fsSL https://pkgs.tailscale.com/stable/debian/bullseye.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
apt-get update -y
apt-get install tailscale -y

echo   This starts the TailScale process automatically each time you start the container
echo  tailscaled --tun=userspace-networking --socks5-server=localhost:1055 >> /s6-init

echo  Now start the process once manually so we can register the container in TailScale
tailscaled --tun=userspace-networking --socks5-server=localhost:1055 &
clear ; jobs

tailscale up --accept-dns=false
8

I put TS_SOCKET=/var/run/tailscale/tailscaled.sock into docker-compose.yaml, it works, no need --socket=/tmp/tailscale.sock now

1 Like