starred/headscale
1
0
Fork 0
mirror of https://github.com/juanfont/headscale.git synced 2026-01-11 20:00:28 +01:00
Code Issues 98 Packages Projects Releases 10 Wiki Activity

[BUG] Linux Clients Frequently Disconnect v1.78.1 #911

New Issue
Closed
opened 2025-12-29 02:25:49 +01:00 by adam · 17 comments
adam commented 2025-12-29 02:25:49 +01:00
Owner
Copy Link

Originally created by @MeCJay12 on GitHub (Jan 20, 2025).

Is this a support request?

  • This is not a support request

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

I have 23 clients connected to a Headscale server. Some of the clients have no issues but many of the clients will disconnect and go offline after some time. Some clients it happens immediately after connecting and others is happens after some time. The issue seems to be 1.78.1 on Linux.

Ubuntu 22.04.5: 4 clients (1.78.1), disconnect after medium to long time
Debian 12: 5 clients (1.78.1), disconnect after medium to long time
Debian 11/Pi 4: 1 client (1.78.1), disconnect after medium to long time

Android: 2 clients (1.78.3), maybe issue but hard to tell with sleep and wake
Docker (on above Ubuntu): 4 clients (1.78.3), no issue
Windows 11 24H2: 1 client (1.78.1), no issue
Synology: 2 clients (1.58.2), no issue

I tried running tailscale bugreport on my broken nodes but I got back BUG-NO-LOGS-NO-SUPPORT-this-node-has-had-its-logging-disabled and I'm unsure how to change it. I also noticed that re-running tailscale login would reconnect the client for a time but running down && up did not.

Expected Behavior

Clients should connect and, as long as they stay online, stay connected to Headscale.

Steps To Reproduce

I followed the Tailscale install guides for each client then ran tailscale login --login-server https://hs.example.com

Environment

- OS: Ubuntu 22.04.5, Debian 11/12
- Headscale version: 0.4.1
- Tailscale version: 1.78.1

Runtime environment

  • Headscale is behind a (reverse) proxy
  • Headscale runs in a container

Anything else?

config.yaml.txt
Debian11.json
Debian12.json
Ubuntu.json

Originally created by @MeCJay12 on GitHub (Jan 20, 2025). ### Is this a support request? - [x] This is not a support request ### Is there an existing issue for this? - [x] I have searched the existing issues ### Current Behavior I have 23 clients connected to a Headscale server. Some of the clients have no issues but many of the clients will disconnect and go offline after some time. Some clients it happens immediately after connecting and others is happens after some time. The issue seems to be 1.78.1 on Linux. Ubuntu 22.04.5: 4 clients (1.78.1), disconnect after medium to long time Debian 12: 5 clients (1.78.1), disconnect after medium to long time Debian 11/Pi 4: 1 client (1.78.1), disconnect after medium to long time Android: 2 clients (1.78.3), maybe issue but hard to tell with sleep and wake Docker (on above Ubuntu): 4 clients (1.78.3), no issue Windows 11 24H2: 1 client (1.78.1), no issue Synology: 2 clients (1.58.2), no issue I tried running `tailscale bugreport` on my broken nodes but I got back `BUG-NO-LOGS-NO-SUPPORT-this-node-has-had-its-logging-disabled` and I'm unsure how to change it. I also noticed that re-running tailscale login would reconnect the client for a time but running down && up did not. ### Expected Behavior Clients should connect and, as long as they stay online, stay connected to Headscale. ### Steps To Reproduce I followed the [Tailscale install guides](https://tailscale.com/kb/1031/install-linux) for each client then ran `tailscale login --login-server https://hs.example.com` ### Environment ```markdown - OS: Ubuntu 22.04.5, Debian 11/12 - Headscale version: 0.4.1 - Tailscale version: 1.78.1 ``` ### Runtime environment - [x] Headscale is behind a (reverse) proxy - [x] Headscale runs in a container ### Anything else? [config.yaml.txt](https://github.com/user-attachments/files/18472537/config.yaml.txt) [Debian11.json](https://github.com/user-attachments/files/18472530/Debian11.json) [Debian12.json](https://github.com/user-attachments/files/18472529/Debian12.json) [Ubuntu.json](https://github.com/user-attachments/files/18472528/Ubuntu.json)
adam added the questionstalebug labels 2025-12-29 02:25:49 +01:00
adam closed this issue 2025-12-29 02:25:50 +01:00
adam commented 2025-12-29 02:25:50 +01:00
Author
Owner
Copy Link

