Tailscale settings lost on reboot

I have a GL-AX1800 and purchased because of Tailscale implementation among other features.

I have noticed that there is very little available config in the UI but as I had SSH access I thought it would be ok and configured via:

tailscale up --advertise-routes=192.168.10.0/23 --accept-dns=false --accept-routes --advertise-exit-node --reset

I specifically want the /23 route advertised instead of a /24 and need the other options. This works fine however it is all resets on reboot.

Is there a way to run a command after boot and after tailscale has come up?

I tried adding the tailscale up command to the http://192.168.10.1/cgi-bin/luci/admin/system/startup page but it didn’t work. I have to run the command manually after a reboot.

LuCI’s Startup is just a frontend for /etc/rc.local. Make sure your command string is above the exit 0 & the string itself ends with & to send it into the background processes.

I’ll give that a go but not sure why it needs to be pushed to the background? It’s a one shot command that should re-enable the routes and exit node. It would be much better if there was an advanced option in the UI to enable other Tailscale config.

I asked the same of my ddns client when I’m benind addn’l upstream routers:

root@GL-AX1800:~# cat /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

. /lib/functions/gl_util.sh
remount_ubifs

/usr/lib/ddns/dynamic_dns_updater.sh -S desec_ipv4 start &

exit 0
root@GL-AX1800:~# ps -w | grep ddns
19182 root      1376 S    /bin/sh /usr/lib/ddns/dynamic_dns_updater.sh -S desec_ipv4 start

You run the risk of it choking in rc.local & inadvertently stalling the full boot process. If it’s a true ‘one shot’ as you describe it’ll exit fr the bg processes automatically anyways.

It’s a workaround not a solution. 4 days ago:

Adding the “&” to fork to background didn’t work on reboot. Routes and exit node config still overwritten.

Do you know the file location for the conf? It can be checked for its existence & if so, deleted/moved/renamed/whatever before launching w/ your specific string.

No, haven’t found it. The /etc/init.d/tailscale file has the tailscaled startup but I can’t find the tailscale up xxxx config anywhere.

The params might be being passed by /etc/init.d/tailscale; reboot it as if using TS via GL GUI & chk ps -w | grep tail

Its exactly as per the init.d file:

root@GL-AX1800:/# ps -w | grep tail
12659 root      670m S    /usr/sbin/tailscaled --port 41641 --state /etc/tailscale/tailscaled.state

tailscale up xxxx is never called. Not sure how the UI passes the selections re. routes that it configures.

Ohh… that’s interesting; cat & post the output, pls.

That file contains the hashed connection info so probably shouldn’t post! But no config in that file.

You can always redact details as needed before posting.

I think at this stage I need a way to run the tailscale up command after tailscaled has come up. That /etc/rc.local is not working for me…

I added this to the startup script to find whats running at start:

ps -w | grep tail > /tmp/tailscale.info &

root@GL-AX1800:~# cat /tmp/tailscale.info
 4750 root      1176 S    /bin/sh /usr/bin/gl_tailscale restart
 4752 root      1312 S    /bin/sh /etc/rc.common /etc/init.d/tailscale restart
 4776 root      794m S    /usr/sbin/tailscaled --port 41641 --state /etc/tailscale/tailscaled.state
 4777 root      1304 S    /bin/sh /etc/rc.common /etc/init.d/tailscale running
 4797 root      794m S    /usr/sbin/tailscaled --cleanup
 4879 root      1172 S    /bin/sh /usr/bin/gl_tailscale set_route
 5313 root      1172 S    grep tail
root@GL-AX1800:~#

It looks as though its being configured via:

/bin/sh /usr/bin/gl_tailscale set_route

My Flint is running f/w 4.2.3-release5. Try adding some custom params to the launching shell script. You might not even need rc.local:

root@GL-AX1800:~# cat /etc/init.d/tailscale
#!/bin/sh /etc/rc.common

# Copyright 2020 Google LLC.
# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
# SPDX-License-Identifier: Apache-2.0

USE_PROCD=1
START=80

start_service() {
  local state_file
  local port
  local std_err std_out

  config_load tailscale
  config_get_bool std_out "settings" log_stdout 1
  config_get_bool std_err "settings" log_stderr 1
  config_get port "settings" port 41641
  config_get state_file "settings" state_file /etc/tailscale/tailscaled.state

  /usr/sbin/tailscaled --cleanup
  config_get enabled "settings" enabled 0
  if [ "$enabled" -eq "1" ];then
        procd_open_instance
        procd_set_param command /usr/sbin/tailscaled

        # Set the port to listen on for incoming VPN packets.
        # Remote nodes will automatically be informed about the new port number,
        # but you might want to configure this in order to set external firewall
        # settings.
        procd_append_param command --port "$port"
        procd_append_param command --state "$state_file"

        # my custom params
        procd_append_param command --advertise-routes "192.168.10.0/23"
        # ... & so on, & so forth....
        # // end my custom params

        procd_set_param respawn
        procd_set_param stdout "$std_out"
        procd_set_param stderr "$std_err"

        procd_close_instance
  fi
}

That wont work unfortunately… The init.d file runs tailscaled not tailscale - there is no --advertise-routes etc for the daemon process. The tailscale binary is the cli interface to the tailscale daemon process.

/usr/bin/gl_tailscale must be running the tailscale up xxxx command after it pulls config info that has been set via the UI.

Yeah I see that now after you posted that dir list. The more I look at this the more it seems all so familar:

This is untested code to enable exit nodes I never got feedback on from someone else but here:

sed '/param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"/a\                        param=“$param --advertise-exit-node --allow-exit-node --allow-routes”' /usr/bin/gl_tailscale >> \
 /usr/bin/gl_tailscale.new && mv /usr/bin/gl_tailscale /usr/bin/gl_tailscale.stock \
&& mv /usr/bin/gl_tailscale.new /usr/bin/gl_tailscale && chmod +x /usr/bin/gl_tailscale

It’ll add more the launch string of /usr/bin/gl_tailscale @ this if statement/code block:

                if [ -n "$exit_node_ip" ];then
                        param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
                        # new params added here by the `sed` search & replace
                fi

You can add your params there or by adding more to the second half of that above sed command.

1 Like

I hadn’t realised /usr/bin/gl_tailscale was a script! I assumed it was a binary - I’ll check out what you have posted above but this will definitely fix things for me.