Open Linuturk opened 1 year ago
I’ve been trying the same base on this PR and struggling with it, Tailscale run in an userspace networking in the container, main application must use socks5 or HTTP proxy to connect truth the exit node. An dirty workaround following this docs : https://tailscale.com/kb/1112/userspace-networking/ for me was to add :
root/etc/s6-overlay/s6-rc.d/svc-tailscale/run
if ! [ -e /dev/net/tun ]; then
FLAGS="$FLAGS --tun=userspace-networking"
if [ -v TAILSCALE_USE_EXIT_NODE ]; then
FLAGS="$FLAGS --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055"
fi
fi
root/etc/s6-overlay/s6-rc.d/svc-tailscale-up/run
# configure proxy
sleep 3 # give tailscale a chance to start up
if [ -v TAILSCALE_USE_EXIT_NODE ]; then
if [ -d /var/run/s6/container_environment ]; then
printf "socks5://localhost:1055/" > /var/run/s6/container_environment/ALL_PROXY
printf "http://localhost:1055/" > /var/run/s6/container_environment/HTTP_PROXY
printf "http://localhost:1055/" > /var/run/s6/container_environment/http_proxy
fi
fi
@LimeDrive thanks for sharing. Based on your work it sounds like my PR might not even be appropriate.
@LimeDrive do you have a fork where I can try out your changes? Did you find that the proxy settings were always required for exit node use, or only when limited to userspace networking?
@LimeDrive do you have a fork where I can try out your changes? Did you find that the proxy settings were always required for exit node use, or only when limited to userspace networking?
That was the fork I used for testing: https://github.com/LimeDrive/tailscale-mod/pkgs/container/tailscale-mod/131781718?tag=main still dirty code for testing propose.
Proxy settings should only be added with user space networking on init of the mod. If you mount /dev/tun in your container, the Tailscale daemon will launch without, but it might interfere with your system i gess.
I gave up after testing mod with an exit node and found it more efficient to share the container VPN network with Docker for this kind of setup.
Thanks for the PR and apologies for the delay on this; reviewing now.