windows: wgengine.NewUserspaceEngine: InterfaceFromIndexEx() - interface with specified LUID not found

[0x42424242]

Describe the bug After installing Tailscale as a fresh installation on Windows the product will not function. On reboot the error message "Tailscale service is not running. safesocket.Connect dial tcp 127.0.0.1:Port connectex: No connection could be made because the target actively refused it" is popped up.

Obviously this implies the service is somehow not running or accepting connections. Service menu says that the service is actually running. Mousing over the GUI shows "Tailscale: Windows service is not running". Bringing up the context menu also says "Please restart the tailscale service" as the top option.

Going into the services and restarting (and / or 'stopping' then 'starting') the Tailscale IPN has no visible effect on the GUI / function of Tailscale. Windows service status does indicate the service is stopping and starting again. No error messages appear during the start / stop of the service.

Restarting the computer results in the same state, along with the message box popup relating to the failed TCP dial in the first ~10 - 15 seconds of logging in.

To Reproduce Download latest installer from https://tailscale.com/kb/1029/install-files - In my case 0.99.0-0.

Install with no error messages or visible issues.

Attempt to login / connect / user Tailscale.

Expected behavior Tailscale is functional.

Screenshots https://i.imgur.com/lC002Pc.png https://i.imgur.com/GitnW61.png

Version information:

• Device: Desktop PC
• OS: Windows
• OS version: Windows 10 Pro - Version 2004 (OS Build 19041.330)
• Tailscale version: 0.99.0-0

Front conversations

[coreykeeling]

I got the same error on a Windows Server 2012 R2 installation. If you don't uninstall Tailscale then it seems to create endless network adapter. I had 200 before I uninstalled it.

[bradfitz]

Do you have any third party anti-virus or firewall products running by chance?

[coreykeeling]

We use Trend Micro with Windows Firewall.

[0x42424242]

In my configuration there is no other third party firewall / AV running. Just the obvious windows defender / firewall.

[sergeevabc]

Windows 7 x64, no third-party interventions, the same crash. @0x42424242, thanks for reporting this shit.

[nishaad78]

Seems like this stopped working since Windows 10, version 1703.

https://docs.microsoft.com/en-au/windows/deployment/planning/windows-10-removed-features They removed Interactive Service Detection Service which is required by the Tailscale IPN service.

I see this in my system event logs: The Tailscale IPN service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

[bradfitz]

Ah, I think what's happening is that we have a MessageBox call in our service in our fatal already-crashing case.

You're probably actually hittinghttps://github.com/tailscale/tailscale/issues/524 or similar and then when we go to do the MessageBox, we get killed.

I'll fix that to plumb the fatal error message to the UI system tray app instead. Then we can find what the actual bug you're hitting is.

[boonedoggle]

I see a similar issue with windows server 2019. If I run the Tailscale while logged in as user1 and then remote desktop into the windows computer as user1, everything seems to work fine. If user1 is running Tailscale on the windows server and user2 logs in to remote desktop, the Tailscale service crashes and the service says to "Please restart the Talescale Windows Service". If I monitor the task bar as it is crashing, I see it try to log out and back in a few times, then looks like the screenshot below:

[bradfitz]

0.100.0-17 is now available from https://pkgs.tailscale.com/unstable/tailscale-ipn-setup-0.100.0-17.exe ... could anybody try that? Ideally it should now show a message box with a useful error.

[nishaad78]

Don't see anything different with this new version, no errors or warnings in the system event logs too (the IPN service is not crashing).

[0x42424242]

@bradfitz I tried the new version. On installation I get the following error.

[bradfitz]

@0x42424242, I think you might have malware on your machine: https://www.file.net/process/helper.dll.html

[0x42424242]

@bradfitz thanks for the concern, but don't worry I can assure you I don't have malware on the system :)

So I decided to dig into this a little more myself. It appears tailwind is just using Wireguard-go implementation behind the scenes, specifically importing and using it here https://github.com/tailscale/tailscale/blob/6196b7e658a85892a16e9b3b269501ec7169fc6c/wgengine/userspace.go#L139. At this point it appears to be failing.

I'd say the bug actually resides upstream in the WG package itself.

Making that assumption, I went and downloaded the Wireguard windows binary which leverages the same back end, on the theory that it also must have the issue if the Wireguard-go library is at fault.

Attempting to create an interface there results in....

Which I'd argue is likely the same root cause.

I'll raise the issue on Wireguard-go, and I suspect anything that's fixed upstream will solve the issues in Tailscale as well.

Cheers.

[bradfitz]

@0x42424242, the error is from winipcfg. We use a fork: https://github.com/tailscale/winipcfg-go

Upstream has since moved and is now at: https://git.zx2c4.com/wireguard-windows/tree/tunnel/winipcfg

In particular: https://github.com/tailscale/winipcfg-go/blob/master/netsh.go and https://git.zx2c4.com/wireguard-windows/tree/tunnel/winipcfg/netsh.go

That looks very English-centric. It removes a bunch of English strings (that are likely actually localized) from the output and then validates that nothing is left over.

[bradfitz]

@0x42424242, what does netsh show helper and netsh interface show interface output for you?

[0x42424242]

@bradfitz Well.... that's..... interesting...

PS C:\Users\Redacted> netsh show helper                                    // Note: No DLL complaint because this is now post reg changes
Helper GUID                             DLL Filename  Command
--------------------------------------  ------------  -------
{02BC1F81-D927-4EC5-8CBC-8DD65E3E38E8}  AUTHFWCFG.DLL  advfirewall
{FB10CBCA-5430-46CE-B732-079B4E23BE24}  AUTHFWCFG.DLL    consec
{35342B49-83B4-4FCC-A90D-278533D5BEA2}  AUTHFWCFG.DLL    firewall
{4BD827F7-1E83-462D-B893-F33A80C5DE1D}  AUTHFWCFG.DLL    mainmode
{4D0FEFCB-8C3E-4CDE-B39B-325933727297}  AUTHFWCFG.DLL    monitor
{A31CB05A-1213-4F4E-B420-0EE908B896CB}  PEERDISTSH.DLL  branchcache
{555EA58E-72B1-4F0A-9055-779D0F5400B2}  PEERDISTSH.DLL    smb
{00770721-44EA-11D5-93BA-00B0D022DD1F}  HNETMON.DLL   bridge
{6DC31EC5-3583-4901-9E28-37C28113656A}  DHCPCMONITOR.DLL  dhcpclient
{8A6D23B3-0AF2-4101-BC6E-8114B325FE17}  NETIOHLP.DLL  dnsclient
{8B3A0D7F-1F30-4402-B753-C4B2C7607C97}  FWCFG.DLL     firewall
{44F3288B-DBFF-4B31-A86E-633F50D706B3}  NSHHTTP.DLL   http
{0705ECA1-7AAC-11D2-89DC-006008B0E5B9}  IFMON.DLL     interface
{1C151866-F35B-4780-8CD2-E1924E9F03E1}  NETIOHLP.DLL    6to4
{97C192DB-A774-43E6-BE78-1FABD795EEAB}  NETIOHLP.DLL    httpstunnel
{725588AC-7A11-4220-A121-C92C915E8B73}  NETIOHLP.DLL    ipv4
{500F32FD-7064-476B-8FD6-2171EA46428F}  NETIOHLP.DLL    ipv6
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D}  NETIOHLP.DLL      6to4
{90E1CBE1-01D9-4174-BB4D-EB97F3F6150D}  NETIOHLP.DLL      isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1}  NETIOHLP.DLL    isatap
{1C151866-F35B-4780-8CD2-E1924E9F03E1}  NETIOHLP.DLL    portproxy
{78197B47-2BEF-49CA-ACEB-D8816371BAA8}  NETIOHLP.DLL    tcp
{1C151866-F35B-4780-8CD2-E1924E9F03E1}  NETIOHLP.DLL    teredo
{D89E6430-9053-5211-187A-1C58D966C781}  NETIOHLP.DLL    udp
{F7E0BC27-BA6E-4145-A123-012F1922F3F1}  NSHIPSEC.DLL  ipsec
{F7E0BC29-BA6E-4145-A123-012F1922F3F1}  NSHIPSEC.DLL    dynamic
{F7E0BC28-BA6E-4145-A123-012F1922F3F1}  NSHIPSEC.DLL    static
{1D8240C7-48B9-47CC-9E40-4F7A0A390E71}  DOT3CFG.DLL   lan
{B572D5F3-E15B-4501-84F2-6626F762AFB1}  WWANCFG.DLL   mbn
{B341E8BA-13AA-4E08-8CF1-A6F2D8B0C229}  NETIOHLP.DLL  namespace
{931852E2-597D-40B9-B927-55FFC81A6104}  NETIOHLP.DLL  netio
{B7BE4347-E851-4EEC-BC65-B0C0E87B86E3}  P2PNETSH.DLL  p2p
{E35A9D1F-61E8-4CF5-A46C-0F715A9303B8}  P2PNETSH.DLL    group
{9AA625FC-7E31-4679-B5B5-DFC67A3510AB}  P2PNETSH.DLL      database
{FBFC037E-D455-4B8D-80A5-B379002DBCAD}  P2PNETSH.DLL    idmgr
{9E0D63D6-4644-476B-9DAC-D64F96E01376}  P2PNETSH.DLL    pnrp
{1DD4935A-E587-4D16-AE27-14E40385AB12}  P2PNETSH.DLL      cloud
{AD1D76C9-434B-48E0-9D2C-31FA93D9635A}  P2PNETSH.DLL      diagnostics
{6EC05238-F6A3-4801-967A-5C9D6F6CAC50}  P2PNETSH.DLL      peer
{0705ECA2-7AAC-11D2-89DC-006008B0E5B9}  RASMONTR.DLL  ras
{42E3CC21-098C-11D3-8C4D-00104BCA495B}  RASMONTR.DLL    aaaa
{90FE6CFC-B6A2-463B-AA12-25E615EC3C66}  RASMONTR.DLL    diagnostics
{13D12A78-D0FB-11D2-9B76-00104BCA495B}  RASMONTR.DLL    ip
{36B3EF76-94C1-460F-BD6F-DF0178D90EAC}  RASMONTR.DLL    ipv6
{592852F7-5F6F-470B-9097-C5D33B612975}  RPCNSH.DLL    rpc
{C07E293F-9531-4426-8E5C-D7EBBA50F693}  RPCNSH.DLL      filter
{D3E9D893-852F-4E22-B05D-99293065773D}  NETTRACE.DLL  trace
{C100BECD-D33A-4A4B-BF23-BBEF4663D017}  WCNNETSH.DLL  wcn
{3BB6DA1D-AC0C-4972-AC05-B22F49DEA9B6}  NSHWFP.DLL    wfp
{0BFDC146-56A3-4311-A7D5-7D9953F8326E}  WHHELPER.DLL  winhttp
{B2C0EEF4-CCE5-4F55-934E-ABF60F3DCF56}  WSHELPER.DLL  winsock
{D424E730-1DB7-4287-8C9B-0774F5AD0576}  WLANCFG.DLL   wlan

