Tailscale post-install setup requires a valid NAS SSL cert #62
Comments
|
The actual release is https://github.com/tailscale/tailscale-qpkg/releases/tag/v1.34.1, please use that one. |
DentonGentry
added a commit
to tailscale/tailscale
that referenced
this issue
Dec 30, 2022
When the user clicks on the Tailscale app in the QNAP App Center,
we do a GET from /cgi-bin/authLogin.cgi to look up their SID.
If the user clicked "secure login" on the QNAP login page to use
HTTPS, then our access to authLogin.cgi will also use HTTPS
but the certiciate is self-signed. Our GET fails with:
Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123":
x509: cannot validate certificate for 10.1.10.41 because it
doesn't contain any IP SANs
or similar errors.
Instead, access QNAP authentication via http://localhost:8080/
as documented in
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf
Fixes tailscale/tailscale-qpkg#62
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
|
I did try that release at one point but got confused since "Open" didn't do anything and I had already seen the pre-released version did... but now I notice it's because I should have followed the setup instructions from that release's README.md. |
DentonGentry
added a commit
to tailscale/tailscale
that referenced
this issue
Jan 3, 2023
When the user clicks on the Tailscale app in the QNAP App Center,
we do a GET from /cgi-bin/authLogin.cgi to look up their SID.
If the user clicked "secure login" on the QNAP login page to use
HTTPS, then our access to authLogin.cgi will also use HTTPS
but the certiciate is self-signed. Our GET fails with:
Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123":
x509: cannot validate certificate for 10.1.10.41 because it
doesn't contain any IP SANs
or similar errors.
Instead, access QNAP authentication via http://localhost:8080/
as documented in
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf
Fixes tailscale/tailscale-qpkg#62
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
DentonGentry
added a commit
to tailscale/tailscale
that referenced
this issue
Jan 3, 2023
When the user clicks on the Tailscale app in the QNAP App Center,
we do a GET from /cgi-bin/authLogin.cgi to look up their SID.
If the user clicked "secure login" on the QNAP login page to use
HTTPS, then our access to authLogin.cgi will also use HTTPS
but the certiciate is self-signed. Our GET fails with:
Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123":
x509: cannot validate certificate for 10.1.10.41 because it
doesn't contain any IP SANs
or similar errors.
Instead, access QNAP authentication via http://localhost:8080/
as documented in
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf
Fixes tailscale/tailscale-qpkg#62
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
(cherry picked from commit 467ace7)
coadler
pushed a commit
to coder/tailscale
that referenced
this issue
Feb 2, 2023
When the user clicks on the Tailscale app in the QNAP App Center,
we do a GET from /cgi-bin/authLogin.cgi to look up their SID.
If the user clicked "secure login" on the QNAP login page to use
HTTPS, then our access to authLogin.cgi will also use HTTPS
but the certiciate is self-signed. Our GET fails with:
Get "https://10.1.10.41/cgi-bin/authLogin.cgi?sid=abcd0123":
x509: cannot validate certificate for 10.1.10.41 because it
doesn't contain any IP SANs
or similar errors.
Instead, access QNAP authentication via http://localhost:8080/
as documented in
https://download.qnap.com/dev/API_QNAP_QTS_Authentication.pdf
Fixes tailscale/tailscale-qpkg#62
Signed-off-by: Denton Gentry <dgentry@tailscale.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I decided to try out the new QNAP package on:
https://github.com/tailscale/tailscale-qpkg/releases/download/qnap-v1.34.1/Tailscale_1.34.1-1_arm-x41.qpkg
After install, clicking on the Tailscale app to set it up fails with an SSL error in the body of the page that opened.
The install docs should mention a valid SSL cert is required and/or suggest how to do it from the CLI manually... which is what I ended up doing to workaround that with
/share/CACHEDEV1_DATA/.qpkg/Tailscale/tailscale upAfter I got Tailscale up and I changed QNAP to not force HTTPS logins to test this out, I was able to log in via HTTP:// on the Tailscale interface IP address and the Tailscale web UI loaded.
QTS 5.0.1.2248
TS version 1.34.1-1
The text was updated successfully, but these errors were encountered: