Unable to log in on macOS Sonoma

michaelmior commented 5 months ago

What is the issue?

Can't log in on macOS. I think I did eventually manage to log in briefly by starting the Web interface and reauthenticating from there. However, the node is currently disconnected and logging in doesn't work.

Steps to reproduce

Install Tailscale from the App Store
Click Login either at the post-install screen, menu bar icon, or CLI
Nothing happens

Are there any recent changes that introduced the issue?

No

OS

macOS

OS version

Sonoma 14.0

Tailscale version

1.56.1

Other software

TripMode installed but not running Cloudflare WARP previously installed

Bug report

BUG-c21eea7729618543fcb16e8cd08c1fb71fd036af72ee126fe2e948a43f70086d-20240102180335Z-ccf775543a4fe98d

michaelmior commented 5 months ago

Logs below captured from Console.app while trying to log in.

default 12:58:53.310425-0500    Tailscale   container_create_or_lookup_app_group_path_by_app_group_identifier: success
default 12:58:53.311203-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> resuming, timeouts(60.0, 604800.0) QOS(0x21) Voucher (null)
default 12:58:53.312391-0500    Tailscale   [Telemetry]: Activity <nw_activity 12:2[921DC52B-F99A-4F1F-A98A-4EFC84965C4A] (reporting strategy default)> on Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> was not selected for reporting
default 12:58:53.319766-0500    Tailscale   container_create_or_lookup_app_group_path_by_app_group_identifier: success
default 12:58:53.320291-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> resuming, timeouts(60.0, 604800.0) QOS(0x21) Voucher (null)
default 12:58:53.321223-0500    Tailscale   [Telemetry]: Activity <nw_activity 12:2[EE6427AC-7FA9-4E0E-A492-F6356478039B] (reporting strategy default)> on Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> was not selected for reporting
default 12:58:53.322088-0500    Tailscale   Connection 19: starting, TC(0x0)
default 12:58:53.322490-0500    Tailscale   [C19 30101E05-227A-463A-B8E4-75833288C25B 127.0.0.1:55672 tcp, url hash: c3f687bc, definite, attribution: developer, context: com.apple.CFNetwork.NSURLSession.{A27ED95E-C441-4409-8FF7-8A5310C71614}{(null)}{Y}{2}{0x0} (private), proc: FD71A62E-6DDA-3B72-B340-7BD5A75166FC] start
default 12:58:53.324668-0500    Tailscale   [C19 127.0.0.1:55672 initial parent-flow ((null))] event: path:start @0.001s
default 12:58:53.326982-0500    Tailscale   [C19 127.0.0.1:55672 waiting parent-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: path:satisfied @0.004s, uuid: 31B612BA-936C-4D76-8F6E-34023D29C6EC
default 12:58:53.329436-0500    Tailscale   [C19 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:start_connect @0.006s
default 12:58:53.329546-0500    Tailscale   nw_connection_report_state_with_handler_on_nw_queue [C19] reporting state preparing
default 12:58:53.330363-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> setting up Connection 19
default 12:58:53.330661-0500    Tailscale   order window: 25266 op: 1 relative: 0 related: 0
default 12:58:53.331432-0500    Tailscale   order window: 25266 op: 1 relative: 0 related: 0
default 12:58:53.332916-0500    Tailscale   nw_socket_handle_socket_event [C19:2] Socket received CONNECTED event
default 12:58:53.333329-0500    Tailscale   nw_flow_connected [C19 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] Transport protocol connected (socket)
default 12:58:53.333736-0500    Tailscale   [C19 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:finish_transport @0.010s
default 12:58:53.333780-0500    Tailscale   nw_flow_connected [C19 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] Output protocol connected (CFNetworkConnection-3505044661)
default 12:58:53.333897-0500    Tailscale   [C19 127.0.0.1:55672 ready socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:finish_connect @0.011s
default 12:58:53.335335-0500    Tailscale   nw_connection_report_state_with_handler_on_nw_queue [C19] reporting state ready
default 12:58:53.335381-0500    Tailscale   [C19 127.0.0.1:55672 ready socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:changed_viability @0.012s
default 12:58:53.335571-0500    Tailscale   Connection 19: connected successfully
default 12:58:53.335634-0500    Tailscale   Connection 19: ready C(N) E(N)
default 12:58:53.335841-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> now using Connection 19
default 12:58:53.338764-0500    Tailscale   Connection 19: received viability advisory(Y)
default 12:58:53.339077-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> sent request, body N 0
default 12:58:53.339329-0500    Tailscale   Connection 20: starting, TC(0x0)
default 12:58:53.339391-0500    Tailscale   [C20 7E34F7C8-43BE-49DF-904E-3ECABAC472B3 127.0.0.1:55672 tcp, url hash: c3f687bc, definite, attribution: developer, context: com.apple.CFNetwork.NSURLSession.{A27ED95E-C441-4409-8FF7-8A5310C71614}{(null)}{Y}{2}{0x0} (private), proc: FD71A62E-6DDA-3B72-B340-7BD5A75166FC] start
default 12:58:53.339452-0500    Tailscale   [C20 127.0.0.1:55672 initial parent-flow ((null))] event: path:start @0.000s
default 12:58:53.343008-0500    Tailscale   [C20 127.0.0.1:55672 waiting parent-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: path:satisfied @0.003s, uuid: 31B612BA-936C-4D76-8F6E-34023D29C6EC
default 12:58:53.344192-0500    Tailscale   [C20 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:start_connect @0.004s
default 12:58:53.344456-0500    Tailscale   nw_connection_report_state_with_handler_on_nw_queue [C20] reporting state preparing
default 12:58:53.344963-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> setting up Connection 20
default 12:58:53.348336-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> received response, status 200 content K
default 12:58:53.348536-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> response ended
default 12:58:53.348572-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> done using Connection 19
default 12:58:53.348831-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> summary for task success {transaction_duration_ms=35, response_status=200, connection=19, protocol="http/1.1", domain_lookup_duration_ms=0, connect_duration_ms=5, secure_connection_duration_ms=0, private_relay=false, request_start_ms=25, request_duration_ms=0, response_start_ms=35, response_duration_ms=0, request_bytes=317, response_bytes=581, cache_hit=true}
default 12:58:53.348799-0500    Tailscale   [C19] event: client:connection_idle @0.026s
default 12:58:53.349494-0500    Tailscale   Task <A813FF33-CB3E-438F-9BC5-83603A3F2AC9>.<38> finished successfully
default 12:58:53.349819-0500    Tailscale   nw_socket_handle_socket_event [C20:2] Socket received CONNECTED event
default 12:58:53.350045-0500    Tailscale   nw_flow_connected [C20 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] Transport protocol connected (socket)
default 12:58:53.350100-0500    Tailscale   [C20 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:finish_transport @0.010s
default 12:58:53.350198-0500    Tailscale   nw_flow_connected [C20 127.0.0.1:55672 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] Output protocol connected (CFNetworkConnection-3505044661)
default 12:58:53.350363-0500    Tailscale   [C20 127.0.0.1:55672 ready socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:finish_connect @0.010s
default 12:58:53.350753-0500    Tailscale   nw_connection_report_state_with_handler_on_nw_queue [C20] reporting state ready
default 12:58:53.350846-0500    Tailscale   [C20 127.0.0.1:55672 ready socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:changed_viability @0.011s
default 12:58:53.350935-0500    Tailscale   Connection 20: connected successfully
default 12:58:53.350997-0500    Tailscale   Connection 20: ready C(N) E(N)
default 12:58:53.351294-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> now using Connection 20
default 12:58:53.351360-0500    Tailscale   Connection 20: received viability advisory(Y)
default 12:58:53.351567-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> sent request, body N 0
default 12:58:53.352212-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> received response, status 200 content K
default 12:58:53.352490-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> response ended
default 12:58:53.352524-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> done using Connection 20
default 12:58:53.352633-0500    Tailscale   [C20] event: client:connection_idle @0.013s
default 12:58:53.352757-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> summary for task success {transaction_duration_ms=31, response_status=200, connection=20, protocol="http/1.1", domain_lookup_duration_ms=0, connect_duration_ms=6, secure_connection_duration_ms=0, private_relay=false, request_start_ms=29, request_duration_ms=0, response_start_ms=30, response_duration_ms=0, request_bytes=317, response_bytes=581, cache_hit=true}
default 12:58:53.352924-0500    Tailscale   Task <94B485B0-F87C-4A07-A1F6-BDC4E044B0F1>.<39> finished successfully
default 12:58:53.359420-0500    runningboardd   Acquiring assertion targeting [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] from originator [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] with description <RBSAssertionDescriptor| "com.apple.CFNetwork.StorageDB" ID:190-42184-1267543 target:42184 attributes:[
    <RBSDomainAttribute| domain:"com.apple.common" name:"FinishTaskUninterruptable" sourceEnvironment:"(null)">,
    <RBSAcquisitionCompletionAttribute| policy:AfterApplication>
    ]>
default 12:58:53.359724-0500    runningboardd   Assertion 190-42184-1267543 (target:[app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184]) will be created as inactive as start-time-defining assertions exist
default 12:58:53.368911-0500    runningboardd   Acquiring assertion targeting [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] from originator [osservice<com.apple.WindowServer(88)>:174] with description <RBSAssertionDescriptor| "AppDrawing" ID:190-174-1267544 target:42184 attributes:[
    <RBSDomainAttribute| domain:"com.apple.appnap" name:"AppDrawing" sourceEnvironment:"(null)">,
    <RBSAcquisitionCompletionAttribute| policy:AfterApplication>
    ]>
default 12:58:53.369039-0500    runningboardd   Assertion 190-174-1267544 (target:[app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184]) will be created as active
default 12:58:53.369818-0500    runningboardd   Calculated state for app<application.io.tailscale.ipn.macos.444877761.444877781(502)>: running-active (role: UserInteractive)
default 12:58:53.370058-0500    runningboardd   [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] Ignoring jetsam update because this process is not memory-managed
default 12:58:53.370098-0500    runningboardd   [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] Ignoring suspend because this process is not lifecycle managed
default 12:58:53.370132-0500    runningboardd   [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] Ignoring GPU update because this process is not GPU managed
default 12:58:53.370232-0500    runningboardd   [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184] Ignoring memory limit update because this process is not memory-managed
default 12:58:54.421020-0500    runningboardd   Invalidating assertion 190-42184-1267543 (target:[app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184]) from originator [app<application.io.tailscale.ipn.macos.444877761.444877781(502)>:42184]
default 12:58:54.715655-0500    Tailscale   window NSPopupMenuWindow 25266 finishing close
default 12:58:54.716021-0500    Tailscale   order window: 25266 op: 0 relative: 0 related: 0
default 12:58:54.719309-0500    Tailscale   container_create_or_lookup_app_group_path_by_app_group_identifier: success
default 12:58:54.719846-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> resuming, timeouts(60.0, 604800.0) QOS(0x21) Voucher <private>
default 12:58:54.720592-0500    Tailscale   [Telemetry]: Activity <nw_activity 12:2[FC7359D9-5032-40C3-BAA6-2A758133F683] (reporting strategy default)> on Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> was not selected for reporting
default 12:58:54.721999-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> now using Connection 19
default 12:58:54.722095-0500    Tailscale   [C19] event: client:connection_reused @1.399s
default 12:58:54.723038-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> sent request, body N 0
default 12:58:54.729067-0500    IPNExtension    StartLoginInteractive: url=false
default 12:58:54.732217-0500    IPNExtension    control: client.Login(false, 2)
default 12:58:54.734561-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> received response, status 204 content U
default 12:58:54.734747-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> response ended
default 12:58:54.734514-0500    IPNExtension    control: LoginInteractive -> regen=true
default 12:58:54.734793-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> done using Connection 19
default 12:58:54.734702-0500    IPNExtension    control: doLogin(regen=true, hasUrl=false)
default 12:58:54.734766-0500    IPNExtension    control: Generating a new nodekey.
default 12:58:54.734905-0500    Tailscale   [C19] event: client:connection_idle @1.412s
default 12:58:54.735722-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> summary for task success {transaction_duration_ms=14, response_status=204, connection=19, reused=1, request_start_ms=1, request_duration_ms=0, response_start_ms=13, response_duration_ms=0, request_bytes=338, response_bytes=324, cache_hit=false}
default 12:58:54.736123-0500    Tailscale   Task <61E16717-95D9-4BB8-9863-E3DA48918628>.<40> finished successfully
default 12:58:54.737078-0500    IPNExtension    DefaultsSetting with key Tailnet has no value set, returning empty
default 12:58:54.737251-0500    IPNExtension    control: RegisterReq: onode= node=[klTDh] fup=false nks=false
default 12:58:54.737489-0500    IPNExtension    control: sockstats: trace "ControlClientAuto" was overwritten by another
default 12:58:55.013425-0500    IPNExtension    Received error: register request: Post "https://controlplane.tailscale.com/machine/register": unexpected EOF

michaelmior commented 5 months ago

So for some reason, a browser window popped open with the Tailscale login page. This was without any prompting from me, but this time I was able to log in successfully.

michaelmior commented 5 months ago

I had to restart Tailscale and now it's stuck at "Loading Backend…" I get one of the same error messages I saw previously.

default 12:48:47.120033-0500    IPNExtension    Received error: register request: Post "https://controlplane.tailscale.com/machine/register": unexpected EOF

tf64 commented 5 months ago

Full disclaimer I'm a complete noob...however, I was having the exact same problem. What fixed it for me was:

Make sure if you have an existing VPN (turn it completely off). I'm about 99% sure this was my issue.
Uninstall Tailscale and remove the Tailscale VPN profile from your MacOS settings.
I temporarily disabled all the random software from this list.
Then reinstall Tailscale using MacOS App Store, and run the setup normally. This time the log-in/authenticate function automatically opened Safari and allowed me to log-in.
Then turned all my random software back on and verified that Tailscale worked normally.

PS - If you use Little Snitch, it looks like you will need to allow network connections for IPNExtension and Tailscale.

I'm running Tailscale 1.56.1 and MacOS 14.1.1. Good luck.

agottardo commented 4 months ago

@michaelmior we usually see Received error: register request: Post "https://controlplane.tailscale.com/machine/register": unexpected EOF when a third-party security tool is interfering with Tailscale connections to the control server. Do you run any of the software listed in our third-party troubleshooting list? Netskope is a common security tool that causes this.

michaelmior commented 4 months ago

@agottardo The only one I'm aware of that is installed is Docker Desktop and I run into issues with Tailscale even when Docker is not running. I'll add that I'm now trying on a new 2023 MBP and this time it did let me log in but then I was quickly disconnected.

krsilas commented 3 months ago

I have the same issue on my Mac. I do not use any software on that list except Docker, but that one is turned off. I also don't seem to have any dns issues. I can reach the endpoint manually. My error log:

control: LoginInteractive -> regen=true
control: doLogin(regen=true, hasUrl=false)
control: Generating a new nodekey.
DefaultsSetting with key Tailnet has no value set, returning empty
control: RegisterReq: onode= node=[3f9jo] fup=false nks=false
control: sockstats: trace "ControlClientAuto" was overwritten by another
Received error: register request: Post "https://controlplane.tailscale.com/machine/register": unexpected EOF

I don't even know what that error is supposed to mean. What is DefaultsSetting and what should be the value?

agottardo commented 3 months ago

@krsilas are you able to send me a sysdiagnose from your Mac to andrea@tailscale.com? I would like to see what happens around the time you get that EOF.

The error means that something on your computer or your network is cutting the client communication with controlplane.tailscale.com. It most commonly happens when security tools detect our connection and close our socket, or your Internet provider is blocking access to Tailscale. If you are using a work computer managed by an IT department, it is possible you might have a security tool installed, or have an internet filter, but you simply don't know about it. If this is a personal computer and you're 100% sure no web filters are in place, then it's a different mystery.

If unable to provide a sysdiagnose, please check if other processes on your Mac are interfering with Tailscale around the time you get that unexpected EOF message.