C:\Users\Redacted>netsh interface show interface
The following helper DLL cannot be loaded: .\HELPER.DLL.

Admin State    State          Type             Interface Name
-------------------------------------------------------------------------
Enabled        Disconnected   Dedicated        Ethernet
Enabled        Connected      Dedicated        WiFi
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Disabled       Disconnected   Dedicated        Censored VPN Endpoint
Enabled        Connected      Dedicated        VMware Network Adapter VMnet1
Enabled        Connected      Dedicated        VMware Network Adapter VMnet8
Enabled        Connected      Dedicated        vEthernet (NATSwitch)
Enabled        Connected      Dedicated        vEthernet (Default Switch)
Enabled        Connected      Dedicated        vEthernet (WSL)

So with this I procmon'd what's going on to see where "Helper.dll" was coming from and tried to dig into the mystery some more.

In my configuration, for whatever reason, the registry has the "Helper" value of HKLM\Software\Microsoft\NetSh set to ".\Helper.dll", which is where it's at least getting it's information from for attempting to load it.

I've removed that entry in registry to avoid getting something that may be classed as an error message thrown up in command output. I imagine this may trigger programs wrapping netsh to think there was an error (i.e. stderr != empty)? Now when attempting to activate an interface in Wireguard it does so successfully.

With regards to tailscale, now I get a different error message (yay for progress?)

---------------------------
Error
---------------------------
Tailscale backend error:

wgengine.NewUserspaceEngine: InterfaceFromIndexEx() - interface with specified LUID not found

logid: b36ab4af11b429576036ef3a9fbeb7ecb623e1e07d87d59608adc81891cf8a7b

---------------------------
OK   
---------------------------

Interested to hear your thoughts. Cheers.

Edit: I figured that if we're missing interfaces it's possible something was borked in the installation process given the previous history of errors so I did a re installation. That appears - at first glance - to have cleared things up. I'm not getting error messages right this second, but I also haven't used tailscale successfully before, so I'm just trying to sort out the whole logging in process etc to confirm it's actually working.

[bradfitz]

You missed the word "show" when running show helper above. Can I see that too?

[bradfitz]

Also, as admin I assume?

[0x42424242]

@bradfitz yep, sorry that this has been a ridiculous end user configuration issue, but it appears to be working now.

Hopefully at least it helps others who may be suffering from the same crash / scenario for whatever reason.

P.s. if you didn't notice I updated the above comment with the relevant info you wanted.

Thanks for everything.

[bradfitz]

I'm now focusing this bug only on the error:

wgengine.NewUserspaceEngine: InterfaceFromIndexEx() - interface with specified LUID not found

If others have different errors, feel free to file new bugs.

[archon810]

This is getting quite bad and happening on every reboot for me on Windows 10. I have to then restart the service as restarting the program doesn't work.

[hrchu]

+1 @ win10 1809 17763.1339

[bradfitz]

@archon810, you were running 0.100, per Twitter chat. Are you still seeing it with more recent versions?

[archon810]

@bradfitz Just updated to 1.0.4 on that machine, I'll let you know if it still complains.

It's getting harder and harder to keep all versions updated - have you given thought to an auto-update mechanism? It'd make it much easier on managing all the instances. We have it with Android and Linux already at least, but would be good with Windows too.

[bradfitz]

Yeah, we have an internal bug about it. I suppose I could make a public version.

I've been discussing it publicly a bit on Twitter: https://twitter.com/bradfitz/status/1289300026200481792

[bradfitz]

@archon810, done. Filed #755.

[bradfitz]

@jucor, when I looked at your logs about this, I saw:

link state: &{InterfaceIPs:map[Loopback Pseudo-Interface 1:[::1 127.0.0.1]] InterfaceUp:map[Loopback Pseudo-Interface 1:true] HaveV6Global:false HaveV4:false IsExpensive:false DefaultRouteInterface:TODO HTTPProxy:}

It seems like you don't have any Internet connection that's up.

Were you on wifi with wifi off or out of range? Or ethernet unplugged?

That's a pretty good clue, though. I'll try to reproduce.

[jucor]

@bradfitz Thanks for checking the logs! I was browsing the web and emailing you at the same time, from the same laptop, so I think I did have Internet access -- although to be fair, at other times I am indeed offline. Tonight suddenly Tailscale works again. I'm super puzzled.

[bradfitz]

I've figured out how to reproduce this!

I haven't looked into what the bug is, but reproducing it locally is usually 95% of the work.

To reproduce: right click the Tailscale network adapter, uncheck all the boxes (which is probably overkill, but works), save, then try to start Tailscale (or in my case, my tswin wrapper)

/cc @alexbrainman

[bradfitz]

The minimum to make it start up is just IPv4:

But if I remove it, it's damn hard to get it back, as the adapter keeps getting removed & re-added in a loop. Seems you have to kill the service at just the right time so the icon exists to right click and re-enable IPv4.

We should programmatically enable IPv4 if it's not on.

But I can't imagine so people are intentionally disabling IPv4, so either something else is, or this is just an unrelated way to repro the same issue.

[danderson]

That definitely tracks with what I saw when IPv6 is disabled at the OS layer: requesting the AF_INET6 IpInterface from the parent interface object would fail with that error.

Is this another race condition? Does the adapter come up with no protocols, then it takes a bit longer for the protocols to come up and be available by API?

[archon810]

@bradfitz For me, it was happening when the computer with only Wi-Fi was just booting and Wi-Fi was not connected yet when Tailscale was starting. A similar condition to what you described perhaps?

[jucor]

That would make sense here too: my WiFi is quite long to connect after booting, Tailscale might be starting before WiFi has had time to connect.

[jucor]

Oh, and it might explain why it was working tonight: I booted my laptop tonight with a wired ethernet adapter already plugged in, which might come up faster than WiFi...

[bradfitz]

Thanks, everybody. Sounds like we're getting somewhere.

It seems like we're passing a zero flags value (not including GAA_FLAG_INCLUDE_ALL_INTERFACES, etc) to GetAdaptersAddresses.

If the GAA_FLAG_INCLUDE_ALL_INTERFACES is set, then all NDIS adapters will be retrieved even those addresses associated with adapters not bound to an address family specified in the Family parameter. When this flag is not set, then only the addresses that are bound to an adapter enabled for the address family specified in the Family parameter are returned.

I'll first try to come up with a more realistic repro & test for this, then try different flags.

[alexbrainman]

To reproduce: right click the Tailscale network adapter, uncheck all the boxes (which is probably overkill, but works), save, then try to start Tailscale (or in my case, my tswin wrapper)

I tried it few times and everything works.

But I managed to reproduce this once. I start with

I untick all the boxes and click OK.

Then I start tswin. And I can see processes started by tswin creating bunch of log files

One of the log files has this inside:

(logID "f1c51c720381f4a4138b878af22a47ef0febb925b50412dce2b57c42c5aaa514")
2020-09-19T07:21:14.145+10:00: 0.9M/0.0M Starting userspace wireguard engine with tun device "Tailscale"
2020-09-19T07:21:14.540+10:00: 1.2M/0.0M CreateTUN ok.
2020-09-19T07:21:14.566+10:00: 1.4M/0.0M link state: &{InterfaceIPs:map[Ethernet:[fe80::e45c:92b8:314:cb74 192.168.1.15] Ethernet 2:[fe80::654b:c710:bd77:b05a 169.254.176.90] Ethernet 3:[fe80::2536:ee1f:92d5:205d 192.168.56.1] Loopback Pseudo-Interface 1:[::1 127.0.0.1]] InterfaceUp:map[Ethernet:true Ethernet 2:false Ethernet 3:true Loopback Pseudo-Interface 1:true] HaveV6Global:false HaveV4:true IsExpensive:false DefaultRouteInterface:TODO HTTPProxy:}
2020-09-19T07:21:14.568+10:00: 1.7M/0.0M Routine: event worker - started
2020-09-19T07:21:14.571+10:00: 1.7M/0.0M router: dns: using dns.windowsManager
2020-09-19T07:21:14.571+10:00: 1.9M/0.0M UDP bind has been updated

Alex

[alexbrainman]

I also noticed that sometimes when I start my computer, the tailscale service is not running, and tailscale GUI has the error up about service not running. But there is no log file anywhere. There is nothing in Event Viewer and Tailscale service is listed as "not started" in Services program. But is listed as "to start automatically" so it should be started.

I attributed this to the fact that perhaps my Tailscale installation is broken, because I debug. But maybe it is related to this bug too somehow. My biggest concern is that service fails and we don't have any log of why it failed - not in a file log, not in Event viewer.

Alex

[alexbrainman]

I just restarted my computer with Tailscale adapter still set to

After reboot Tailscale service is running

But GUI complains

(Do not worry about error message looks strange. I was fiddling with it).

My log files keeping appearing every few 10th of seconds or so.

Contents one of the log files:

(logID "52c8912f7279e1f1760eb19e3cfed8c4b4ad3df73600440959e00c5f9ac73af6")
2020-09-19T07:45:23.536+10:00: 0.9M/0.0M Starting userspace wireguard engine with tun device "Tailscale"
2020-09-19T07:45:23.994+10:00: 1.2M/0.0M CreateTUN ok.
2020-09-19T07:45:24.047+10:00: 1.4M/0.0M link state: &{InterfaceIPs:map[Ethernet:[fe80::e45c:92b8:314:cb74 192.168.1.15] Ethernet 2:[fe80::654b:c710:bd77:b05a 169.254.176.90] Ethernet 3:[fe80::2536:ee1f:92d5:205d 192.168.56.1] Loopback Pseudo-Interface 1:[::1 127.0.0.1]] InterfaceUp:map[Ethernet:true Ethernet 2:false Ethernet 3:true Loopback Pseudo-Interface 1:true] HaveV6Global:false HaveV4:true IsExpensive:false DefaultRouteInterface:TODO HTTPProxy:}
2020-09-19T07:45:24.048+10:00: 1.7M/0.0M Routine: event worker - started
2020-09-19T07:45:24.052+10:00: 1.7M/0.0M router: dns: using dns.windowsManager
2020-09-19T07:45:24.052+10:00: 1.9M/0.0M UDP bind has been updated

But I can ping 101.102.103.104

Alex

[alexbrainman]

I decided to tick all Tailscale adapter boxes back on (without reboot or anything)

And my logs files suddenly stop reappearing (see new large log of 14K at the top)

And GUI looks good now. I cannot make image of GUI green icon, but it is green.

So it looks like it recovered.

Alex

[alexbrainman]

But, given that I could ping 101.102.103.104, maybe I did not have any problem in the first place.

GUI lost connection to the service.

And service was recreating log files every 20 seconds or so.

But, perhaps, wireguard was working fine at the time, regardless of boxes on the adapter.

Alex

[alexbrainman]

Just rebooted my computer again (my Tailscale adapter still have all ticks on), and everything looks good after reboot (GUI and the service and pings).

So I am not sure what I learned by unticking Tailscale adapter boxes.

Alex

[alexbrainman]

Another experiment.

While Tailscale is running, I unticked all Tailscale adapter boxes again

But Tailscale service anf GUI are running fine like nothing happened. Single current service log file continues to grow when I ping 101.102.103.104.

So it looks like ticks only affects Tailscale service when it starts. Once it is started, it does not care.

Alex

[alexbrainman]

Another experiment.

I pulled my Ethernet cable out.

My current log suddenly grows with

2020-09-19T08:12:20.278+10:00: 5.6M/0.0M control: mapRoutine: backoff: 11 msec
2020-09-19T08:12:20.289+10:00: 5.6M/0.0M control: mapRoutine: state:authenticated
2020-09-19T08:12:20.289+10:00: 5.6M/0.0M control: PollNetMap: stream=-1 :0 [192.168.56.1:57523]
2020-09-19T08:12:20.310+10:00: 5.6M/0.0M control: PollNetMap: Post "https://login.tailscale.com/machine/866bc99ce9c21f535f0b17c2ba7037a48165d1a1a7b2b61317af0c209b767e14/map": dial tcp: lookup login.tailscale.com: no such host
2020-09-19T08:12:20.310+10:00: 5.6M/0.0M control: sendStatus: mapRoutine1: state:authenticated
2020-09-19T08:12:20.310+10:00: 5.6M/0.0M Received error: PollNetMap: Post "https://login.tailscale.com/machine/866bc99ce9c21f535f0b17c2ba7037a48165d1a1a7b2b61317af0c209b767e14/map": dial tcp: lookup login.tailscale.com: no such host
2020-09-19T08:12:20.310+10:00: 5.6M/0.0M control: mapRoutine: backoff: 26 msec
2020-09-19T08:12:20.337+10:00: 5.6M/0.0M control: mapRoutine: state:authenticated
2020-09-19T08:12:20.337+10:00: 5.6M/0.0M control: PollNetMap: stream=-1 :0 [192.168.56.1:57523]
2020-09-19T08:12:20.348+10:00: 5.6M/0.0M control: PollNetMap: Post "https://login.tailscale.com/machine/866bc99ce9c21f535f0b17c2ba7037a48165d1a1a7b2b61317af0c209b767e14/map": dial tcp: lookup login.tailscale.com: no such host
2020-09-19T08:12:20.349+10:00: 5.6M/0.0M control: sendStatus: mapRoutine1: state:authenticated
2020-09-19T08:12:20.349+10:00: 5.6M/0.0M Received error: PollNetMap: Post "https://login.tailscale.com/machine/866bc99ce9c21f535f0b17c2ba7037a48165d1a1a7b2b61317af0c209b767e14/map": dial tcp: lookup login.tailscale.com: no such host
2020-09-19T08:12:20.349+10:00: 5.6M/0.0M control: mapRoutine: backoff: 104 msec
2020-09-19T08:12:20.412+10:00: 5.6M/0.0M derphttp.Client.Recv: connecting to derp-5 (syd)
2020-09-19T08:12:20.422+10:00: 5.6M/0.0M magicsock: [0xc0003fa000] derp.Recv(derp-5): derphttp.Client.Recv connect to region 5 (syd): dial tcp6 [2001:19f0:5801:10b7:5400:2ff:feaa:284c]:443: connectex: A socket operation was attempted to a
``

And pings stopped working.

And then I put cable back in.

My current log continues on with usual

2020-09-19T08:15:36.246+10:00: 6.5M/0.0M magicsock: starting endpoint update (periodic) 2020-09-19T08:15:36.407+10:00: 6.7M/0.0M netcheck: probePortMapServices: me 192.168.56.1 -> gw 192.168.1.1 2020-09-19T08:15:36.508+10:00: 6.7M/0.0M netcheck: udp=true v6=false mapvarydest=false hair=false portmap=U v4a=49.193.106.204:49938 derp=5 derpdist=2v4:183ms,5v4:25ms,6v4:155ms 2020-09-19T08:15:37.715+10:00: 6.8M/0.0M Accept: UDP{100.104.15.96:5353 > 224.0.0.251:5353} 56 ok out 2020-09-19T08:15:37.716+10:00: 6.8M/0.0M Accept: UDP{100.104.15.96:5353 > 224.0.0.251:5353} 56 ok out 2020-09-19T08:15:37.716+10:00: 6.8M/0.0M Accept: UDP{100.104.15.96:63197 > 224.0.0.252:5355} 50 ok out

And ping is working again.

GUI did not throw panics during this ordeal.

So all works well as far as I can tell.

Alex

[alexbrainman]

So the only bad things I see here is that GUI complains about connection to the service when service is started while all Tailscale adapter boxes are unticked.

We can fix that. But I don't see this important, because it is unusual scenario, and everything else (service and pings) still work.

Alex

[alexbrainman]

I just started my computer, and I can see what I described in https://github.com/tailscale/tailscale/issues/474#issuecomment-695096539

I get this error message from the GUI

And service is not running

I also used Process Explorer to look for process with tailscale in its name. Only Tailscale GUI is present

Tailscale adapter looks like this

There is not a single new log file either at

C:\Windows\System32\config\systemprofile\AppData\Local\Tailscale\Logs

or at

C:\Users\Alex\AppData\Local\Tailscale\Logs

But I can ping 101.102.103.104, and I can go to https://hello.ipn.dev/

I don't see Tailscale network address configured on my network

C:\Users\Alex>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Unknown adapter Tailscale:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::2536:ee1f:92d5:205d%6
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::e45c:92b8:314:cb74%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.15
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

C:\Users\Alex>tracerout 192.168.56.1
'tracerout' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\Alex>

My tracert goes somewhere nowhere.

C:\Users\Alex>tracert -d 101.102.103.104

Tracing route to 101.102.103.104 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2     1 ms    <1 ms    <1 ms  192.168.0.1
  3    12 ms    12 ms    15 ms  49.193.0.1
  4     *        *        *     Request timed out.
  5     *     ^C
C:\Users\Alex>

I am not sure how pings work, if tailscale service is not running. Perhaps I don't need the service, perhaps I only need wintun driver.

I am also concerned that there is no log file. Even, if service fails it should create log file.

Alex

[bradfitz]

hello.ipn.dev is 100.101.102.103 (in the CGNAT range), not 101.102.103.104 (which you pinged+tracerouted above, which is a regular IP address that's in use by AS131621, Taiwan Network Information Center).

Note that the log file support on Windows is still incomplete. It doesn't log panics.

And we never write to the Windows Event Viewer (ourselves, at least).

[alexbrainman]

hello.ipn.dev is 100.101.102.103 (in the CGNAT range), not 101.102.103.104

Or good. That explains one problem :-). I cannot ping 100.101.102.103

C:\Users\Alex>ping 100.101.102.103

Pinging 100.101.102.103 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 100.101.102.103:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Alex>

Should I be able to see this website

https://hello.ipn.dev/

?

Alex

[bradfitz]

If you can load the website but can't ping it, I suspect the firewall rules are still messed up on Windows and it's blocking ICMP. Is the "Tailscale-In" firewall rule not being added?

Try "tailscale ping" instead to debug.

[alexbrainman]

Is the "Tailscale-In" firewall rule not being added?

How do I check that?

Try "tailscale ping" instead to debug.

C:\Users\Alex>tailscale ping 100.101.102.103
Failed to connect to connect to tailscaled. (safesocket.Connect: dial tcp 127.0.0.1:41112: connectex: No connection could be made because the target machine actively refused it.)

Alex

[jucor]

Just rebooted today, with the wired ethernet adapter plugged in, yet Tailscale is back to the not-looged-in and does-nothing-when-clicking-log-in state :'( Not even an error message at boot.

ipconfig returns:

Unknown adapter Tailscale:

   Connection-specific DNS Suffix  . : cornebise.com
   Link-local IPv6 Address . . . . . : fe80::99d0:ec2d:b2e7:536b%18
   Autoconfiguration IPv4 Address. . : 169.254.83.107
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

@bradfitz I've just emailed you the latest log to support@, in case it helps.