{"id":23340196,"url":"https://github.com/sierrasoftworks/tailscale-udm","last_synced_at":"2026-03-02T22:21:51.577Z","repository":{"id":40239614,"uuid":"365583209","full_name":"SierraSoftworks/tailscale-udm","owner":"SierraSoftworks","description":"Run Tailscale on your Unifi Dream Machine","archived":false,"fork":false,"pushed_at":"2025-03-09T12:56:12.000Z","size":141,"stargazers_count":924,"open_issues_count":12,"forks_count":48,"subscribers_count":20,"default_branch":"main","last_synced_at":"2025-04-14T00:57:24.564Z","etag":null,"topics":["tailscale","udm","udm-pro","unifi"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SierraSoftworks.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2021-05-08T18:19:51.000Z","updated_at":"2025-04-13T21:04:40.000Z","dependencies_parsed_at":"2023-01-31T10:16:23.087Z","dependency_job_id":"dc06ca2c-2da5-404f-9dd5-9e1d814cbb47","html_url":"https://github.com/SierraSoftworks/tailscale-udm","commit_stats":null,"previous_names":[],"tags_count":20,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Ftailscale-udm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Ftailscale-udm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Ftailscale-udm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SierraSoftworks%2Ftailscale-udm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SierraSoftworks","download_url":"https://codeload.github.com/SierraSoftworks/tailscale-udm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254254041,"owners_count":22039792,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["tailscale","udm","udm-pro","unifi"],"created_at":"2024-12-21T04:20:02.830Z","updated_at":"2026-03-02T22:21:51.567Z","avatar_url":"https://github.com/SierraSoftworks.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Tailscale on UniFi Dream Machine\n\nThis repo contains the scripts necessary to install and run a [tailscale](https://tailscale.com)\ninstance on your [UniFi Cloud Gateways](https://ui.com/cloud-gateways).\nIt does so by piggy-backing on the excellent [unifi-utilities](https://github.com/unifi-utilities/unifios-utilities)\nto provide a persistent service and runs using Tailscale's usermode networking feature.\n\n## Installation\n\n1. Run the `install.sh` script to install the latest version of the\n   Tailscale UDM package on your UDM.\n\n   ```sh\n   # Install the latest version of Tailscale UDM\n   curl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh\n   ```\n\n2. Run `tailscale up` to start Tailscale.\n3. Follow the on-screen steps to configure Tailscale and connect it to your network.\n4. Confirm that Tailscale is working by running `tailscale status`\n\n## Compatibility\n\n**ⓘ You can confirm your OS version by running `/usr/bin/ubnt-device-info firmware_detail`**\n\nThis package is compatible with UniFi OS 2.x+ and is known to work on the following devices:\n\n- UniFi Dream Machine (UDM)\n- UniFi Dream Machine Pro (UDM Pro)\n- UniFi Dream Router (UDR)\n- UniFi Dream Machine Special Edition (UDM-SE)\n- UniFi Cloud Key Gen 2 (UCK-G2)\n- UniFi Cloud Key Gen 2 Plus (UCK-G2-PLUS)\n- UniFi NAS Pro\n\nWe expect that it should function on most consumer-grade UniFi devices without issue, but if you\ndo run into any problems, please [open an issue](https://github.com/SierraSoftworks/tailscale-udm/issues)\nand provide the following information:\n\n- The device you are running on (e.g. UDM Pro)\n- The UniFi OS version you are running (e.g. 2.4.8 - this can be found by running `/usr/bin/ubnt-device-info firmware_detail`)\n- The steps you took to install Tailscale and any errors you encountered.\n\n**WARNING:** This package is no longer compatible with UniFi OS 1.x (the legacy OS on UDM/UDM Pro). If you\nare running UniFi OS 1.x and are unable to upgrade to the latest stable version of UniFi OS, you\nshould use the legacy version of this package, which is available in the `legacy` branch of\nthis repository. The legacy version is no longer maintained and may not work with the latest\nversion of Tailscale.\n\n## Management\n\n### Configuring Tailscale\n\nYou can configure Tailscale using all the normal `tailscale up` options, you should be able to\nfind `tailscale` on your path after installation.