starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

tailscale GUI on macOS doesn't display exit nodes from headscale #324

New Issue
Closed
opened 2025-12-29 01:26:59 +01:00 by adam · 14 comments
adam commented 2025-12-29 01:26:59 +01:00
Owner
Copy Link

Originally created by @nsauk on GitHub (Sep 14, 2022).

Bug description

I use headscale as a control server and an official tailscale client from the App Store as a client, and I can't choose exit node from the client's GUI, list of available exit nodes is empty.
image

At the same time, I can see the list of exit nodes available and can choose an exit node using CLI:

/Applications/Tailscale.app/Contents/MacOS/Tailscale up --login-server=https://my-headscale --exit-node=apx

As a result, it works great! But in GUI I can see only the chosen exit node and it shown as offline, despite it works correctly:
image
I reported this to tailscale/tailscale#5628 but they suppose that there is a problem in control server:

I bet Headscale isn't setting the online/offline bits or something.

To Reproduce

  1. Install and configure headscale on a remote server (this step may be omitted, please contact me if you'd like to reproduce this using my headscale instance).
  2. Install a Tailscale client on macOS machine.
  3. Configure the Tailscale client using .mobileprofile or a CLI command:
defaults write io.tailscale.ipn.macos ControlURL https://my-headscale
  1. Login to control server and ensure you can see enabled exit nodes using a CLI command:
/Applications/Tailscale.app/Contents/MacOS/Tailscale status
  1. Check the list of exit nodes in GUI.

Actual result
List in GUI is empty.

Expected result
List in GUI contains the same exit nodes as in console.

Context info

Control server: headscale v0.16.4 on CentOS Linux 8
Client: tailscale 1.30.1, App Store version on macOS 12.5.1
Kernel version: 4.18.0-305.12.1.el8_4.x86_64

headscale and caddy configs

Originally created by @nsauk on GitHub (Sep 14, 2022). **Bug description** I use headscale as a control server and an official tailscale client from the App Store as a client, and I can't choose exit node from the client's GUI, list of available exit nodes is empty. <img width="455" alt="image" src="https://user-images.githubusercontent.com/3472119/190027761-74035e06-46f1-4fce-a7de-84cd92a454ec.png"> At the same time, I can see the list of exit nodes available and can choose an exit node using CLI: ```bash /Applications/Tailscale.app/Contents/MacOS/Tailscale up --login-server=https://my-headscale --exit-node=apx ``` As a result, it works great! But in GUI I can see only the chosen exit node and it shown as offline, despite it works correctly: <img width="455" alt="image" src="https://user-images.githubusercontent.com/3472119/190024880-f7ebb55c-1bac-4922-a83c-0cb4c382bf08.png"> I reported this to tailscale/tailscale#5628 but they [suppose that there is a problem in control server](https://github.com/tailscale/tailscale/issues/5628#issuecomment-1246061076): > I bet Headscale isn't setting the online/offline bits or something. **To Reproduce** 1. Install and configure headscale on a remote server (this step may be omitted, please [contact me](mailto:me@nsauk.in) if you'd like to reproduce this using my headscale instance). 2. Install a Tailscale client on macOS machine. 3. Configure the Tailscale client using .mobileprofile or a CLI command: ```bash defaults write io.tailscale.ipn.macos ControlURL https://my-headscale ``` 4. Login to control server and ensure you can see enabled exit nodes using a CLI command: ```bash /Applications/Tailscale.app/Contents/MacOS/Tailscale status ``` 5. Check the list of exit nodes in GUI. **Actual result** List in GUI is empty. **Expected result** List in GUI contains the same exit nodes as in console. **Context info** Control server: headscale v0.16.4 on CentOS Linux 8 Client: tailscale 1.30.1, App Store version on macOS 12.5.1 Kernel version: 4.18.0-305.12.1.el8_4.x86_64 [headscale and caddy configs](https://gist.github.com/nsauk/b95b748535b4c0879c6df319ecbbf544)
adam added the bug label 2025-12-29 01:26:59 +01:00
adam closed this issue 2025-12-29 01:26:59 +01:00
adam commented 2025-12-29 01:26:59 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Sep 21, 2022):

@nsauk hey, can you try to run 0.17.0-alpha2?

@juanfont commented on GitHub (Sep 21, 2022): @nsauk hey, can you try to run 0.17.0-alpha2?
adam commented 2025-12-29 01:27:00 +01:00
Author
Owner
Copy Link

@nsauk commented on GitHub (Sep 21, 2022):

@juanfont issue still reproduced on 0.17.0-alpha2.

@nsauk commented on GitHub (Sep 21, 2022): @juanfont issue still reproduced on 0.17.0-alpha2.
adam commented 2025-12-29 01:27:00 +01:00
Author
Owner
Copy Link

@kazauwa commented on GitHub (Sep 30, 2022):

@nsauk, did you enable routes in headscale CLI? You need to do that in order for an exit node to become available.

headscale routes enable -i <exit node machine id> -a
@kazauwa commented on GitHub (Sep 30, 2022): @nsauk, did you enable routes in headscale CLI? You need to do that in order for an exit node to become available. ``` headscale routes enable -i <exit node machine id> -a ```
adam commented 2025-12-29 01:27:00 +01:00
Author
Owner
Copy Link

@nsauk commented on GitHub (Oct 2, 2022):

@kazauwa yes I did. I have no problems with using these exit nodes, I can choose them with tailscale CLI and routing works, but I can't see them in the UI of macOS client. As I pointed out in the description, I originally reported this to tailscale/tailscale#5628 but they suppose that there is a problem in control server.

@nsauk commented on GitHub (Oct 2, 2022): @kazauwa yes I did. I have no problems with using these exit nodes, I can choose them with tailscale CLI and routing works, but I can't see them in the UI of macOS client. As I pointed out in the description, I originally reported this to tailscale/tailscale#5628 but they suppose that there is a problem in control server.
adam commented 2025-12-29 01:27:01 +01:00
Author
Owner
Copy Link

@nsauk commented on GitHub (Oct 2, 2022):

Hmm, I got it: I use IPv4 routes only and tailscale on macOS doesn't consider such exit nodes as available.
If I enable IPv4+IPv6 routes, I can see an exit node in the macOS' GUI list.
@kazauwa thanks for your command example with the -a parameter.
@juanfont may we know, if this thing is different between tailscale and headscale implementations?

@nsauk commented on GitHub (Oct 2, 2022): Hmm, I got it: I use IPv4 routes only and tailscale on macOS doesn't consider such exit nodes as available. If I enable IPv4+IPv6 routes, I can see an exit node in the macOS' GUI list. @kazauwa thanks for your command example with the `-a` parameter. @juanfont may we know, if this thing is different between tailscale and headscale implementations?
adam commented 2025-12-29 01:27:01 +01:00
Author
Owner
Copy Link

@kazauwa commented on GitHub (Oct 5, 2022):

@nsauk
I'm almost sure that the implementations are the same, because Tailscale docs mention both IPv4 and IPv6 default routes.

@kazauwa commented on GitHub (Oct 5, 2022): @nsauk I'm almost sure that the implementations are the same, because [Tailscale docs](https://tailscale.com/kb/1103/exit-nodes/) mention both IPv4 and IPv6 default routes.
adam commented 2025-12-29 01:27:02 +01:00
Author
Owner
Copy Link

@nsauk commented on GitHub (Oct 5, 2022):

@kazauwa to be honest, I migrated to headscale mostly because of this, I wanted to disable IPv6 completely to avoid all the related problems. But of course if I trade a technical problem on all systems for a visual inconvenience on macOS only, that's a pretty good trade.

At the moment I agree that there is nothing to fix in headscale, so I'm closing the issue. Thank you guys.

@nsauk commented on GitHub (Oct 5, 2022): @kazauwa to be honest, I migrated to headscale mostly because of this, I wanted to disable IPv6 completely to avoid all the related problems. But of course if I trade a technical problem on all systems for a visual inconvenience on macOS only, that's a pretty good trade. At the moment I agree that there is nothing to fix in headscale, so I'm closing the issue. Thank you guys.
adam commented 2025-12-29 01:27:02 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Oct 5, 2022):

We might not be sending all the info for the macOS client. Let's keep it open.

@juanfont commented on GitHub (Oct 5, 2022): We might not be sending all the info for the macOS client. Let's keep it open.
adam commented 2025-12-29 01:27:02 +01:00
Author
Owner
Copy Link

@bradfitz commented on GitHub (Oct 6, 2022):

@juanfont, do you send the Online bool?

@bradfitz commented on GitHub (Oct 6, 2022): @juanfont, do you send the `Online` bool?
adam commented 2025-12-29 01:27:02 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Oct 8, 2022):

@bradfitz apologies for the delay. Yes, we do.

@nsauk are the clients shown online when checking status in the CLI?

@juanfont commented on GitHub (Oct 8, 2022): @bradfitz apologies for the delay. Yes, we do. @nsauk are the clients shown online when checking `status` in the CLI?
adam commented 2025-12-29 01:27:02 +01:00
Author
Owner
Copy Link

@tlpred commented on GitHub (Nov 22, 2022):

@juanfont let me chime in, since I'm also experiencing this issue and was re-creating tailnet for a few times, before I stumbled on this Github issue.
Clients are shown as active but offline from the cli. Same in MacOS app GUI: I can see a dot near client name in Network devices list, indicating it's active, but can't connect to respective exit node(greyed out, says it's offline).
Android client sees exit nodes just ok.

