Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save phillf/154b5d32f6c51cf91ebc24214850c2a5 to your computer and use it in GitHub Desktop.
Save phillf/154b5d32f6c51cf91ebc24214850c2a5 to your computer and use it in GitHub Desktop.
Running Tailscale on Ubiquiti USG

You will need ssh access to your USG. I suggest running sudo su so you're the root user throughout

Installation

  1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your USG's processor.
curl https://pkgs.tailscale.com/stable/tailscale_1.36.1_mips64.tgz | tar xvz -C /tmp
mv /tmp/tailscale_1.36.1_mips64 /config/tailscale
  1. Create the first boot and post config scripts
mkdir -p /config/scripts/firstboot.d
mkdir -p /config/scripts/post-config.d
cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscale/tailscale /usr/bin/tailscale
ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
sudo tailscaled > /dev/null 2>&1 &
disown
sudo tailscale up <your options here, eg. --ssh --accept-routes>
EOF
chmod +x /config/scripts/firstboot.d/tailscale.sh
cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh
  1. Run your script to start it up
bash /config/scripts/post-config.d/tailscale.sh

Upgrading

Get the latest stable or unstable version. NOTE: if you're connecting over your tailnet, this will abort your ssh connection.

sudo su #if you haven't already

url=https://pkgs.tailscale.com/stable/tailscale_1.37.1_mips64.tgz
curl $url | tar xvz -C /tmp                                   # Download and unpack
location=`find /tmp -type d -iname "tailscale*" | head -n1`   # get the location of the unpacked file
rm -Rf /config/tailscale-prev                                 # remove previous version, if present

tailscale down --accept-risk=lose-ssh && \                    # Take tailscale down
  tsid=`pidof tailscaled` && \                                # Find the pid of the tailscale daemon...
  kill pid $tsid && \                                         # ... and kill it
  mv /config/tailscale /config/tailscale-prev  && \           # move the current version to the previous folder
  mv $location /config/tailscale && \                         # move the new version from /temp into the /config folder
  bash /config/scripts/post-config.d/tailscale.sh             # run the startup script to spin everything back up.

Notes

  1. Extending the work and conversation in this gist
  2. I'm also running NextDNS on my USG and I've not yet found a way to resolve the health check warning regarding Linux DNS. Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight
  3. For tailscale config, I'm using my USG as a Subnet router
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment