Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

macOS default socket handling of tailscale and tailscaled are different #5761

Closed
holymonson opened this issue Sep 27, 2022 · 10 comments · Fixed by #9234
Closed

macOS default socket handling of tailscale and tailscaled are different #5761

holymonson opened this issue Sep 27, 2022 · 10 comments · Fixed by #9234
Labels
bug Bug L1 Very few Likelihood OS-macos P1 Nuisance Priority level security T5 Usability Issue type

Comments

@holymonson
Copy link

holymonson commented Sep 27, 2022
edited

What is the issue?

tailscale claims it's default socket is /var/run/tailscaled.socket, same as tailscaled's, but in fact it dials [::1]:64511.

Steps to reproduce

❯ tailscale help
USAGE
  tailscale [flags] <subcommand> [command flags]

For help on subcommands, add --help after: "tailscale status --help".

This CLI is still under active development. Commands and flags will
change in the future.

SUBCOMMANDS
  up         Connect to Tailscale, logging in if needed
  down       Disconnect from Tailscale
  logout     Disconnect from Tailscale and expire current node key
  netcheck   Print an analysis of local network conditions
  ip         Show Tailscale IP addresses
  status     Show state of tailscaled and its connections
  ping       Ping a host at the Tailscale layer, see how it routed
  nc         Connect to a port on a host, connected to stdin/stdout
  ssh        SSH to a Tailscale machine
  version    Print Tailscale version
  web        Run a web server for controlling Tailscale
  file       Send or receive files
  bugreport  Print a shareable identifier to help diagnose issues
  cert       get TLS certs
  lock       Manipulate the tailnet key authority
  licenses   Get open source license information

FLAGS
  --socket string
    	path to tailscaled's unix socket (default /var/run/tailscaled.socket)

❯ tailscale status
failed to connect to local tailscaled (which appears to be running as tailscaled, pid 22000). Got error: Failed to connect to local Tailscale daemon for /localapi/v0/status; not running? Error: dial tcp [::1]:64511: connect: connection refused
❯ 
❯ tailscale --socket /var/run/tailscaled.socket status
100.105.126.126 monson-mbp-cli       holymonson@  macOS   -
100.94.240.71   dskt                 holymonson@  linux   -
100.95.87.78    zenobia-mba          holymonson@  macOS   -

Are there any recent changes that introduced the issue?

Seems it's introduced by version 1.30.2.

OS

macOS

OS version

macos 12.6

Tailscale version

1.30.2

Bug report

BUG-9d2329911aa0d09a17272bf7484567e965d2956691dcab7aee5a67ecdd98385d-20220927091756Z-0faaddd812048e06
@bradfitz
Copy link
Member

On macOS, it first tries the Unix socket and then if that fails it assumes you're trying to connect from the open source CLI to the GUI, which it uses localhost TCP. So if both fail, you'll see that TCP error.

@holymonson
Copy link
Author

On macOS, it first tries the Unix socket

As you can see in "Steps to reproduce", it dials /var/run/tailscaled.socket only when specified with --socket.

@holymonson
Copy link
Author

@bradfitz I think here is the root cause:

There is a symlink file ipnport -> 64511 in /Library/Tailscale/, tailscaled will ignore it and listen to the default unix socket, while tailscale will follow it to dial to port 64511. Please solve this inconsistency, thanks.

@pkpowell
Copy link

This could be related to switching between the AppStore and open source versions. I recently installed the AppStore version and ran into this after uninstalling. Unlinking the ipnport file mentioned above solved this for me.

@DentonGentry DentonGentry changed the title default socket of tailscale and tailscaled are different macOS default socket handling of tailscale and tailscaled are different Oct 5, 2022
@DentonGentry DentonGentry added OS-macos L1 Very few Likelihood P1 Nuisance Priority level T5 Usability Issue type and removed needs-triage labels Oct 5, 2022
@DentonGentry
Copy link
Contributor

We should make Tailscaled-on-macOS not use a localhost socket, if it still does.

@bradfitz
Copy link
Member

GOOS=darwin tailscaled has always used a Unix socket

@fwl-whu
Copy link

fwl-whu commented Jun 9, 2023

This could be related to switching between the AppStore and open source versions. I recently installed the AppStore version and ran into this after uninstalling. Unlinking the ipnport file mentioned above solved this for me.

How to unlink? Just remove the "ipnport"? Thank you!

@pkpowell
Copy link

pkpowell commented Jun 9, 2023

unlink ipnport was the command I used (as root). rm ipnport should also work.

@fwl-whu
Copy link

fwl-whu commented Jun 24, 2023

unlink ipnport was the command I used (as root). rm ipnport should also work.

thanks!

@shayne
Copy link
Contributor

shayne commented Jul 14, 2023

I just ran into this (nix-darwin). You'll likely hit this if you're moving between the AppStore version (macsys) and OSS tailscaled.

From the little sleuthing I did, the culprit is

tailscale/safesocket/safesocket_darwin.go

Lines 32 to 33 in 7a82fd8

const dir = "/Library/Tailscale"
portStr, err := os.Readlink(filepath.Join(dir, "ipnport"))

If you remove this directory, tailscale will appropriately try /var/run/tailscaled.socket.

Should we instead look at if tailscaled is running on Darwin (vs IPNExtension)?

@icio icio mentioned this issue Sep 2, 2023
Closed
icio added a commit to icio/tailscale that referenced this issue Sep 2, 2023
@icio
cmd/tailscale: Prefer socket on Darwin.
c3510fb 
Fixes tailscale#5761
icio added a commit to icio/tailscale that referenced this issue Sep 2, 2023
@icio
cmd/tailscale: Prefer socket on Darwin.
b2022aa 
Fixes tailscale#5761

Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
icio added a commit to icio/tailscale that referenced this issue Sep 2, 2023
@icio
cmd/tailscale: Use socket fallback on Darwin.
a460f2d 
Fixes tailscale#5761

Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
icio added a commit to icio/tailscale that referenced this issue Sep 5, 2023
@icio
cmd/tailscale: Check app store tailscaled dialable before selecting.
04c95da 
PR tailscale#9217 attempted to fix the same issue, but suffered from not letting the
user connect to non-oss tailscaled if something was listening on the socket, as
the --socket flag doesn't let you select the mac apps.

Rather than leave the user unable to choose, we keep the mac/socket preference
order the same and check a bit harder whether the macsys version really is
running. Now, we prefer the App Store Tailscale (even if it's Stopped) and you
can use --socket to sswitch. But if you quit the App Store Tailscale, we'll try
the socket without needing the flag.

Fixes tailscale#5761

Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
icio added a commit to icio/tailscale that referenced this issue Sep 5, 2023
@icio
cmd/tailscale: Check app store tailscaled dialable before selecting.
8be6c56 
PR tailscale#9217 attempted to fix the same issue, but suffered from not letting the
user connect to non-oss tailscaled if something was listening on the socket, as
the --socket flag doesn't let you select the mac apps.

Rather than leave the user unable to choose, we keep the mac/socket preference
order the same and check a bit harder whether the macsys version really is
running. Now, we prefer the App Store Tailscale (even if it's Stopped) and you
can use --socket to sswitch. But if you quit the App Store Tailscale, we'll try
the socket without needing the flag.

Fixes tailscale#5761

Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
@icio icio mentioned this issue Sep 5, 2023
Merged
knyar pushed a commit that referenced this issue Sep 6, 2023
@icio
cmd/tailscale: Check App Store tailscaled dialable before selecting. (#…
9a56184 
…9234)

PR #9217 attempted to fix the same issue, but suffered from not letting the
user connect to non-oss tailscaled if something was listening on the socket, as
the --socket flag doesn't let you select the mac apps.

Rather than leave the user unable to choose, we keep the mac/socket preference
order the same and check a bit harder whether the macsys version really is
running. Now, we prefer the App Store Tailscale (even if it's Stopped) and you
can use --socket to sswitch. But if you quit the App Store Tailscale, we'll try
the socket without needing the flag.

Fixes #5761
Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
@clo4 clo4 mentioned this issue Sep 16, 2023
Closed
alexelisenko pushed a commit to Control-D-Inc/tailscale that referenced this issue Feb 15, 2024
@icio @alexelisenko
cmd/tailscale: Check App Store tailscaled dialable before selecting. (t…
2c95bbc 
…ailscale#9234)

PR tailscale#9217 attempted to fix the same issue, but suffered from not letting the
user connect to non-oss tailscaled if something was listening on the socket, as
the --socket flag doesn't let you select the mac apps.

Rather than leave the user unable to choose, we keep the mac/socket preference
order the same and check a bit harder whether the macsys version really is
running. Now, we prefer the App Store Tailscale (even if it's Stopped) and you
can use --socket to sswitch. But if you quit the App Store Tailscale, we'll try
the socket without needing the flag.

Fixes tailscale#5761
Signed-off-by: Paul Scott <408401+icio@users.noreply.github.com>
Signed-off-by: Alex Paguis <alex@windscribe.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug L1 Very few Likelihood OS-macos P1 Nuisance Priority level security T5 Usability Issue type
Projects
None yet
Milestone
No milestone
6 participants
@bradfitz @shayne @pkpowell @holymonson @DentonGentry @fwl-whu