SteamOS 3.4 Preview - Tailscaled.service failing

[MadByteDE]

First of all, thanks for the script!

It seems like on the preview channel for SteamOS 3.4 tailscale can't launch anymore:

Any idea why that might be?

[deasmi]

I will try and recreate

[MadByteDE]

Launching tailscaled --cleanup from console results in this (crashing): Gist

And here is when running the deamon without --cleanup flag (successful): Gist

Seems like the --cleanup flag somehow does not work because there's no eth device set or something?

also this part:

wgengine.NewUserspaceEngine(tun "tailscale0") ...
router: v6nat = true

seems to be missing when --cleanup is set.

Maybe this helps.

EDIT:

& removing --cleanup from the .service file (+ systemd --user deamon-reload) & starting the service via systemctl --user start tailscaled seems to show maybe the main issue:

Nov 23 20:50:07 keyleth systemd[1309]: Starting Tailscale node agent...
Nov 23 20:50:07 keyleth tailscaled[10615]: 2022/11/23 20:50:07 logtail started
Nov 23 20:50:07 keyleth tailscaled[10615]: 2022/11/23 20:50:07 Program starting: v1.32.3-ta07555f43-g093d1e978, Go 1.19.2-ts3fd24dee31: []string{"/home/deck/.local/bin/tailscaled"}
Nov 23 20:50:07 keyleth tailscaled[10615]: 2022/11/23 20:50:07 LogID: ##redacted##
Nov 23 20:50:07 keyleth tailscaled[10615]: 2022/11/23 20:50:07 logpolicy: using $STATE_DIRECTORY, "/home/deck/.config/tailscale"
Nov 23 20:50:07 keyleth tailscaled[10615]: 2022/11/23 20:50:07 wgengine.NewUserspaceEngine(tun "tailscale0") ...
Nov 23 20:50:08 keyleth tailscaled[10615]: 2022/11/23 20:50:08 wgengine.NewUserspaceEngine(tun "tailscale0") error: creating router: could not get iptables version: exit status 111
Nov 23 20:50:08 keyleth tailscaled[10615]: 2022/11/23 20:50:08 flushing log.
Nov 23 20:50:08 keyleth tailscaled[10615]: 2022/11/23 20:50:08 logger closing down

Maybe no permission to access /dev/net/tun when running from systemd? My unix knowledge seems to end here :smile:

[deasmi]

I have not been able to recreate. Will try a clean steamOS install.

[MadByteDE]

Thanks for looking into it.. It stopped working for me right after updating to 3.4 preview. I switched to this method for now, seems to work fine as well and also survives updates.

[gilmorem560]

Hello, I found my way to this issue researching a very similar issue while trying to get podman going. Digging down through the layers, presumably this sits up on top of go-iptables, that's what is generating the text

could not get iptables version: exit status 111

in my case. This in turn is reporting an error from attempting

iptables --version

Digging into iptables itself, I found that the return status of 111 is returned by "xtables_init" in libxtables/xtables.c which contains:

void xtables_init(void)
{
    /* xtables cannot be used with setuid in a safe way. */
    if (getuid() != geteuid())
        _exit(111);
...

So the root cause of at least that part of what you're seeing here is that Tailscale or something it is consuming is probably running suid. Good luck with the rest, hopefully that helps!