@MeCJay12 commented on GitHub (Jan 20, 2025):

Tailscale Bug

@MeCJay12 commented on GitHub (Jan 20, 2025): [Tailscale Bug](https://github.com/tailscale/tailscale/issues/14692)
adam commented 2025-12-29 02:25:50 +01:00
Author
Owner
Copy Link

@kradalby commented on GitHub (Jan 20, 2025):

@MeCJay12 Have you tried using Tailscale SaaS and still have this problem? If not, please do not file issues with Tailscale, there is no point for us to put work on them if it is a problem with Headscale.

@kradalby commented on GitHub (Jan 20, 2025): @MeCJay12 Have you tried using Tailscale SaaS and still have this problem? If not, please do not file issues with Tailscale, there is no point for us to put work on them if it is a problem with Headscale.
adam commented 2025-12-29 02:25:51 +01:00
Author
Owner
Copy Link

@MeCJay12 commented on GitHub (Jan 21, 2025):

@kradalby While I have not used Tailscale SaaS, I opened a bug with both because it seems like a bug in the Linux Tailscale client.

@MeCJay12 commented on GitHub (Jan 21, 2025): @kradalby While I have not used Tailscale SaaS, I opened a bug with both because it seems like a bug in the Linux Tailscale client.
adam commented 2025-12-29 02:25:51 +01:00
Author
Owner
Copy Link

@kradalby commented on GitHub (Jan 23, 2025):

I opened a bug with both because it seems like a bug in the Linux Tailscale client.

If you have not tested it with Tailscale, it might only be a Headscale until you have tested that, and we try to maintain a good relationship with them by not driving more work than needed towards them.

The bare minimum would be to first establish if it happens with both, and then you can escalate it to Tailscale.

Generating noise in their issue tracker that they cannot debug because it is not connected to their infra is putting us in a bad light.

@kradalby commented on GitHub (Jan 23, 2025): > I opened a bug with both because it seems like a bug in the Linux Tailscale client. If you have not tested it with Tailscale, it might only be a Headscale until you have tested that, and we try to maintain a good relationship with them by not driving more work than needed towards them. The bare minimum would be to first establish if it happens with both, and then you can escalate it to Tailscale. Generating noise in their issue tracker that they cannot debug because it is not connected to their infra is putting us in a bad light.
adam commented 2025-12-29 02:25:51 +01:00
Author
Owner
Copy Link

@thagoat commented on GitHub (Feb 8, 2025):

Also started to see this issue with 1.78 and with 1.80 it is much worse. All linux clients offine everydat unless I set a cron job to restart the headscale.service multiple times per day.

@thagoat commented on GitHub (Feb 8, 2025): Also started to see this issue with 1.78 and with 1.80 it is much worse. All linux clients offine everydat unless I set a cron job to restart the headscale.service multiple times per day.
adam commented 2025-12-29 02:25:51 +01:00
Author
Owner
Copy Link

@nblock commented on GitHub (Feb 8, 2025):

Also started to see this issue with 1.78 and with 1.80 it is much worse. All linux clients offine everydat unless I set a cron job to restart the headscale.service multiple times per day.

Please provide logs from headscale and more information for tailscale clients where you experience this, e.g.:

  • Service logs sudo journalctl -u tailscaled
  • Netcheck: tailscale netcheck
  • Any health issues in: tailscale status ?
  • DNS status: sudo tailscale dns status
  • Which OS?

Can you test with Tailscale SaaS? Can you reproduce it there, too?

Please use proper markdown formatting or use attachments.

@nblock commented on GitHub (Feb 8, 2025): > Also started to see this issue with 1.78 and with 1.80 it is much worse. All linux clients offine everydat unless I set a cron job to restart the headscale.service multiple times per day. Please provide logs from headscale and more information for tailscale clients where you experience this, e.g.: * Service logs `sudo journalctl -u tailscaled` * Netcheck: `tailscale netcheck` * Any health issues in: `tailscale status` ? * DNS status: `sudo tailscale dns status` * Which OS? Can you test with Tailscale SaaS? Can you reproduce it there, too? Please use proper markdown formatting or use attachments.
adam commented 2025-12-29 02:25:52 +01:00
Author
Owner
Copy Link

@thagoat commented on GitHub (Feb 8, 2025):

Feb 08 02:03:29 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:03:44 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:03:44 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:03:54 tc tailscaled[416]: control: lite map update error after 8.659s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:04:21 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:04:21 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:04:31 tc tailscaled[416]: control: lite map update error after 8.658s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:04:50 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:04:51 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:05:00 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:05:15 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:05:15 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:05:25 tc tailscaled[416]: control: lite map update error after 3.06s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:06:08 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:06:09 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:06:18 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:06:33 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:06:33 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:06:49 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:06:59 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:07:14 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:07:14 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:07:26 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:07:36 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:07:43 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:07:43 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:08:04 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:08:12 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:08:14 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:08:50 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:08:59 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:09:00 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:09:22 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:09:32 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:09:33 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:09:33 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:10:11 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:10:16 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:10:21 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:10:58 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:10:58 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:11:08 tc tailscaled[416]: control: lite map update error after 6.157s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:11:32 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:11:42 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:11:44 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:11:44 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:12:10 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:12:20 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:12:30 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:12:30 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:12:49 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial
Feb 08 02:12:59 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:13:06 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded
Feb 08 02:13:06 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial

journalctl
2025/02/08 02:13:46 portmap: [v1] Got PMP response; IP: 72.9.21.17, epoch: 429182
2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n"
2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n"
2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: "http://schemas.upnp.org/upnp/1/0/"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n"
2025/02/08 02:13:47 portmap: UPnP meta changed: [{Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}]

Report:
* Time: 2025-02-08T07:13:47.198841933Z
* UDP: true
* IPv4: yes, 72.9.21.17:46882
* IPv6: no, but OS has support
* MappingVariesByDestIP: false
* PortMapping: UPnP, NAT-PMP
* Nearest DERP: New York City
* DERP latency:
- nyc: 34.1ms (New York City)
- tor: 45.1ms (Toronto)
- iad: 45.9ms (Ashburn)
- ord: 46.4ms (Chicago)
- dfw: 63.3ms (Dallas)
- den: 66.6ms (Denver)
- mia: 72.2ms (Miami)
- sfo: 88.8ms (San Francisco)
- sea: 89.4ms (Seattle)
- lax: 94.4ms (Los Angeles)
- lhr: 96.4ms (London)
- par: 99.1ms (Paris)
- fra: 104.6ms (Frankfurt)
- ams: 108.1ms (Amsterdam)
- mad: 111ms (Madrid)
- nue: 112.6ms (Nuremberg)
- waw: 124.3ms (Warsaw)
- hnl: 143.1ms (Honolulu)
- sao: 167.1ms (São Paulo)
- tok: 179.5ms (Tokyo)
- dbi: 207.9ms (Dubai)
- hkg: 237.5ms (Hong Kong)
- sin: (Singapore)
- syd: (Sydney)
- blr: (Bangalore)
- jnb: (Johannesburg)
- nai: (Nairobi)

Netcheck
=== 'Use Tailscale DNS' status ===

Tailscale DNS: enabled.

Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.

=== MagicDNS configuration ===

This is the DNS configuration provided by the coordination server to this device.

MagicDNS: enabled tailnet-wide (suffix = dns.thagoat.xyz)

Other devices in your tailnet can reach this device at tc.dns.thagoat.xyz

Failed to fetch network map: Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator
Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator

Use 'sudo tailscale dns status' or 'tailscale up --operator=$USER' to not require root.

DNS Status

Linux OS (Archlinux, Ubuntu Arm)

Haven't used SaaS

@thagoat commented on GitHub (Feb 8, 2025): <code>Feb 08 02:03:29 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:03:44 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:03:44 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:03:54 tc tailscaled[416]: control: lite map update error after 8.659s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:04:21 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:04:21 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:04:31 tc tailscaled[416]: control: lite map update error after 8.658s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:04:50 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:04:51 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:05:00 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:05:15 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:05:15 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:05:25 tc tailscaled[416]: control: lite map update error after 3.06s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:06:08 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:06:09 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:06:18 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:06:33 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:06:33 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:06:49 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:06:59 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:07:14 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:07:14 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:07:26 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:07:36 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:07:43 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:07:43 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:08:04 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:08:12 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:08:14 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:08:50 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:08:59 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:09:00 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:09:22 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:09:32 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:09:33 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:09:33 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:10:11 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:10:16 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:10:21 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:10:58 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:10:58 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:11:08 tc tailscaled[416]: control: lite map update error after 6.157s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:11:32 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:11:42 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:11:44 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:11:44 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:12:10 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:12:20 tc tailscaled[416]: control: lite map update error after 10.002s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:12:30 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:12:30 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:12:49 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial Feb 08 02:12:59 tc tailscaled[416]: control: lite map update error after 10.001s: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:13:06 tc tailscaled[416]: Received error: PollNetMap: Post "https://thagoat.xyz:8080/machine/map": connection attempts aborted by context: context deadline exceeded Feb 08 02:13:06 tc tailscaled[416]: control: controlhttp: forcing port 443 dial due to recent noise dial </code> journalctl <code>2025/02/08 02:13:46 portmap: [v1] Got PMP response; IP: 72.9.21.17, epoch: 429182 2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n" 2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n" 2025/02/08 02:13:46 portmap: [v1] UPnP reply {Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}, "HTTP/1.1 200 OK\r\nCACHE-CONTROL: max-age=120\r\nST: urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nUSN: uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1\r\nEXT:\r\nSERVER: TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8\r\nLOCATION: http://192.168.0.1:1900/cxnom/rootDesc.xml\r\nOPT: \"http://schemas.upnp.org/upnp/1/0/\"; ns=01\r\n01-NLS: 1\r\nBOOTID.UPNP.ORG: 1\r\nCONFIGID.UPNP.ORG: 1337\r\n\r\n" 2025/02/08 02:13:47 portmap: UPnP meta changed: [{Location:http://192.168.0.1:1900/cxnom/rootDesc.xml Server:TP-LINK/TP-LINK UPnP/1.1 MiniUPnPd/1.8 USN:uuid:f4ee5508-faa5-4e75-825c-2293dbf47fac::urn:schemas-upnp-org:device:InternetGatewayDevice:1}] Report: * Time: 2025-02-08T07:13:47.198841933Z * UDP: true * IPv4: yes, 72.9.21.17:46882 * IPv6: no, but OS has support * MappingVariesByDestIP: false * PortMapping: UPnP, NAT-PMP * Nearest DERP: New York City * DERP latency: - nyc: 34.1ms (New York City) - tor: 45.1ms (Toronto) - iad: 45.9ms (Ashburn) - ord: 46.4ms (Chicago) - dfw: 63.3ms (Dallas) - den: 66.6ms (Denver) - mia: 72.2ms (Miami) - sfo: 88.8ms (San Francisco) - sea: 89.4ms (Seattle) - lax: 94.4ms (Los Angeles) - lhr: 96.4ms (London) - par: 99.1ms (Paris) - fra: 104.6ms (Frankfurt) - ams: 108.1ms (Amsterdam) - mad: 111ms (Madrid) - nue: 112.6ms (Nuremberg) - waw: 124.3ms (Warsaw) - hnl: 143.1ms (Honolulu) - sao: 167.1ms (São Paulo) - tok: 179.5ms (Tokyo) - dbi: 207.9ms (Dubai) - hkg: 237.5ms (Hong Kong) - sin: (Singapore) - syd: (Sydney) - blr: (Bangalore) - jnb: (Johannesburg) - nai: (Nairobi) </code> Netcheck <code>=== 'Use Tailscale DNS' status === Tailscale DNS: enabled. Tailscale is configured to handle DNS queries on this device. Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver. === MagicDNS configuration === This is the DNS configuration provided by the coordination server to this device. MagicDNS: enabled tailnet-wide (suffix = dns.thagoat.xyz) Other devices in your tailnet can reach this device at tc.dns.thagoat.xyz Failed to fetch network map: Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator Access denied: watch IPN bus access denied, must set ipn.NotifyNoPrivateKeys when not running as admin/root or operator Use 'sudo tailscale dns status' or 'tailscale up --operator=$USER' to not require root. </code> DNS Status Linux OS (Archlinux, Ubuntu Arm) Haven't used SaaS
adam commented 2025-12-29 02:25:52 +01:00
Author
Owner
Copy Link

