Unable to access other machines on the Tailscale network #63
Comments
|
Hey mate - can you try enabling userspace networking in the Tailscale addon and let me know if anything changes? Another option could be to advertise your local ip as a route in Tailscale (192.168.1.X/32) and try connect to that again |
|
Thanks for the quick response! Not sure the second option would apply in this case, but maybe I don't understand. Here is my goal:
I want Home Assistant to be able to add PiHole via the PiHole integration. |
|
Ooooooohhh sorry I understand now, I missed the remote PiHole vs. HA PiHole integration bit I'm not sure how much help I'll be able to provide as I've not used the addon this way before, and the difficulty arrises from the way that everything is isolated/containerised in HA. Testing on my install (which is on HassOS) if I disable Userspace Networking in the addon I am able to hit some Tasilscale IPs from the HomeAssistant core container:
Noting that it will break your HA access via tailscale, can you try reproduce the above on your install (disable userspace-networking first) and see if that lets the PiHole integration work? If so then we can fix the HA access again afterward :) |
|
Looks like I am failing on the
|
|
Can you try curl your Pihole's Tailscale IP on whatever port the HTTP admin interface is on? edit: I realise now the dig test depends on some TS DNS stuff that might not be enabled for your tailnet, so bad test 😂 |
|
Looks like those are failing as well. The below IPs are the Tailscale IP and the local IP of machine B which is forwarded to the Tailnet by a subnet router.
From another device on the Tailnet: |
|
Can you |
|
Maybe another thing to test too would be shelling into the tailscale addon
Then running What I'm trying to work out is if its a Tailscale connectivity issue, or a linux route table problem... |
|
Here's a bit more:
Not sure if it's relevant but I'm running HA on a Proxmox VM (not container). |
|
That's very weird. Tailscale is trying to use the MagicDNS ip 100.100.100.100 to lookup the Hostnames for Tailscale DERP relays and failing... that would probably cause it not to be able to dial out to your pihole server From that Tailscale container, can you 'dig +short @1.1.1.1 google.com' or 'curl 1.1.1.1'? |
|
Really appreciate your help with this! I don't think
|
|
No worries! So taking stock:
Have you changed anything to do with DNS in the addon? Also, in your Tailscale admin portal, do you have Magic DNS enabled and, if so, have you selected a default Global Nameserver? This is what my admin portal currently looks like re: DNS |
|
I haven't made any DNS changes in the addon. My MagicDNS is configured a bit differently than yours though. I set the PiHole instance as a global nameserver. It's possible I've misconfigured it. Here's a screencap from mobile. Apologies for the poor attempt to conceal some info:
|
|
Some additional data points. I renabled userspace networking then:
Tested adding the PiHole integration after both changes without success. |
|
Alright, last thing to try I can think of is refresh your addon repositories, Update the Tailscale addon and start it with userspace networking disabled, and the new option "disable_dns" enabled. Run through If we don't see wins after that I'm not sure what else to try sorry. Userspace Networking is the most reliable mode for the add-on, but since it doesn't create a network interface that's visible from the other containers its not possible to route traffic (like the Pihole integration) over the tailscale link. You might have to resort to setting up some sort of reverse-proxy on another vm that forwards traffic to your pihole over tailscale, then hit that from HA. |
|
Looks like we have some success: From the Tailscale container (public IP concealed): From the Home Assistant container: Note: Access to HA is still unavailable with |
|
alright awesome, definitely something to do with MagicDNS breaking tailscaled's ability to dial out to other nodes. In terms of getting HA access with userspace_networking disabled:
|
|
Pretty sure this was my own fault 🤦♂️. I think there was a circular route issue. I'm running two Tailscale instances on my LAN. One instance for remote access of the 2 LAN subnets (it advertises routes for both subnets), and a second instance for Home Assistant (this addon). I noticed that if I disabled Anyway, I think it's safe to close this now. I was able to add the remote PiHole instance via the integration. For those who may come across this issue in the future, here is the add-on config I landed on: I returned the MagicDNS settings to their original configuration. Thank you for your help!! Final note: |
|
Aaaaaaahhh that's super interesting as a root cause. Glad you got it working! Also so funny re: the Hostnames, I hazard other parts of our LANs might similarly collide 😅 |
Describe the bug
I run a PiHole server on my Tailscale network. I'd like to add the PiHole integration for this PiHole instance to Home Assistant. Unfortunately, I'm not access the PiHole instance via it's local IP, Tailscale IP or Tailnest hostname
To Reproduce
Expected behavior
Home Assistant should be able to communicate with other devices on the Tailnet.
Desktop (please complete the following information):
Additional context
accept-routesenableduserspace_networkingenabledThe text was updated successfully, but these errors were encountered: