Ricky Kresslein

Tailscale on TrueNAS SCALE

2023-06-21

This guide does not use TrueCharts. We are going to use the brand new, built-in Tailscale application from TrueNAS Charts.It's easy to set up, as soon as you understand what it needs.

First, open the web interface for TrueNAS SCALE. Go to Network and next to Global Configuration click Settings. In that window, make sure Nameserver 1 and IPv4 Default Gateway are set to your router's default gateway (in my case it was 192.168.0.1).

Next, go to Apps, click Settings -> Advanced Settings and make sure the Route v4 Interface is set to your main ethernet card and the Route v4 Gateway is set to the same default gateway you used in the last step. Then, uncheck Enable Host Path Safety Checks and click Save.

Now, click the Available Applications tab and find Tailscale, then click its Install button.

You'll need an Auth Key for this, so if you don't already have one, go to Tailscale.com and log in. In the admin console, go to Settings and click on Keys in the left column. Click Generate auth key... > Generate key and make sure you copy your key because you won't be able to see it again.

Go back to TrueNAS and paste the key you just generated into the Auth Key box. The Hostname can be whatever you want (I left it at the default).

This is the part where I kept getting stuck. Click Add next to Advertise Routes and in the Route box type the network IP address you use to access the TrueNAS SCALE. To be more clear, look up in the address bar in your browser and type the IP address you see there. Then, and this is important, append /32 to the end. For example, mine reads 192.168.0.105/32.

The next three checkboxes are optional, so read about them to see if you want them or not. They are not necessary to get Tailscale working. I have only Userspace checked.

The only other thing you need to do is scroll down and check the box next to Host Network. That's it for this part, so click Save and wait for the container to become "Active".

If the container fails to deploy, there is an issue with the configuration, most likely the Route, and you will need to edit it.

Now, go back to your Tailscale admin console (the one at Tailscale.com), and check if "truenas-scale", or whatever you chose as a Hostname, is listed there. If so, great! You're almost done.

There should be a little blue icon under that machine that says Subnets. That's due to the Route you set up for Tailscale. To activate it, click the three dots to the far right of that machine's listing () and choose Edit route settings.... In the window that pops up, switch on the switch next to the IP you added as a route. Click the X to close that box.

Now, click the IP address listed next to your Tailscale machine and then click the copy button to copy it to the clipboard. With that copied, paste it into the address bar of your browser (preferably in a new tab) and hit enter. It should take you to your TrueNAS SCALE dashboard. If it does, congratulations! Tailscale is set up. There is only thing left to test, and that is that apps work. This is where I was stuck for a while

If you type in the machine's Tailscale IP address, a colon, and the port of the app you want to go to (i.e. 100.XX.XX.XX:30031) it won't work. What you actually need to do is go to the LAN's IP plus the port (i.e. 192.168.0.105:30031). This may seem weird because that should only be accessible while you are on the LAN, but what the subnet Route that you set up did is route all traffic to that 192.168.0.105 IP (again, just the example) through Tailscale.

Since you can't really test if this worked while connected to your network, take out your phone and turn off the WiFi. Then, while using only data, go to your machine's LAN IP and include the port of the app you want to see and it should come right up.