starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-12 04:10:32 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

Is subnet routing supported? #33

New Issue
Closed
opened 2025-12-29 01:20:29 +01:00 by adam · 11 comments
adam commented 2025-12-29 01:20:29 +01:00
Owner
Copy Link

Originally created by @Probotect0r on GitHub (Sep 21, 2021).

Hello,

Thanks for creating this project.

I want to do what's outlined in this article: https://tailscale.com/kb/1021/install-aws/. Is that supported?

I set up headscale and tailscale on an EC2 instance in a public subnet of my VPC, and was able to connect to it from my local machine without a problem. However I am not able to route traffic through this instance to other resources in my private subnet. Following the steps in the linked article works with the tailscale server, so my networking and security group are set up correctly. Step number 5 in the article requires using the Admin console to authorize subnet routes on the EC2 instance. Is that required with headscale and if so, is it possible to do it given that headscale doesn't have an admin console?

I am using the MacOS client on my local machine.

Thanks

Originally created by @Probotect0r on GitHub (Sep 21, 2021). Hello, Thanks for creating this project. I want to do what's outlined in this article: https://tailscale.com/kb/1021/install-aws/. Is that supported? I set up headscale and tailscale on an EC2 instance in a public subnet of my VPC, and was able to connect to it from my local machine without a problem. However I am not able to route traffic through this instance to other resources in my private subnet. Following the steps in the linked article works with the tailscale server, so my networking and security group are set up correctly. Step number 5 in the article requires using the Admin console to authorize subnet routes on the EC2 instance. Is that required with headscale and if so, is it possible to do it given that headscale doesn't have an admin console? I am using the MacOS client on my local machine. Thanks
adam added the bug label 2025-12-29 01:20:29 +01:00
adam closed this issue 2025-12-29 01:20:29 +01:00
adam commented 2025-12-29 01:20:30 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Sep 22, 2021):

@Probotect0r yep, it is supported. You have to use the CLI client.

headscale -n NAMESPACE routes list NODENAME
headscale -n NAMESPACE routes enable NODENAME ROUTE

Can you give it a try?

@juanfont commented on GitHub (Sep 22, 2021): @Probotect0r yep, it is supported. You have to use the CLI client. ``` headscale -n NAMESPACE routes list NODENAME headscale -n NAMESPACE routes enable NODENAME ROUTE ``` Can you give it a try?
adam commented 2025-12-29 01:20:30 +01:00
Author
Owner
Copy Link

@Probotect0r commented on GitHub (Sep 22, 2021):

@juanfont
Thanks for the response. Unfortunately it's not working for me. Here is what I have done:

Enable the route and start headscale server:

headscale -n myfirstnamespace routes enable NODENAME 10.1.0.0/16
headscale serve

Run tailscale:

sudo tailscale up --login-server http://localhost:8080 --advertise-routes=10.1.0.0/16

Run MacOS client. It connects successfully.

/Applications/Tailscale.app/Contents/MacOS/Tailscale up -login-server http://myserver:8080 --accept-routes --authkey myauthkey

Then I am trying to run this from my Mac, but it is not responding. This same command works when I run it on the EC2 instance running Tailscale.

curl http://10.1.16.253:4000/

Note that Tailscale and Headscale are running on the same EC2 instance, hence the use of localhost for login-server when starting tailscale.

Any ideas what I am doing wrong?

@Probotect0r commented on GitHub (Sep 22, 2021): @juanfont Thanks for the response. Unfortunately it's not working for me. Here is what I have done: Enable the route and start headscale server: ``` headscale -n myfirstnamespace routes enable NODENAME 10.1.0.0/16 headscale serve ``` Run tailscale: ``` sudo tailscale up --login-server http://localhost:8080 --advertise-routes=10.1.0.0/16 ``` Run MacOS client. It connects successfully. ``` /Applications/Tailscale.app/Contents/MacOS/Tailscale up -login-server http://myserver:8080 --accept-routes --authkey myauthkey ``` Then I am trying to run this from my Mac, but it is not responding. This same command works when I run it on the EC2 instance running Tailscale. ``` curl http://10.1.16.253:4000/ ``` Note that Tailscale and Headscale are running on the same EC2 instance, hence the use of `localhost` for login-server when starting tailscale. Any ideas what I am doing wrong?
adam commented 2025-12-29 01:20:31 +01:00
Author
Owner
Copy Link

@Probotect0r commented on GitHub (Sep 22, 2021):

I seem to be able to ping the host via tailscale:

/Applications/Tailscale.app/Contents/MacOS/Tailscale ping 10.1.16.253
pong from ip-10-1-71-161 (100.64.0.1) via 18.117.81.172:41641 in 32ms

Do I have to do something in the Tailscale client to specifically connect to the EC2 instance?

Edit:
Actually, I can't even seem to connect to the EC2 instance itself via SSH over Tailscale, so maybe something else is not working.

@Probotect0r commented on GitHub (Sep 22, 2021): I seem to be able to ping the host via tailscale: ``` /Applications/Tailscale.app/Contents/MacOS/Tailscale ping 10.1.16.253 pong from ip-10-1-71-161 (100.64.0.1) via 18.117.81.172:41641 in 32ms ``` Do I have to do something in the Tailscale client to specifically connect to the EC2 instance? Edit: Actually, I can't even seem to connect to the EC2 instance itself via SSH over Tailscale, so maybe something else is not working.
adam commented 2025-12-29 01:20:31 +01:00
Author
Owner
Copy Link

@a1ad commented on GitHub (Oct 28, 2021):

I don't have this issue. Do you still have this? Are you running tailscale and headscale on the same server? (sudo tailscale up --login-server http://localhost:8080) using localhost on the client suggest just that?

@a1ad commented on GitHub (Oct 28, 2021): I don't have this issue. Do you still have this? Are you running tailscale and headscale on the same server? (sudo tailscale up --login-server http://localhost:8080) using localhost on the client suggest just that?
adam commented 2025-12-29 01:20:32 +01:00
Author
Owner
Copy Link

@juanfont commented on GitHub (Oct 28, 2021):

I am going to close this. We haven being able to replicate it.

@juanfont commented on GitHub (Oct 28, 2021): I am going to close this. We haven being able to replicate it.
adam commented 2025-12-29 01:20:32 +01:00
Author
Owner
Copy Link

@Probotect0r commented on GitHub (Oct 28, 2021):

I couldn't get it working so I abandoned my efforts.

@Probotect0r commented on GitHub (Oct 28, 2021): I couldn't get it working so I abandoned my efforts.
adam commented 2025-12-29 01:20:33 +01:00
Author
Owner
Copy Link

@weironz commented on GitHub (Jun 29, 2022):

dont give up

查看注册的节点列表

/ # headscale nodes ls
ID | Name        | NodeKey | Namespace        | IP addresses                  | Ephemeral | Last seen           | Online | Expired
1  | will-laptop | [YC7fY] | myfirstnamespace | fd7a:115c:a1e0::1, 100.64.0.1 | false     | 2022-06-29 11:36:12 | online | no     
2  | willpc      | [VLyBR] | myfirstnamespace | fd7a:115c:a1e0::2, 100.64.0.2 | false     | 2022-06-29 11:36:42 | online | no

删除节点


# headscale nodes delete -i 2

查看客户端发布的subnet

/ # headscale nodes routes list -i 2
Route           | Enabled
192.168.72.0/24 | false  
192.168.93.0/24 | false

启用客户端发布的subnet

/ # headscale nodes routes enable -i 2 -r 192.168.93.0/24,192.168.72.0/24
Route           | Enabled
192.168.72.0/24 | true   
192.168.93.0/24 | true
@weironz commented on GitHub (Jun 29, 2022): dont give up 查看注册的节点列表 ```bash / # headscale nodes ls ID | Name | NodeKey | Namespace | IP addresses | Ephemeral | Last seen | Online | Expired 1 | will-laptop | [YC7fY] | myfirstnamespace | fd7a:115c:a1e0::1, 100.64.0.1 | false | 2022-06-29 11:36:12 | online | no 2 | willpc | [VLyBR] | myfirstnamespace | fd7a:115c:a1e0::2, 100.64.0.2 | false | 2022-06-29 11:36:42 | online | no ``` 删除节点 ```bash # headscale nodes delete -i 2 ``` 查看客户端发布的subnet ```bash / # headscale nodes routes list -i 2 Route | Enabled 192.168.72.0/24 | false 192.168.93.0/24 | false ``` 启用客户端发布的subnet ```bash / # headscale nodes routes enable -i 2 -r 192.168.93.0/24,192.168.72.0/24 Route | Enabled 192.168.72.0/24 | true 192.168.93.0/24 | true ```
adam commented 2025-12-29 01:20:34 +01:00
Author
Owner
Copy Link

@lqqkk commented on GitHub (Aug 9, 2022):

I had the same problem. Changed route to TRUE as follows:

Route | Enabled
0.0.0.0/0 | false
::/0 | false
192.168.50.0/24 | true

But the subnet still doesn't work. What else needs to be configured?

@lqqkk commented on GitHub (Aug 9, 2022): I had the same problem. Changed route to TRUE as follows: Route | Enabled 0.0.0.0/0 | false ::/0 | false 192.168.50.0/24 | true But the subnet still doesn't work. What else needs to be configured?
adam commented 2025-12-29 01:20:34 +01:00
Author
Owner
Copy Link

@iamid0 commented on GitHub (Sep 17, 2022):

Need to enable ip_forward on the server which advertises the custom route.

@iamid0 commented on GitHub (Sep 17, 2022): Need to enable ip_forward on the server which advertises the custom route.
adam commented 2025-12-29 01:20:34 +01:00
Author
Owner
Copy Link

@Nothend commented on GitHub (Feb 26, 2023):

thanks a lot buddy ! I have a question , my headscale is installed in docker-compose , when i send the command "docker exec -it headscale headscale nodes routes list -i 2" , it shows "Error: unknown shorthand flag: 'i' in -i"

image

but when i send the command " docker exec -it headscale headscale nodes ls" ,it works right .
image

and the command "docker exec -it headscale /bin/sh " , it shows "OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown" .

it seems the command "routes" is not supportted in docker ?

please help me , thanks a lot

@Nothend commented on GitHub (Feb 26, 2023): > thanks a lot buddy ! I have a question , my headscale is installed in docker-compose , when i send the command "docker exec -it headscale headscale nodes routes list -i 2" , it shows "Error: unknown shorthand flag: 'i' in -i" ![image](https://user-images.githubusercontent.com/73117056/221402653-5650f766-3df6-48a7-a047-774872b7f036.png) but when i send the command " docker exec -it headscale headscale nodes ls" ,it works right . ![image](https://user-images.githubusercontent.com/73117056/221402755-7f2de82c-1037-48db-a5af-a97dd76d7706.png) and the command "docker exec -it headscale /bin/sh " , it shows "OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown" . it seems the command "routes" is not supportted in docker ? please help me , thanks a lot
adam commented 2025-12-29 01:20:35 +01:00
Author
Owner
Copy Link

@unknown1818 commented on GitHub (Dec 9, 2023):

thanks a lot buddy ! I have a question , my headscale is installed in docker-compose , when i send the command "docker exec -it headscale headscale nodes routes list -i 2" , it shows "Error: unknown shorthand flag: 'i' in -i"

image

but when i send the command " docker exec -it headscale headscale nodes ls" ,it works right . image

and the command "docker exec -it headscale /bin/sh " , it shows "OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown" .

it seems the command "routes" is not supportted in docker ?

please help me , thanks a lot

you need to use
sudo docker exec headscale headscale routes list
command
or to enable by ID 1
sudo docker exec headscale headscale routes enable -r 1

@unknown1818 commented on GitHub (Dec 9, 2023): > > > > thanks a lot buddy ! I have a question , my headscale is installed in docker-compose , when i send the command "docker exec -it headscale headscale nodes routes list -i 2" , it shows "Error: unknown shorthand flag: 'i' in -i" > > ![image](https://user-images.githubusercontent.com/73117056/221402653-5650f766-3df6-48a7-a047-774872b7f036.png) > > but when i send the command " docker exec -it headscale headscale nodes ls" ,it works right . ![image](https://user-images.githubusercontent.com/73117056/221402755-7f2de82c-1037-48db-a5af-a97dd76d7706.png) > > and the command "docker exec -it headscale /bin/sh " , it shows "OCI runtime exec failed: exec failed: unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown" . > > it seems the command "routes" is not supportted in docker ? > > please help me , thanks a lot you need to use `sudo docker exec headscale headscale routes list` command or to enable by ID 1 `sudo docker exec headscale headscale routes enable -r 1`
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#33
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?