Skip to content

Instantly share code, notes, and snippets.

@jcgillespie
Last active October 31, 2024 12:05
Show Gist options
  • Save jcgillespie/84ecbc7c3a5c41388f64e8b6dc2cc182 to your computer and use it in GitHub Desktop.
Save jcgillespie/84ecbc7c3a5c41388f64e8b6dc2cc182 to your computer and use it in GitHub Desktop.
Running Tailscale on Ubiquiti USG

You will need ssh access to your USG. I suggest running sudo su so you're the root user throughout

Installation

  1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your USG's processor.
curl https://pkgs.tailscale.com/stable/tailscale_1.36.1_mips64.tgz | tar xvz -C /tmp
mv /tmp/tailscale_1.36.1_mips64 /config/tailscale
  1. Create the first boot and post config scripts
mkdir -p /config/scripts/firstboot.d
mkdir -p /config/scripts/post-config.d
cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscale/tailscale /usr/bin/tailscale
ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
sudo tailscaled > /dev/null 2>&1 &
disown
sudo tailscale up <your options here, eg. --ssh --accept-routes>
EOF
chmod +x /config/scripts/firstboot.d/tailscale.sh
cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh
  1. Run your script to start it up
bash /config/scripts/post-config.d/tailscale.sh

Upgrading

Get the latest stable or unstable version. NOTE: if you're connecting over your tailnet, this will abort your ssh connection.

sudo su #if you haven't already

url=https://pkgs.tailscale.com/stable/tailscale_1.37.1_mips64.tgz
curl $url | tar xvz -C /tmp                                   # Download and unpack
location=`find /tmp -type d -iname "tailscale*" | head -n1`   # get the location of the unpacked file
rm -Rf /config/tailscale-prev                                 # remove previous version, if present

tailscale down --accept-risk=lose-ssh && \                    # Take tailscale down
  tsid=`pidof tailscaled` && \                                # Find the pid of the tailscale daemon...
  kill pid $tsid && \                                         # ... and kill it
  mv /config/tailscale /config/tailscale-prev  && \           # move the current version to the previous folder
  mv $location /config/tailscale && \                         # move the new version from /temp into the /config folder
  bash /config/scripts/post-config.d/tailscale.sh             # run the startup script to spin everything back up.

Notes

  1. Extending the work and conversation in this gist
  2. I'm also running NextDNS on my USG and I've not yet found a way to resolve the health check warning regarding Linux DNS. Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight
  3. For tailscale config, I'm using my USG as a Subnet router
@jcgillespie
Copy link
Author

update to 1.60.0 please

@deonthomasgy I think it should work if you update the version numbers in the script, but my USG died and I replaced it with a dream machine, so I don't have a mechanism to test this.

@phillf
Copy link

phillf commented Apr 12, 2024

update to 1.60.0 please

@deonthomasgy I think it should work if you update the version numbers in the script, but my USG died and I replaced it with a dream machine, so I don't have a mechanism to test this.

I can verify this works with USG still.

@phillf
Copy link

phillf commented May 12, 2024

Successful upgrade to 1.66.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment