Installed Tailscale 1.36.1 - now QNAP is inaccessible

[MattieTK]

Hi there,

I recently installed Tailscale 1.36.1 from the qpkg provided here on my QNAP NAS TVS-471 running firmware 5.0.1.

Immediately following this installation via the web console to connect it to Tailscale, the NAS stopped responding via its IP over http, ssh or pings, though my unifi router can see the device and is assigning it a local IP (though this is fixed).

From the dashboard in tailscale I can see the device is somehow connecting and then disconnecting again ten minutes later. It does this on a loop. I can't quite tell if its rebooting as I can't connect to it, but I will update this if it is.

[MattieTK]

Just so you know I performed a reset on the system via the reset button on the NAS.

And then (naively) installed the same package again. This caused the same problem. The NAS remained connected to tailscale, but became completely inaccessible to devices on the local network whether those devices were signed into tailscale or not. The device was accessible via ssh via tailscale, but because the system was set up to only accept local connections via ssh it failed every login attempt.

[B85S5DSG]

Same here. 1.34.1 was working for me, but then 1.36.1 made my NAS inaccessible and still did not connect to Tailscale.

When I try to get it to connect VIA SSH, I get the following:

./tailscale -socket var/run/tailscale/tailscaled.sock up failed to connect to local tailscaled (which appears to be running as tailscaled, pid 27902). Got error: Failed to connect to local T ailscale daemon for /localapi/v0/status; not running? Error: dial unix var/run/tailscale/tailscaled.sock: connect: connection refused

Running on a TVS-872XT with QuTS Hero h5.0.1.2348.

[wingcomm]

Try 1.40.0.

[lincolntan36]

I had the same problem pop up when I updated to 1.40.0 also it might be something that qnap did with a firmware update that clashed with tailscale

[aljen]

Same here, updated QNAP to QuTS hero h5.0.1.2376 & Tailscale to 1.40.0 and I can see it only via tailscale IP

[tuxpowered]

New QNAP Installed Tailscale from App Center. After joining tailscale network, when tailscale starts the local LAN access gets blocked. You CAN access it over the tailscale IP but this is not ideal.

This is absolutly something specific to tailscale, as if you login to the webUI over the tailscale IP and stop tailscale in the gui, it immediately starts responding on the LAN IP address.

Start tailscale again over the LAN IP and a few moments after it starts up it stops responding on the LAN IP.

I even manually set the default route to the specific interface, and no success.

[wingcomm]

@tuxpowered Try the 1.46 release here on GitHub. QNAP releases are old.

[DentonGentry]

Also, if you have shell access: tailscale up --accept-routes=false might help. That would imply that there is a subnet router, and that something is going wrong when programming the routes.

[tuxpowered]

@wingcomm Unfortunately 1.46.1 does not solve the issue, nor does the most current 1.48.

[tuxpowered]

@DentonGentry The default appears to be accept-routes=false already but when running that

<g/Tailscale] # ./tailscale up --accept-routes=false
Some peers are advertising routes but --accept-routes is false```
It doesn't change anything....

Interestingly enough, if I stop the service in the QNap GUI, and go to the command line and manually launch the daemon, 

cd /share/CACHEDEV1_DATA/.qpkg/Tailscale/ && ./tailscaled --verbose

and in another terminal start tailscalse `./tailscale up` 
It works fine.  really confusing. 

[tuxpowered]

Okay so got it working...

1. completely uninstall previous version
2. Remove from tailscale admin
3. install 1.48
4. rejoin to tailscale
5. Verify.

Not sure why that dance was needed. but it solved the issue. It is now available over both the tailscale network and the native LAN like it should be.

[B85S5DSG]

Okay so got it working...

Is your QNAP accessible via your LAN IP with routing enabled? I'm still running the old version (1.34.1) on the NAS with routing enabled. I am using the QNAP as a Tailscale router, so I can access other devices from outside my house which are not able to run Tailscale themselves.

NAS functionality: From my phone via cellular only: Tailscale client on - NAS accessible with Tailscale IP and LAN IP From my phone via cellular only: Tailscale client off - inaccessible as expected From my phone via LAN wifi: Tailscale client on - NAS accessible via LAP IP only From my phone via LAN wifi: Tailscale client off - NAS accessible via LAP IP only as expected

Is this how 1.48 is working? QuTS Hero 5.1.1.2488

[ag14spirit]

I have the same issue with the following environment: Hardware: TS-932PX Firmware: QTS 5.1.1.2491 Tailscale qpkg from the QNAP App Store: Tailscale 1.40.0-1 (2023-06-12)

This is the first I've had this issue since the release of the qpkg in the App Store. I will share further details if I find anything as I investigate (but I'm a rookie sysadmin homelab guy, so wish me luck).

[DentonGentry]

@ag14spirit We would need a bugreport or even the Tailscale IP address of the QNAP device to have a change of finding its telemetry. If not comfortable corresponding about that on a public issue, you can contact support instead: https://tailscale.com/contact/support/

[ag14spirit]

@DentonGentry I'll provide log files via the support link.

My QNAP device Tailscale IP is currently 100.106.238.134, if that helps you in any way; I'll also identify that in the support submission in case that hits a different desk than yours.

[xsherlockpl]

I just run into same issue. instaled 1.40 from the app store. Why there is no recent version there? Qnap become completly inaccesible from local lan , however the VM's were working just fine. From LOCAL lan the tailscale IP was unpingable !!!!! I was completly cut off. but tailscale console was claiming it was still active.

I managed to ping it over tailscale from one of the VM's inside the qnap. but the pings were like 2000ms , and disable the tailscale app , that took like 5 min to get to proper menu in the CLI , that made it work perfectly fine again from local lan.

QNAP is such a vital piece of hardware in my network, that it is scary how I almost lost it (one VM is running openhab that is managing all light switches in a house )

Not experimenting again. I settled on running exit node on a separate VM inside qnap so i can access it remotely this way.

[ag14spirit]

@DentonGentry

So the latest qpkg successfully allowed me to access my QNAP device via Tailscale...and only by Tailscale. But, I'm not blocked from the device as I was last time; this is improved.

Upon logging in via SSH, I go to the Tailscale CLI in the following directory: cd /share/CACHEDEV1_DATA/.qpkg/Tailscale

And I'm unable to generate a bug report using the following command: sudo ./tailscale -socket var/run/tailscale/tailscaled.sock bugreport

It appears that only some of the commands function, even with sudo.

Is it possible this is related to having disabled the default admin/root account (as common best practice) via the QNAP QTS GUI?

I'd eventually like to run tailscale serve to expose the QTS login with properly signed TLS over my Tailnet, which appears to be an option in the Tailscale CLI USAGE print that outputs upon failing the above command(s).

[rtgnx]

I've ran into the same issue on latest release v1.58, as soon as qnap joins tailnet device stops responding on local address.

[lunim]

I'm seeing the same issue, I can't access web UI or plex when tailscale is installed. I installed the lastest from the app store. Running the latest QTSHero

[cromelex]

I had this issue once I enabled subnet routes on a different machine running tailscale on my LAN.

This is happening with the latest, v1.58.2.

Once I disabled "subnet routes" on the other machine, I was able to access my QNAP again. Thanks

[Xuntar]

I'm having the exact same issue on the latest version as described by @cromelex. I also have a device (a Synology NAS) with Tailscale on the same LAN that has subnet routes enabled. I can no longer access my QNAP over its IP address and it can no longer access my internal DNS on the same network.

[lucasmodrich]

I have encountered the same issue with my QNAP NAS using Tailscale. I updated the NAS to use the latest version of Tailscale (v1.66.4) and the issue persists.

As reported above, the issue occurs for me as soon as another node in the Tailscale network advertises a subnet route (in my case this needs to be approved first in the admin panel). As soon as this happens, I lose all connectivity to the NAS.

To restore access, I need to update the node subnet router node to remove the advertisement of routes. As soon as I do this, I can access the NAS again.

Not really any new information here, but just adding weight to the issue mentioned above.

[wingcomm]

Still an issue for me as well.

[EarSum]

Same issue for me with latest version(v1.68.2)

[TheJesusFish]

Only thing I have found to fix this is to either disable any subnet routers in your tailnet, or start tailscale on the qnap with --accept-routes=FALSE

[Deor]

Have tried this today with v 1.7 and still the same problem.

How do I start Tailscale on my Qnap with the --accept-routes=FALSE switch? When I ssh into my TS-453a it doesnt recognise the tailscale command.

[TheJesusFish]

How do I start Tailscale on my Qnap with the --accept-routes=FALSE switch? When I ssh into my TS-453a it doesnt recognise the tailscale command.

Run export PATH=$PATH:$(getcfg SHARE_DEF defVolMP -f /etc/config/def_share.info)/.qpkg/Tailscale/ first.

[Deor]

How do I start Tailscale on my Qnap with the --accept-routes=FALSE switch? When I ssh into my TS-453a it doesnt recognise the tailscale command.

Run export PATH=$PATH:$(getcfg SHARE_DEF defVolMP -f /etc/config/def_share.info)/.qpkg/Tailscale/ first.

Thanks for the fast reply, can access my NAS on the local IP again now.

[danywebxx]

Same problem with 1.70.0-1

[EmilioMoreno]

Same here, both in 1.40 and 1.70.0-1. The app (1.40) should b e removed from QnapStore. Not funny for a newbie user to suddenly loose control of their nas

[TheJesusFish]

Same here, both in 1.40 and 1.70.0-1. The app (1.40) should b e removed from QnapStore. Not funny for a newbie user to suddenly loose control of their nas

100% this. Please do something about either fixing this, or warning folks on what they need to do in order to reach the nas. If it weren’t for google, I would have had no idea that I could hit its tailscale IP

[DanielPower]

I'm running into this too with the app installed from the QNAP App store. The moment I logged in, my NAS became inaccessible over the local network. This knocked out services that depend on that NAS.

This app needs to be pulled from the QNAP store immediately until the problem can be resolved.

[CautionSentry]

I'm having the same issue with the latest QPKG from the Tailscale website

[guntherpea]

Ah, so I just walked headlong into the same issue here. Got TailScale running on a TrueNAS I just set up and added it to my QNAP to simplify access without directly opening up the QNAP to the internet. Now I'm not able to see my QNAP on the local network, nor can I SSH into it with the local IP or the Tailnet IP. If anyone knows how I can gain access to the QNAP and remove the TailScale app, that would be very much appreciated.

EDIT: I got it removed. Shut it down with the limited menu on the front and physical buttons, then booted it and managed to get logged in and remove the TailScale app before it started and locked me out of connecting.

Just for context, I installed version 1.40.? from the QNAP store - I don't know how to install apps outside the QNAP store so I won't be attempting this again.

As a bit of an aside, is it possible to get to my QNAP device over the network, using TailScale, without adding the app and putting it explicitly on my Tailnet?

[CautionSentry]

Ah, so I just walked headlong into the same issue here. Got TailScale running on a TrueNAS I just set up and added it to my QNAP to simplify access without directly opening up the QNAP to the internet. Now I'm not able to see my QNAP on the local network, nor can I SSH into it with the local IP or the Tailnet IP. If anyone knows how I can gain access to the QNAP and remove the TailScale app, that would be very much appreciated.

EDIT: I got it removed. Shut it down with the limited menu on the front and physical buttons, then booted it and managed to get logged in and remove the TailScale app before it started and locked me out of connecting.

Just for context, I installed version 1.40.? from the QNAP store - I don't know how to install apps outside the QNAP store so I won't be attempting this again.

As a bit of an aside, is it possible to get to my QNAP device over the network, using TailScale, without adding the app and putting it explicitly on my Tailnet?

I had the same issue before had to link my QNAP to a PiKVM to login locally onto the NAS and delete the application. You can do the same by connecting your NAS to a monitor and keyboard.

[TheJesusFish]

I think this may be fixed in 1.7.4?

[B85S5DSG]

I think this may be fixed in 1.7.4?

I think you are correct. I finally decided to update with the QPKG and it did work. I still had to use the command line to enable the routing and exit node, but all was fine. One bug still, shutting it off on the the NAS and restarting. All connectivity is lost until a reboot by hitting the button.