{"id":13552138,"url":"https://github.com/jamesog/tailscale-edgeos","last_synced_at":"2025-04-06T03:07:34.661Z","repository":{"id":44158397,"uuid":"350079350","full_name":"jamesog/tailscale-edgeos","owner":"jamesog","description":"Running Tailscale on Ubiquiti EdgeOS","archived":false,"fork":false,"pushed_at":"2024-02-14T20:32:36.000Z","size":15,"stargazers_count":345,"open_issues_count":1,"forks_count":30,"subscribers_count":13,"default_branch":"main","last_synced_at":"2025-03-30T01:13:23.025Z","etag":null,"topics":["edgeos","edgerouter","tailscale","ubiquiti","ubnt"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jamesog.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-03-21T18:06:36.000Z","updated_at":"2025-03-18T19:10:24.000Z","dependencies_parsed_at":"2024-01-16T18:57:53.014Z","dependency_job_id":"36c5c774-5098-42d2-811b-694fe6187326","html_url":"https://github.com/jamesog/tailscale-edgeos","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesog%2Ftailscale-edgeos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesog%2Ftailscale-edgeos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesog%2Ftailscale-edgeos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jamesog%2Ftailscale-edgeos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jamesog","download_url":"https://codeload.github.com/jamesog/tailscale-edgeos/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247427006,"owners_count":20937201,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["edgeos","edgerouter","tailscale","ubiquiti","ubnt"],"created_at":"2024-08-01T12:01:59.475Z","updated_at":"2025-04-06T03:07:34.641Z","avatar_url":"https://github.com/jamesog.png","language":"Shell","funding_links":[],"categories":["Shell","VPN \u0026 WireGuard"],"sub_categories":["Other Platforms"],"readme":"# Tailscale on EdgeOS\n\nThis is a short guide for getting [Tailscale](https://tailscale.com/) running on the Ubiquiti EdgeRouter platform. EdgeOS 2.0+ is required to make use of the systemd unit file shipped by Tailscale.\n\nThis was originally inspired by [lg](https://github.com/lg)'s [gist](https://gist.github.com/lg/6f80593bd55ca9c9cf886da169a972c3) and [joeshaw](https://github.com/joeshaw)'s [suggestion](https://gist.github.com/lg/6f80593bd55ca9c9cf886da169a972c3#gistcomment-3578594) of putting everything under `/config/tailscale` rather than directly in `/config`, however this guide uses Tailscale's Debian package repository instead of downloading the tarball and manually managing the files.\n\n## Installing Tailscale\n\n1. Configure the Tailscale apt repository\n\n    ```\n    configure\n    set system package repository tailscale url '[signed-by=/usr/share/keyrings/tailscale-stretch-stable.gpg] https://pkgs.tailscale.com/stable/debian'\n    set system package repository tailscale distribution stretch\n    set system package repository tailscale components main\n    commit comment \"Add Tailscale repository\"\n    save; exit\n    ```\n\n2. Create required directories and download and run firstboot script\n\n    Scripts in the `firstboot.d` directory are run after firmware upgrades.\n    This script ensures that the Tailscale daemon's state is symlinked to\n    `/config` so it persists across firmware upgrades (otherwise you'll have to\n    set up as a new device on every upgrade) and installs a `post-config.d`\n    script to ensure Tailscale is installed after each boot.\n\n    The `post-config.d` script also copies the Debian package to\n    `/config/data/firstboot/install-packages` so the package can be installed\n    during `firstboot` after a firmware upgrade to ensure the package gets\n    installed and doesn't require downloading it again. This also means the\n    same version will be consistently installed.\n\n    ```sh\n    sudo bash\n    mkdir -p /config/scripts/firstboot.d\n    curl -o /config/scripts/firstboot.d/tailscale.sh https://raw.githubusercontent.com/jamesog/tailscale-edgeos/main/firstboot.d/tailscale.sh\n    chmod 755 /config/scripts/firstboot.d/tailscale.sh\n    /config/scripts/firstboot.d/tailscale.sh\n    /config/scripts/post-config.d/tailscale.sh\n    ```\n\n3. Log in to Tailscale\n\n    The example below enables subnet routing for one subnet, enables use as an exit node (Tailscale 1.6+), and uses a one-off pre-auth key, which can be generated at https://login.tailscale.com/admin/authkeys\n\n    :warning: Remember to change `192.0.2.0/24` with the subnet(s) you *actually want to expose* to the tailnet.\n\n    ```sh\n    tailscale up --advertise-routes 192.0.2.0/24 --advertise-exit-node --authkey tskey-XXX\n    ```\n\n4. (Optional) If you want `sshd` to explicitly listen on the Tailscale address instead of all addresses:\n\n    1. Fetch the override unit\n\n        ```sh\n        curl -o /config/tailscale/systemd/tailscaled.service.d/before-ssh.conf https://raw.githubusercontent.com/jamesog/tailscale-edgeos/main/systemd/tailscaled.service.d/before-ssh.conf\n        systemctl daemon-reload\n        ```\n\n    2. Exit the shell, enter configure mode and set the listen-address\n\n        If you don't currently have any listen-address directives, make sure you add any other addresses you want to access the router by, such as a private network IP.\n\n        The Tailscale IP can be found in the admin console, or using `tailscale ip`.\n\n        ```\n        exit\n        configure\n        set service ssh listen-address \u003cTailscale IP\u003e\n        commit comment \"sshd listen on Tailscale IP\"\n        ```\n\n\n## Firmware Upgrades\n\nAfter an EdgeOS upgrade third-party packages are no longer installed, but the\n`firstboot` script described above ensures Tailscale gets reinstalled.\n\nNote that it will install the Tailscale version from the first time the\n`post-config.d` script ran. If you had upgraded Tailscale since you will need\nto re-upgrade it.\n\n## Upgrading Tailscale\n\nUpgrading is straightforward as the package manager will do everything for you.\n\n**Note:** DO NOT USE `apt-get upgrade`. This is not supported on EdgeOS and may\nresult in a broken system.\n\n```\nsudo apt-get update\nsudo apt-get install tailscale\n```\n\nIf you want to install a specific version of Tailscale use:\n\n```\nsudo apt-get install tailscale=X.Y.Z\n```\n\nWhere `X.Y.Z` is the version you want. This also works for downgrading.\n\nIf you consider this version to be \"stable\" for your use-cases you should think\nabout copying the package to flash memory so it survives firmware upgrades,\notherwise an older version may get installed.\n\nFirst check if old packages are saved:\n\n```\nsudo bash\nls -l /config/data/firstboot/install-packages\n```\n\nIf old versions exist delete them, e.g.\n\n```\nrm /config/data/firstboot/install-packages/tailscale_1.6.0_mips.deb\n```\n\nThen copy the latest version:\n\n```\ncp /var/cache/apt/archives/tailscale_*.deb /config/data/firstboot/install-packages\n```\n\nIf you still receive an **out of space** error when upgrading, try cleaning the system's images using:\n\n```\ndelete system image\n```\n\nIf you have a **certificate error** when upgrading, unfortunately it is an [EdgeOS problem](https://community.ui.com/questions/Fix-Solution-Lets-Encrypt-DST-Root-CA-X3-Expiration-Problems-with-IDS-IPS-Signature-Updates-HTTPS-E/0404a626-1a77-4d6c-9b4c-17ea3dea641d), but to correct it manually you can run the following commands:\n\n```\nsudo -i\nsed -i 's|^mozilla\\/DST_Root_CA_X3\\.crt|!mozilla/DST_Root_CA_X3.crt|' /etc/ca-certificates.conf\ncurl -sk https://letsencrypt.org/certs/isrgrootx1.pem -o /usr/local/share/ca-certificates/ISRG_Root_X1.crt\nupdate-ca-certificates --fresh\n```\n\n## Uninstalling\n\n```\nsudo apt-get purge tailscale\nsudo rm /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh\nconfigure\ndelete system package repository tailscale\ncommit comment \"Remove Tailscale repository\"\nsave; exit\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamesog%2Ftailscale-edgeos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjamesog%2Ftailscale-edgeos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjamesog%2Ftailscale-edgeos/lists"}