@tlpred commented on GitHub (Nov 22, 2022): @juanfont let me chime in, since I'm also experiencing this issue and was re-creating tailnet for a few times, before I stumbled on this Github issue. Clients are shown as `active` but `offline` from the cli. Same in MacOS app GUI: I can see a dot near client name in `Network devices` list, indicating it's active, but can't connect to respective exit node(greyed out, says it's offline). Android client sees exit nodes just ok.
adam commented 2025-12-29 01:27:03 +01:00
Author
Owner
Copy Link

@rosejn commented on GitHub (Jan 19, 2023):

Just checking in on this. I've now tried with the last 3 release versions of headscale up to the most recent 0.19.0-beta1, and on OSX the exit node shows in the UI after logging in from the terminal only the first time. After selecting not to use the exit node though, it disappears from the menu so I can't go back to using it. When I try to re-run the tailscale up command specifying the exit node I get an error saying the node is not advertising an exit node, even though nothing changed on the server or the exit node client. The only way I've figured out to make it work again is to restart the headscale server and login again, requiring the full setup procedure, but then I only get one session with the exit node. (Not sure whether the headscale restart or client re-auth is the key operation, so I'll figure that out and update my comment.). The route is configured properly because I have used the exit node successfully many times, and all our linux clients work fine.

I'm happy to help debug if there's anything I can do, log, etc...

@rosejn commented on GitHub (Jan 19, 2023): Just checking in on this. I've now tried with the last 3 release versions of headscale up to the most recent 0.19.0-beta1, and on OSX the exit node shows in the UI after logging in from the terminal only the first time. After selecting not to use the exit node though, it disappears from the menu so I can't go back to using it. When I try to re-run the tailscale up command specifying the exit node I get an error saying the node is not advertising an exit node, even though nothing changed on the server or the exit node client. The only way I've figured out to make it work again is to restart the headscale server and login again, requiring the full setup procedure, but then I only get one session with the exit node. (Not sure whether the headscale restart or client re-auth is the key operation, so I'll figure that out and update my comment.). The route is configured properly because I have used the exit node successfully many times, and all our linux clients work fine. I'm happy to help debug if there's anything I can do, log, etc...
adam commented 2025-12-29 01:27:03 +01:00
Author
Owner
Copy Link

@rosejn commented on GitHub (Jan 20, 2023):

OK, so I'm wondering if this might be related to IPv4 vs IPv6 issues. When I copy the exit node's address via the UI menu in tailscale it copies an IPv6 addr. On the headscale server the only route I had enable was the IPv4 route. When I checked the tailscale status --json from my OSX client it showed that the exit node machine was not advertising as an exit node. (Even though we have been successfully using it as an exit node for weeks with these settings... consistently in Linux, but spotty on OSX.). Noticing the route I enabled the IPv6 route on the headscale server. Now when I check the status from the OSX client it shows the machine as advertising as an ExitNode, it also shows in the tailscale UI, and I'm successfully using it again.

Hopefully this helps point to where the bug may lie. Thanks for creating headscale!

@rosejn commented on GitHub (Jan 20, 2023): OK, so I'm wondering if this might be related to IPv4 vs IPv6 issues. When I copy the exit node's address via the UI menu in tailscale it copies an IPv6 addr. On the headscale server the only route I had enable was the IPv4 route. When I checked the ```tailscale status --json``` from my OSX client it showed that the exit node machine was not advertising as an exit node. (Even though we have been successfully using it as an exit node for weeks with these settings... consistently in Linux, but spotty on OSX.). Noticing the route I enabled the IPv6 route on the headscale server. Now when I check the status from the OSX client it shows the machine as advertising as an ExitNode, it also shows in the tailscale UI, and I'm successfully using it again. Hopefully this helps point to where the bug may lie. Thanks for creating headscale!
adam commented 2025-12-29 01:27:03 +01:00
Author
Owner
Copy Link

@bradfitz commented on GitHub (Jan 21, 2023):

I'm not following this bug closely (nor do I use Headscale) but keep in mind that Tailscale only considers a node to be an exit node if it advertises both the IPv4 0.0.0.0/0 and IPv6 ::/0 route:

988801d5d9/net/tsaddr/tsaddr.go (L247-L259)

(This has nothing to do with whether the exit node actually has IPv6 access itself, but it needs to advertise the route)

@bradfitz commented on GitHub (Jan 21, 2023): I'm not following this bug closely (nor do I use Headscale) but keep in mind that Tailscale only considers a node to be an exit node if it advertises both the IPv4 `0.0.0.0/0` and IPv6 `::/0` route: https://github.com/tailscale/tailscale/blob/988801d5d97287a276fc74cddb09a0e0ddf8afb7/net/tsaddr/tsaddr.go#L247-L259 (This has nothing to do with whether the exit node actually has IPv6 access itself, but it needs to advertise the route)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#324
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?