\n\n```sh\ntailscale up --advertise-routes=10.0.0.0/24 --advertise-exit-node --advertise-tags=tag:it\n```\n\n### Restarting Tailscale\n\nOn UniFi OS 2.x+, Tailscale is managed using `systemd` and the `tailscaled` service. You can\nrestart it using the following command.\n\n```sh\nsystemctl restart tailscaled\n```\n\n### Upgrading Tailscale\n\nUpgrading Tailscale on UniFi OS 2.x+ can be done either using `apt` or by using the `manage.sh`\nhelper script.\n\n#### Using `apt`\n\n```sh\napt update \u0026\u0026 apt install -y tailscale\n```\n\n#### Using `manage.sh`\n\n```sh\n/data/tailscale/manage.sh update\n\n# Or, if you are connected over Tailscale and want to run the update anyway\nnohup /data/tailscale/manage.sh update!\n```\n\n### Remove Tailscale\n\nTo remove Tailscale, you can run the following command, or run the steps below manually.\n\n```sh\n/data/tailscale/manage.sh uninstall\n```\n\n#### Manual Steps\n\n1. Kill the `tailscaled` daemon with `systemctl stop tailscaled`.\n2. Remove the `tailscale` \u0026 `tailscale-archive-keyring` package using `dpkg -P tailscale tailscale-archive-keyring`.\n3. Remove the management script and state using `rm -Rf /data/tailscale`.\n4. Remove the `on_boot.d` script using `rm /data/on_boot.d/10-tailscaled.sh`.\n5. Remove the `cache` folder using `rm -rf /var/cache/tailscale`.\n\n## Contributing\n\nThere are clearly lots of folks who are interested in running Tailscale on their UDMs. If\nyou're one of those people and have an idea for how this can be improved, please create a\nPR and we'll be more than happy to incorporate the changes.\n\n## Frequently Asked Questions\n\n### How do I advertise routes?\n\nYou do this by updating your Tailscale configuration as you would on any other machine,\njust remember to provide the full path to the `tailscale` binary when doing so.\n\n```sh\n# Specify the routes you'd like to advertise using their CIDR notation\n\n# UniFi OS 1.x\n/mnt/data/tailscale/tailscale up --advertise-routes=\"10.0.0.0/24,192.168.0.0/24\"\n\n# UniFi OS 2.x/3.x\ntailscale up --advertise-routes=\"10.0.0.0/24,192.168.0.0/24\"\n```\n\n### Can I route traffic from machines on my local network to Tailscale endpoints automatically?\n\nYes! As of January 30, 2025, [two][tailscale-pr10828] [changes][tailscale-pr14452] to Tailscale have made this\npossible. Much credit goes to @tomvoss and @jasonwbarnett, who contributed significant effort to\nthe initial implementation, detailed [in this GitHub issue][tailnet-routing-discussion].\nBefore going further please read tailscale's [subnet router documentation][tailscale-subnet-router-docs]\nand familiarize yourself with the concepts of subnet routers, independent of UniFi OS.\n\n#### Prerequisites\n\nBefore proceeding, please review Tailscale’s [subnet router documentation][tailscale-subnet-router-docs]\nto understand the core concepts of subnet routing, independent of UniFi OS.\n\n**NOTE**: You do not need to manually enable `net.ipv4.ip_forward` on your UniFi OS\ndevice as it is enabled by default. If you want to confirm its status, run:\n\n```sh\nsysctl net.ipv4.ip_forward\n```\n\n**WARNING**: You should conduct all of these changes over a direct network connection to your\nUniFi OS device, as you may lose access to the device if you misconfigure Tailscale or other network\nsettings.\n\n#### Switch to TUN mode\n\nThe quickest way to switch to TUN mode is to install the latest version of tailscale-udm, which\nwill automatically configure Tailscale to use TUN mode.\n\n```bash\ncurl -sSLq https://raw.github.com/SierraSoftworks/tailscale-udm/main/install.sh | sh\n```\n\n##### Manually Switching to TUN Mode\n\nIf you have been running Tailscale on your UniFi device for a while, there is a good chance\nthat you are running in \"userspace\" networking mode. This mode is not compatible with advertising\nroutes, so you will need to switch to TUN mode.\n\nTo do so, edit your `/data/tailscale/tailscale-env` file and ensure that the\n`TAILSCALED_FLAGS` variable does **NOT** include the `--tun userspace-networking` flag. Unless you\nhave manually configured any other options, it should look like this:\n\n```bash\nPORT=\"41641\"\nTAILSCALED_FLAGS=\"\"\nTAILSCALE_FLAGS=\"\"\nTAILSCALE_AUTOUPDATE=\"true\"\nTAILSCALE_CHANNEL=\"stable\"\n```\n\nThen re-configure Tailscale by running `/data/tailscale/manage.sh install`, which will\nupdate your `/etc/default/tailscaled` file to use the new configuration and restart the\n`tailscaled` service.\n\n#### Verifying Your Setup\n\nTo ensure that Tailscale is running correctly, check for the existence of the\ntailscale0 network interface:\n\n```sh\nip link show tailscale0\n```\n\nA successful setup should return output similar to:\n\n```text\n129: tailscale0: \u003cPOINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP\u003e mtu 1280 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 500\n    link/none\n```\n\nIf you see `Device \"tailscale0\" does not exist.` instead, it means you are still running in\n[userspace networking mode][tailscale-userspace-networking-docs], which will not\nwork. Follow the steps above to switch to TUN mode and try again.\n\n#### Final Configuration\n\nOnce you have verified that you are not running in userspace networking mode, proceed with configuring Tailscale:\n\n```sh\ntailscale up --advertise-exit-node --advertise-routes=\"\u003cone-or-more-local-subnets\u003e\" --snat-subnet-routes=false --accept-routes --reset\n```\n\nExample:\n\n```sh\ntailscale up --advertise-exit-node --advertise-routes=\"10.0.0.0/24\" --snat-subnet-routes=false --accept-routes --reset\n```\n\nFor more details on available options, see the official [tailscale up command documentation][tailscale-up-docs].\n\n### Why can't I see a network interface for Tailscale?\n\nLegacy versions of the tailscale-udm script configured Tailscale to run in userspace networking\nmode on the UDM rather than as a TUN interface, which meant you wouldn't see it in the `ip addr` list.\n\nIf you are running an older version of tailscale-udm, you can switch to TUN mode by following\nthe [instructions above](#manually-switching-to-tun-mode).\n\n### Does this support Tailscale SSH?\n\nYou bet, make sure you're running the latest version of Tailscale and then run `tailscale up --ssh`\nto enable it. You'll need to setup SSH ACLs in your account by following\n[this guide](https://tailscale.com/kb/1193/tailscale-ssh/).\n\n```sh\n# UniFi OS 1.x\n# Update Tailscale to its latest version\n/mnt/data/tailscale/manage.sh update!\n\n# Enable SSH advertisment through Tailscale\n/mnt/data/tailscale/tailscale up --ssh\n\n# UniFi OS 2.x/3.x\n# Update Tailscale to its latest version\n/data/tailscale/manage.sh update!\n\n# Enable SSH advertisment through Tailscale\ntailscale up --ssh\n```\n\n### How do I generate HTTPS certificates with Tailscale?\n\nTailscale can generate valid HTTPS certificates for your UDM using Let's Encrypt. This requires:\n\n- MagicDNS enabled in your Tailscale admin console\n- HTTPS enabled in your Tailscale admin console\n\n```sh\n# Generate a certificate\n/data/tailscale/manage.sh cert generate\n\n# Install certificate into UniFi OS (2.x+)\n/data/tailscale/manage.sh cert install-unifi\n\n# Restart UniFi Core to apply\nsystemctl restart unifi-core\n```\n\nCertificates expire after 90 days. Use `cert renew` to renew them.\nThe hostname is automatically determined from your Tailscale configuration.\n\nOn UniFi OS 2.x+, a systemd timer is automatically installed when you generate\nyour first certificate. This timer runs weekly to check and renew certificates\nbefore they expire.\n\n[tailscale-pr10828]: https://github.com/tailscale/tailscale/pull/10828\n[tailscale-pr14452]: https://github.com/tailscale/tailscale/pull/14452\n[tailnet-routing-discussion]: https://github.com/SierraSoftworks/tailscale-udm/discussions/51\n[tailscale-subnet-router-docs]: https://tailscale.com/kb/1019/subnets\n[tailscale-up-docs]: https://tailscale.com/kb/1241/tailscale-up\n[tailscale-userspace-networking-docs]: https://tailscale.com/kb/1112/userspace-networking\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Ftailscale-udm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsierrasoftworks%2Ftailscale-udm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsierrasoftworks%2Ftailscale-udm/lists"}