Closed proever closed 11 months ago
DentonGentry
commented
11 months ago That is the nature of the userspace-networking mode: it cannot support any arbitrary Linux socket application. Doing so requires a TUN device and operating in regular TUN mode.
userspace-networking can handle incoming connections by sending them to a socket listening on localhost. Outgoing connections require that the app use SOCKS5 or an HTTP proxy, and ping does not.
proever
commented
11 months ago Got it, thanks for the quick reply! I'll go ahead and mark the issue as closed.
All of this is because I have a rather specific need to install a k3s agent inside a docker container and have it connect via Tailscale to a server somewhere else, and I just can't get it working it seems. I may reach out via support or make a separate ticket for that. Thanks for your help!
What is the issue?
To start with I'd like to say I'm not sure this is a bug, or if it's the expected consequence of running Tailscale in userspace networking mode. If this is expected behavior I apologize for the unnecessary issue!
The issue is that I cannot
pingother Tailscale devices from a docker container running Tailscale in userspace networking mode.tailscale pingworks fine though.Steps to reproduce
docker run -it --rm debian:bookworm-slim bash).curl,ping, and Tailscale (apt update && apt install -y curl iputils-ping && curl -fsSL https://tailscale.com/install.sh | sh)tailscaledin userspace-networking mode, as explained here (tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 &, followed bytailscale up).tailscale ip -4) and verify that I canping <CONTAINER_IP>successfully from another Tailscale device (this always works).Are there any recent changes that introduced the issue?
No response
OS
Linux
OS version
Debian 12
Tailscale version
1.54.0
Other software
Docker
Bug report
BUG-a6744b04b4aa016002aca9a2bd3b8ecebcfd75affe38db88cd7a6a10bc8af634-20231115220238Z-34d4645747dfc163