-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR: Support Ubiquiti gear #735
Comments
Some keywords for searching: UniFi Dream Machine Pro (UDMP) (from dup bug #894) |
Reportedly works fine on ER4:
|
To my knowledge this is not permanent though and will likely be removed during system upgrade. |
thanks @bradfitz, used your post as inspiration to write a quick guide on how to get it to stick around after system upgrades: https://gist.github.com/lg/6f80593bd55ca9c9cf886da169a972c3 |
Considering how popular MIPS processors are on routers. It is also worth making note of the fact that EdgeOS (The OS on Ubiquiti gear and 7.1% of global WLAN market) weakly supports adding Debian packages to the linux machine. And since Debian supports the 64bit MIPS (little-endian) Architecture this check should be included when following the Debian tailscale install guide. Edit: #1085 was opened regarding providing install instructions for MIPS64 devices like Ubiquiti gear running EdgeOs. |
We have both mips and mipsle binaries already: https://pkgs.tailscale.com/stable/#static Do those not work? Is there a mips sub-architecture we missed? |
mips works on my USG4, although permanent installation is obviously still an issue because Ubiquiti doesn't officially support installing 3rd party software so upgrades will delete the customizations |
There are ARM and ARM64 binaries as well: https://pkgs.tailscale.com/stable/#static |
For the UDMP on ARM64 there's a few issues i've seen with getting tailscale up and running. For one, there's no in kernel wireguard support, or the TUN driver tailscale used. I was able to get around that by using the custom kernel in udm-kernel
Notably however the netcheck fails when tailscaled is running, and tailscaled logs show repeated communication failures. Running Tailscaled in usermode networking seems to resolve the connection errors in tailscaled but the netcheck still fails. I'm able to NC the endpoints from a shell so I don't think it's related to any actual network transport issues.
|
You may have in-kernel WireGuard but Tailscale doesn't use it. |
did you ever make more progress with this? I stumbled across https://github.com/SierraSoftworks/tailscale-udm , which allowed me to get it installed and connected with no hassle at all, but the routing doesn't seem to work. |
FYI Dream Machine 1.11.0-14 Beta released today with wireguard kernel module included by default. |
For anyone trying to install Tailscale on Ubiquiti gear running EdgeOS, this tutorial worked for me. And for those who want another guide, Robert Jensen was able to get it working as a relay node. |
Thanks for the recommendation @gabefair :-) I've got a WIP branch on that repo that uses the package repo instead of manually moving binaries around. That process seems to work better, but I haven't had time to finish ironing out the wrinkles (esp. when migrating from the current method). |
For anyone using the UDM Pro SE (tested with UniFi OS UDM SE V2.2.12), it seems to be fairly straightforward:
# Extra flags you might want to pass to tailscaled.
FLAGS="--tun userspace-networking"
|
@etrepum do you know if it survives firmware upgrades? |
Userspace networking (i.e. a http or SOCKS proxy) works fine but it's not really the integration people are hoping for. -jp |
Doubtful. I find myself having to install iperf everytime I do an upgrade and this would be the same. |
Likely relevant for this audience: https://tailscale.com/kb/1207/small-tailscale/ |
Maybe I'm making a silly error but wouldn't it be better to just fire up a Linux container or VM on your network and assign it the responsibility of being a subnet router? This would allow the Unifi router to focus on the local routing and when it goes offsite you create a static route over to the subnet router instance. This at least is what I am trying to do. I'm no pro on the networking front so feel free to disagree with the above but I'd just be personally nervous getting too involved in the Unifi stack as their releases have enough issues of their own. Now if anyone does agree with my approach ... I could use a little help as I've set it all up without any errors just following the directions but while the subnet routers on my two physical networks are able to share the subnet for client's which are running the Tailscale client (aka, the subnet router is acting as exit point) but my UDM Pro's static route is seemly ignored when sending to the local subnet router. I believe that something like this is discussed in this thread but in double tragedy my ability to SSH into either of the Dream Machines seems to no longer possible so the configuration which is suggested won't work. I can work with the UI but right now I am unclear how to explicitly have my static route for the ip address range be sent over the I have the two WAN routes setup to the best of my ability in the UI:
And then have a static route to point all requests to the subnet router:
I accept that this may be a departure from the original issue but if anyone had any reaction to this I'd be very open to it. I've written it up far greater detail here: UDM Pro site-to-site VPN with Tailscale. |
Note that generation of MIPS packages was inadvertently broken in Tailscale 1.36 and restored in 1.40. |
Is your feature request related to a problem? Please describe.
I have three locations (one Office, two Retail), each with about 3 subnets routed by an Ubiquiti Edgerouter. Each location has a large number of embedded devices on the network that cannot run arbitrary software. I'd like to be able to easily remotely access them without playing with firewall rules, etc.
Describe the solution you'd like
I'd like to install Tailscale on the Edgerouters and announce routes for the attached subnets. It looks like this is theoretically possible with the available binaries, but also I'm busy with real life and don't want to fiddle with stuff.
Possible solutions in order of desirability from least to most:
Describe alternatives you've considered
I've considered messing around with just downloading the binaries and trying it out, but having a real life has mostly limited time and inclination to do real work on that front.
Additional context
Not sure how much you consider this as in-scope for your work. I like Tailscale because it feels like you have a gentle enough pricing path that it would be attractive for a small business like mine (I have a small office staff that's entirely non-technical) relative to other VPN options. Plus it's technically more sound.
The text was updated successfully, but these errors were encountered: