Closed ovizii closed 5 months ago
lmagyar
commented
7 months ago Do you try to access your printer in network A from a general non-tailscale machine in network B? That is site-to-site networking, see: https://tailscale.com/kb/1214/site-to-site
tsujamin
commented
7 months ago Yeah sorry I don't have much to add, you might be better off asking on Reddit or similar.
For the most part, I would only encourage using userspacenetworking and using the addon to connect to HA or resources directly connected to the same network as your HA box. This is because a lot of people had issues before i default-enabled usespace networking with how Tailscale's ip forwarding/NAT rules would interfere with docker/home assistant.
Sorry I can't be of more help! Will leave open in case anyone else wants to discuss
ovizii
commented
7 months ago Sorry I can't be of more help! Will leave open in case anyone else wants to discuss
Don't worry, this was pretty much a shot in the dark, hoping someone using this add-on might have encountered a similar situation.
It's just weird that enabling userspace_networking, breaks my first working setup but is needed to make the second scenario work. For now, I'll attribute it to the inner workings of HA, I don't know much about how it works and how exactly add-ons interact, being inside containers and all that.
ovizii
commented
7 months ago Do you try to access your printer in network A from a general non-tailscale machine in network B? That is site-to-site networking, see: https://tailscale.com/kb/1214/site-to-site
Thanks a million! I wasn't aware of that page, I felt like I had read all their docs a few times already, but this one is new to me. It could be the solution, except I am not sure if it can be done with TS being run as a HA add-on seeing that it requires editing /etc/sysctl.conf and editing iptables :-(
To answer your question, I tried to access the printer from a Win 11 desktop PC running tailscale and set to “use TS subnets” so it should work.
If you have any other ideas, why those two scenarios above seem to be either/or I'd appreciate any pointer.
I wasn't sure whether to try my luck on the HA community or on the TS community :-)
lmagyar
commented
7 months ago Enabling userspace networking breaks your first setup, because you lose the tailscale0 interface on your HA device/host, and you (ie. any container) can't make outgoing traffic to the tailnet or any node inside network B, because the HA container is not part of the tailnet, only the Tailscale add-on's container is part of it, so the HA container do not have access to 100.x.x.x addresses to initiate traffic to network B, only when there is a tailscale0 interface on the host (ie. userspace networking is disabled), and that interface can be accessed by any container.
Your second setup should work. It seems to me a plain network config issue. You should analyse the traffic, maybe your network A router has some issues (some remotely similar unresolved issue: https://github.com/lmagyar/homeassistant-addon-tailscale/issues/104)
Notes on Site-to-site networking:
ovizii
commented
6 months ago Wow, thanks for all the enlightenment! I will test again after work and double check everything. The only thing I can say right now is that I use this add-on right here and not the one you linked. That said, I'm wondering how you found this thread, but I'm glad you did. :-)
lmagyar
commented
6 months ago I subscribed for the repo a few years ago when I evaluated the Tailscale solutions for HA.
General setup I have 2 distinct networks A and B, which are only connected each other via tailscale machines.
Working setup description In network A, I am running HA on an RPI 3b+. The main reason for this was so that the HA add-on: “Samba Backup” could connect to an SMB share on a different machine in network B only reachable because that machine advertises a route to the SMB share and your add-on is configured with “accept_routes”
Non-working setup description On top of that, I tried to add access my printer's interface on HTTP/HTTPS, which is in network A (where the RPI with HA is), by having your add-on advertise the route to the printer. I tried this from network B, and it only works if I enable “userspace_networking” in your add-on. However, if I enable “userspace_networking” the above working access to the samba share stops working.
I'm just trying my luck here, feel free to close if nobody replies. (I would have rather posted this in discussions rather as a feature request, but discussions seem to be disabled in this repo)