Routes not added in HA

[CamFlyerCH]

Problem/Motivation

To start: I am not entirely sure, if this is an issue, a technical limitation or a feature request. I am in the situation, where I have sensors in 2 separate networks / locations that I want to connect to from one HA instance.

Expected behavior

I have HA in network 1 and HA also in network 1. This is all fine. I have sensors in location 2 and also a running tailscale node that act also as a subnet router. Sensors are reachable with their local IP from any tailscale node in the same tailscale network. I install also tailscale via Add-on on HA in network 1, add it to the same tailscale network. So I can include now sensors from network 2 via tailscale VPN to the HA in network one by using their local IP.

Actual behavior

Mostly all work as expected till the last part. The sensors in network two are reachable from any tailscale node, but not from HA in network 1.

Steps to reproduce

I tested it with Integrations like SolarLog or with ping from a HA CLI . Also I connected to the console of the tailscale Add-on. Same issues and also there are no routes visible with using "ip route" or "route -n".

Proposed changes

Get routing working. I saw that "tailscale up" contains the needed option "--accept-routes". But it seams not to work. Also found no error in the log (debug - mode). (Would be nice if also https://tailscale.com/kb/1214/site-to-site/ would be possible.)

[lmagyar]

Duplicate/related: #129 #67

The add-on is running in userspace networking (options+=(--tun=userspace-networking) is hard wired), so it doesn't create a network interface that's visible from other containers, so its not possible to route traffic outbound (see https://tailscale.com/kb/1112/userspace-networking/).

But! Tailscale can provide a SOCKS5/HTTP proxy for this situation for outbound traffic.

I've tested it yesterday, it works fine, and now I've created a PR #170.

You can test this functionality until this PR is merged in my fork: https://github.com/lmagyar/homeassistant-addon-tailscale

[CamFlyerCH]

Thanks for the feedback. First I am wondering, if it would be possible to change the add-on to not run in userspace. I checked the Wireguard add-on, and it has an device wg0. I would understand, but don't know how, if it would be needed to add some static routes, but how is this even possible in a hassio setup ?

The other question, where I did not found hints for, ist how I could use the SOCKS or HTTP proxy to access just some sensors ? For sensors attached "the other way" like with MQTT I understand the issue lies on the network 2 to be able to route the traffic to the HA. But for that direction (lets say incoming to HA) the tailscale add-on is already working fine.

[lmagyar]

if it would be possible to change the add-on to not run in userspace

See #41 #22 #32, so I don't think so, but I'm just another user of this add-on.

how I could use the SOCKS or HTTP proxy to access just some sensors

Hmmm, RESTful integration has no direct proxy support, it is not planned (https://github.com/home-assistant/core/issues/36788 https://github.com/home-assistant/core/pull/67941 https://community.home-assistant.io/t/support-http-proxy/204661) so I think you have to manually set up a reverse proxy through socks.

[frenck]

With the more recent OS releases, we could consider moving out of the user space.

The additional features come at the price of risking messing with the host networking, which is kinda nice of the user space solution.

[github-actions[bot]]

There hasn't been any activity on this issue recently, so we clean up some of the older and inactive issues. Please make sure to update to the latest version and check if that solves the issue. Let us know if that works for you by leaving a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thanks!