Hello folks,
I started using tailscale for my devices and I was wondering if it’s possible to install it on Turris Omnia too.
I have found there is a package for OpenWrt already: [OpenWrt Wiki] package: tailscale Is there a way to include it to the official Turris packages? Or can I somehow side-load it safely (meaning it won’t be unistalled everytime I do an upgrade)?
Thank you
I have it installed to the mSATA, under /srv. It’s a manual thing and updating it requires downloading, unpacking, updating a symlink and a reboot for some reason I didn’t bother to troubleshoot. It’s been working for months though, happy to share my setup if you’d like.
Hey @cassianoleal, that would be great, thanks in advance. I’m trying to make it work at least inside LXC but so far now luck. I’m having issues with /dev/net/tun but no solutions I have found so far worked for me. Also running it natively makes more sense to me.
Hi, sorry it took me a bit to respond. 
First things first, most of the credit goes to this: How I set up Tailscale on my WiFi router
To reproduce my implementation, follow these steps:
Install packages
opkg update
opkg install ca-bundle kmod-tun
Create file /etc/updater/conf.d/userlist-tailscale.lua with the contents below. This will avoid the packages above being uninstalled the next time the updater runs.
Install("ca-bundle")
Install("kmod-tun")
Enable external storage on Turris. This mounts the SSD under /srv
Create directory to hold binaries: mkdir /srv/tailscale
Create script below in /srv/tailscale/install-version.sh:
#!/usr/bin/env bash
set -euo pipefail
install_path=$(dirname "${BASH_SOURCE[0]}")
if [ -z "${1:-}" ]; then
echo "Usage: ${install_path}/install-version.sh VERSION"
exit 1
fi
version=$1
trap "popd >/dev/null" EXIT
pushd "${install_path}" >/dev/null
if $(stat "tailscale_${version}_arm" >/dev/null 2>&1); then
echo "Version ${version} is already installed!"
exit 1
fi
curl -LO "https://pkgs.tailscale.com/stable/tailscale_${version}_arm.tgz"
tar zxvf tailscale_${version}_arm.tgz
rm tailscale_${version}_arm.tgz
stat current >/dev/null 2>&1 && rm current
ln -s tailscale_${version}_arm current
echo -e "\n\n-----> Restarting service...\n\n"
/etc/init.d/tailscale restart
Make script executable: chmod +x /srv/tailscale/install-version.sh
Install tailscale: /srv/tailscale/install-version.sh VERSION where VERSION is in the format e.g. 1.24.2.
Test that the binaries are functional: /srv/tailscale/current/tailscale version
Create the init script in /srv/tailscale/init-script.sh (this is exactly the one from the blog post, with paths adjusted):
#!/bin/sh /etc/rc.common
# Copyright 2020 Google LLC.
# SPDX-License-Identifier: Apache-2.0
USE_PROCD=1
START=80
start_service() {
/srv/tailscale/current/tailscaled --cleanup
procd_open_instance
procd_set_param command /srv/tailscale/current/tailscaled
# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port 41641
# OpenWRT /var is a symlink to /tmp, so write persistent state elsewhere.
procd_append_param command --state /etc/tailscale/tailscaled.state
procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
}
stop_service() {
/srv/tailscale/current/tailscaled --cleanup
killall tailscaled
}
Make it executable: chmod +x /srv/tailscale/init-script.sh
Symlink and enable the init script:
ln -s /srv/tailscale/init-script.sh /etc/init.d/tailscale
/etc/init.d/tailscale enable
Join tailnet: /srv/tailscale/current/tailscale up
At this point your router should be part of the tailnet!
When a new version comes out, just re-run the install-version.sh script with the new version as an argument, and reboot router.
Let me know how this works for you, or if you work out why a reboot is needed! 
Edit: fixed bug in install-version.sh
Edit 2: Added /etc/updater/conf.d/userlist-tailscale.lua
Edit 3: Updated both scripts so there’s no need to reboot router.
Thanks a lot. I’ve read the blog post and followed your instructions and have it working now, including exit node & subnets (which is what I wanted to have primarily).
I just noticed that your installation script has a small bug in it, it’s on the line where you check if the version is already downloaded, there is a hard-coded number there, it should be replaced with ${version} too.
Also, in the blog post there is a note about /etc/upgrade/keep.d/tailscale, have you added into your system too? Is it needed with TO? I’ve added it just to be on the safe side, just omitting the last two lines as the binaries in our case are under /srv which I expect is not touched by upgrades at all.
Edit: I also use custom DNS and I want this to be ignored in case of TO, so I’ve added --accept-dns=false to the tailscale up command.
Ah, good catch on the version thing. I’ve fixed it in the post above in case someone else tries it as well.
I haven’t done anything about the updates because as you said it’s under /srv which is left alone anyway.
I did think about symlinking the binaries to /usr/bin or similar. If you do that it might be a good idea to do the keep thing but I never felt the need. I just cd into its directory on the rare occasions I need to run it.
Glad it’s working!
Actually, I just re-checked /srv/updater/conf.d and I do have a file userlist-tailscale.lua there with these contents:
Install("ca-bundle")
Install("kmod-tun")
This will ensure those packages never get uninstalled by the updater. I’ll update the other post now as well.
Tailscale was added for OpenWrt 21.02 and newer versions, and thus you can already find it in our development branches. What we are using for now is OpenWrt 19.07, where the tailscale is not presenting, and we tried to backport it, but there are some compile issues, which we need to investigate to fix it which currently does not have a high priority.
If you want to try development branches, please proceed with: Early access - Turris Documentation
For anyone coming to this thread after the release of TOS6, note that the tailscale package currently in the repos is version 1.12.3 whereas the latest upstream is 1.32.2.
If you’re happy with having an older version on the router, using the upstream packages is the easiest and most straight-forward way. You also benefit from the awesome auto-update feature of TurrisOS.
Otherwise, manual is still the way to go.
AFAIK, there are reports that the latest tailscale version could not be used with the OpenWrt build system as it requires a new version of Golang.
Reference:
Sounds like the build system needs some rethinking to allow for multiple compiler versions.
In fact, it should be trivial to install whatever Go version is needed as part of the build job as a build-time dependency rather than relying on whatever is pre-installed on the build workers.
Hey, with TOS6 I started using (what I considered) an official package and removed my “manual setup” to simplify the maintainance and avoid surprises with upgrades. But just today my Omnias started reporting this:
Error notifications
===================
Updater execution failed:
inconsistent: Requested package tailscale that is not available.
Is it somehow related to what you shared? And why it happened without any actual update? What should I do now? Do I need to get back to manual setup to have updating working again?
Thank you.
Sure, @jprokop, would you mind to tell me which branch are you using? Tailscale was missing for several days in the HBK and it is missing in the latest Turris OS 6.0.2 RC1, because it required updating the golang, which will happen in Turris OS 6.0.2 RC2.
//EDIT: Postpostponed to Turris OS 6.0.3, which should be released next week.
Yes, thank you, I’m on 6.0.1 HBT.
I will just turn off automatic updates to avoid Omnias spamming my e-mail and will wait for 6.0.2 RC2.
To all that search for the solution in 2023 with Tailscale > 1.40:
This works with Turris OS 3.x, doesn’t need additional packages and works like a charm with the two scripts you posted here.
Only little thing that was missing is a /etc/init.d/tailscale start to get the service running before using /srv/tailscale/current/tailscale up.
Thanks for your help!!
Thanks for the feedback!
I had made one other improvement since that post so you don’t need to reboot the router after an upgrade. I’ve now edited that post with the changes to the scripts.
I’ve been using it like that for many versions now and it works even if you’re remote, doing the upgrade via Tailscale. I’ve done it a few times from abroad.