You will need ssh access to your USG.
I suggest running sudo su
so you're the root user throughout
- Download tailscale and put the files in /config/. Find the latest stable or unstable version for your USG's processor.
curl https://pkgs.tailscale.com/stable/tailscale_1.36.1_mips64.tgz | tar xvz -C /tmp
mv /tmp/tailscale_1.36.1_mips64 /config/tailscale
- Create the first boot and post config scripts
mkdir -p /config/scripts/firstboot.d
mkdir -p /config/scripts/post-config.d
cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscale/tailscale /usr/bin/tailscale
ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
sudo tailscaled > /dev/null 2>&1 &
disown
sudo tailscale up <your options here, eg. --ssh --accept-routes>
EOF
chmod +x /config/scripts/firstboot.d/tailscale.sh
cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh
- Run your script to start it up
bash /config/scripts/post-config.d/tailscale.sh
Get the latest stable or unstable version. NOTE: if you're connecting over your tailnet, this will abort your ssh connection.
sudo su #if you haven't already
url=https://pkgs.tailscale.com/stable/tailscale_1.37.1_mips64.tgz
curl $url | tar xvz -C /tmp # Download and unpack
location=`find /tmp -type d -iname "tailscale*" | head -n1` # get the location of the unpacked file
rm -Rf /config/tailscale-prev # remove previous version, if present
tailscale down --accept-risk=lose-ssh && \ # Take tailscale down
tsid=`pidof tailscaled` && \ # Find the pid of the tailscale daemon...
kill pid $tsid && \ # ... and kill it
mv /config/tailscale /config/tailscale-prev && \ # move the current version to the previous folder
mv $location /config/tailscale && \ # move the new version from /temp into the /config folder
bash /config/scripts/post-config.d/tailscale.sh # run the startup script to spin everything back up.
- Extending the work and conversation in this gist
- I'm also running NextDNS on my USG and I've not yet found a way to resolve the health check warning regarding Linux DNS.
Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight
- For tailscale config, I'm using my USG as a Subnet router