The DefaultsSetting with key Tailnet has no value set, returning empty log line is spurious and you can safely ignore it. It is not an error. It is printed by our system policies infrastructure, and is informing you that the client couldn't find a policy set by a network administrator forcing your Tailscale setup onto a specific tailnet. That is the expected behaviour in this case, given that your Tailscale install is not being managed by an organization.

krsilas commented 3 months ago

Thanks for the detailed info. I tried to reset everything that could be related to the issue the last few days. From network settings to system configurations, reboot, updates,.... Now, while I was doing the system diagnosis, my network randomly rebooted and after reconnecting the login showed up 😝 Not sure what was wrong before.

→ Update: Stopped working again when I tried to reconnect after rebooting

timsuchanek commented 3 months ago

The same thing is happening to me. I'm on MacOS Sonoma 14.3.1. I do not have any firewall software or similar installed. When I press the login button, nothing happens.

When I run tailscale login in the cli on Mac, also nothing happens, it just let's me know:

Warning: client version "1.60.0-tf4e3ee53e" != tailscaled server version "1.60.0-tb36943c9b-g99e84774b"

agottardo commented 3 months ago

The same thing is happening to me.

I'm on MacOS Sonoma 14.3.1.

I do not have any firewall software or similar installed.

When I press the login button, nothing happens.

When I run tailscale login in the cli on Mac, also nothing happens, it just let's me know:
Warning: client version "1.60.0-tf4e3ee53e" != tailscaled server version "1.60.0-tb36943c9b-g99e84774b"

Can you provide more details about your setup? Are you using the App Store or Standalone version of the client? That sounds like you have two different instances of Tailscale on your Mac.

krsilas commented 1 month ago

For the record: My issue has been resolved by installing the standalone version (https://pkgs.tailscale.com/stable/#macos). The app store version seems to have an issue on my machine that I wasn't able to debug, despite help from Andrea and studying the system logs very intensively.

EdwardAngert commented 1 month ago

+1 to @krsilas and using the standalone.

I was having the same issue and ended up uninstalling the App Store Tailscale, then installing the cask via Homebrew. I'll put the step-by-step below.

My notes for anyone who ends up on this issue later:

Tailscale 1.66 App Store version
macOS Sonoma 14.4.1 / Macbook Pro with Intel chip
It was working, but the key expired
Nothing happens when I try to connect
Couldn't reauthenticate or even logout to log back in. Tried stopping the service and restarting.
Ran tailscale up --force-reauth but got the error failed to connect to local Tailscale service; is Tailscale running?
Uninstalled VirtualBox and still nothing.
- Not using any other VPN, virtualization, or Screen Time
- I do have a Pi-hole, but disabled it to test connection issues.
Got the CLI version working with sudo tailscaled then tailscale up --force-reauth in a new terminal window, but I want the GUI to work. (closed out of those processes)
Uninstalled (App store version of) Tailscale and reinstalled, but still stuck at login/no connection.
At this point, part of my issue might be multiple installations, but I don't know if it's the source.

(Re)Install Tailscale through a Homebrew cask

Quit and uninstall Tailscale.

If you tried installing it through Homebrew thinking that would work, run brew uninstall tailscale. If you want the GUI, you want the cask version.
Install the cask version:
```
brew install --cask tailscale
```
Open Tailscale and at the Allow System Extension prompt, select Install Now. It seems like nothing happens because macOS blocks it by default.
Unblock the system software. System Settings > Privacy & Security > Security > System software from application "Tailscale" was blocked from loading > Allow
Select Allow VPN Configuration, then Allow in the popup to confirm.
Select Sign in to your network and then sign in to your network.
Configure your settings

I think this is like the second option in Three ways to run Tailscale on macOS, but managed by Homebrew.

agottardo commented 1 month ago

Do any of you use Screen Time? We have observed that its web filter / time tracking tool seems to prevent the App Store distribution from working properly on some Macs.

EdwardAngert commented 4 weeks ago

Do any of you use Screen Time? We have observed that its web filter / time tracking tool seems to prevent the App Store distribution from working properly on some Macs.

I don't, and FWIW, I only encountered the issue after my key(s) expired. Tailscale was working fine before that

tailscale / tailscale