New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tailscale connection fails in both Docker container and new LXC container on Proxmox #1824
Comments
Update:In the meantime, I have also installed Headscale bare metal (in a Debian VM in Proxmox). I am experiencing the same issue here. I can connect my Mac and iPhone, but not Linux (via the tailscale up command or the Tailscale Docker container). |
Did you check this: |
We see this occasionally as well. Normally restarting the headscale instance a couple of times fixes it. This only happens after we update the routes of a subnet router, and only subnet routers are affected. Other clients can connect fine. (We are running the subnet routers in docker containers as well) The tailscale up command fails with no output, It just times out https://github.com/tailscale/tailscale/blob/ac574d875c7bf6ce16e744b47ce94b74622d550b/cmd/containerboot/main.go#L704 We're unable to find any relevant logs in headscale indicating an error. In fact, headscale logs that it authenticates the node correctly Our tailscale client containers are configured as such (using container config on GCP GCE)
|
I wonder if it's an issue of awkward timing where a machine is declared to be offline while it is trying to authenticate |
Some info on timing: At 2024-04-04 10:14:50.000 headscale reports "Machine successfully authorized" This auth + timeout behaviour loops indefinitely until we restart headscale a couple of times. So kind of interesting that headscale reports "machine successfully authorized" twice for each auth attempt Between that and the fact that this only happens to us intermittently, it feels like some kind of race condition |
I have the same problem as @adoolaard . Connection from Mac and iOS device is fine, connection from linux is fine on the server side:
However, the client side does not seem to get the callback/response, and therefore the login command hangs indefinitely. No idea why, any help would be appreciated. |
Bug description
I have successfully installed Headscale in a Docker container running on a Proxmox LXC container. I opened ports 80, 443, and 8080 in the Proxmox firewall, forwarding them to port 8080 on the Headscale container.
I can successfully connect to Headscale using the Tailscale apps on my iPhone and Macbook. However, I am unable to connect from:
A Tailscale Docker container running on the same LXC container as Headscale.
A new LXC container where I installed Tailscale with apt install tailscale and ran tailscale up --login-server https://headscale.mydomain.com:443.
When attempting to connect from these containers, nothing happens for 15 minutes before the command times out. I have tried with and without the --authkey option.
For the Docker container, I have some logs, but they are not helpful in understanding the issue. I have tried using both the stable version of Headscale and "v0.23.0-alpha5." My iPhone and Macbook connect successfully with both versions, but Linux and Docker connections fail.
Environment
What I have tried:
Opened the necessary ports in the Proxmox firewall.
Used both stable and alpha versions of Headscale.
Tried connecting with and without the --authkey option.
Checked the Docker container logs (limited information).
Docker Compose configuration:
Docker logs:
I have searched for similar issues in the existing tickets and documentation but could not find a solution. Any help would be greatly appreciated!
The text was updated successfully, but these errors were encountered: