Using Tailscale from Docker Containers

A blog post on using Tailscale from docker containers by Richard North: https://rnorth.org/tailscale-docker/

So I’m using Richards approach here, but building my own version of the Docker container from the v1.1.0 tag and it doesn’t seem to work. It fails with a whole lot of “timeout waiting for pong” messages in the logs as well as lots of:

2020/10/20 23:19:04 7.9M/22.5M Failed to write packet to TUN device: packet dropped by filter
2020/10/20 23:19:04 7.9M/22.5M [RATE LIMITED] Failed to write packet to TUN device: packet dropped by filter

This worked fine on a v0.99.1 Docker image version.

Hi Spudly and welcom to tailscale forum!

Can you post your Tailscale version #, OS, and your docker-compose.yml file?
thanks!

Hi Spudly,

Please don’t build directly from the v1.1.0 tag - that version is
extremely unstable (the entire v1.1 series is the unstable track, and
1.1.0 is the most unstable of all). If you’re building v1.1, it’s
better to use the main branch instead.

Hi all,

Seems like the appropriate thread to build on top of with further questions on how exactly one might implement tailscale in a docker container for use in a VM.

In my case, I’m building a container image to run a dedicated server for a component of Unreal Engine, dockerized from this documentation. Everything builds fine, except that docker won’t build the layer that includes starting the tailscale daemon tailscaled.

I’ve followed this Github Issue, and understand that I need to enable the TUN adapter. However, it doesn’t seem to work when implemented as RUN layers in the Dockerfile.

RUN mkdir /var/lib/tailscale \
         && mkdir /dev/net \
         && mknod /dev/net/tun c 10 200

RUN tailscaled \
         && tailscale up -authkey "${TAILSCALE_KEY}"

I get the following errors upon running docker build:

How can I set up tailscaled in the build stage? I understand that I need to run the image with flags along the lines of:
docker run -dit -p 7000:7000/udp --cap-add=NET_ADMIN --device=/dev/net/tun:/dev/net/tun repo:imagename
but as mentioned, it gets held up in the build stage because the adapter doesn’t exist.

Is it best to use the Tailscale docker image in a multi-stage build? Is tailscaled only supposed to be run in the CMD stage (not a RUN layer?) I’m jumping off the deep end here and am in over my head, so any pointers or code snippets which show how to implement this in a Dockerfile would be most welcome.

Most solutions referenced in the github issues are made for running on a cluster e.g. with Kubernetes and Docker Compose, but I’m interested in using a single container image built from a single Dockerfile which can be hosted on a container registry and then used to build a VM directly from the image e.g. on Google Cloud Compute Engine.

Thanks

I replied to your same question at Support running in containers (Docker, Kubernetes) · Issue #504 · tailscale/tailscale · GitHub

1 Like

thanks! Conversation moved over there. Cheers