@nblock commented on GitHub (Feb 8, 2025):

@thagoat please use proper markdown formatting, preferably post logs as attachment. Also, run the dns status via sudo: sudo tailscale dns status.

Please provide your headscale configuration and also logs from headscale.

Please provide the full log since tailscale start (as attachment).

@nblock commented on GitHub (Feb 8, 2025): @thagoat please use proper markdown formatting, preferably post logs as attachment. Also, run the dns status via sudo: `sudo tailscale dns status`. Please provide your headscale configuration and also logs from headscale. Please provide the *full log* since tailscale start (as attachment).
adam commented 2025-12-29 02:25:52 +01:00
Author
Owner
Copy Link

@MeCJay12 commented on GitHub (Feb 8, 2025):

sudo journalctl -u tailscaled

270k lines. Too large to upload. See here.

tailscale netcheck


Report:
	* Time: 2025-02-08T17:21:37.457183435Z
	* UDP: true
	* IPv4: yes, <public_ip>:60742
	* IPv6: no, but OS has support
	* MappingVariesByDestIP: false
	* PortMapping: 
	* Nearest DERP: Chicago
	* DERP latency:
		- ord: 36ms    (Chicago)
		- tor: 39.1ms  (Toronto)
		- iad: 46.3ms  (Ashburn)
		- nyc: 49.9ms  (New York City)
		- dfw: 53.4ms  (Dallas)
		- mia: 57ms    (Miami)
		- den: 63.9ms  (Denver)
		- sfo: 82.2ms  (San Francisco)
		- lax: 84.5ms  (Los Angeles)
		- sea: 98.3ms  (Seattle)
		- hnl: 113.8ms (Honolulu)
		- par: 114.6ms (Paris)
		- lhr: 116.5ms (London)
		- fra: 118.6ms (Frankfurt)
		- ams: 119.3ms (Amsterdam)
		- mad: 126.2ms (Madrid)
		- waw: 133.4ms (Warsaw)
		- nue: 143.8ms (Nuremberg)
		- sao: 147.2ms (São Paulo)
		- tok: 184.6ms (Tokyo)
		- syd: 217ms   (Sydney)
		- dbi: 219.5ms (Dubai)
		- hkg: 230.8ms (Hong Kong)
		- jnb: 255.8ms (Johannesburg)
		- sin:         (Singapore)
		- blr:         (Bangalore)
		- nai:         (Nairobi)

tailscale status

# Health check:
#     - Unable to connect to the Tailscale coordination server to synchronize the state of your tailnet. Peer reachability might degrade over time.

^ Goes away for awhile after restarting Tailscale

sudo tailscale dns status


=== 'Use Tailscale DNS' status ===

Tailscale DNS: enabled.

Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.

=== MagicDNS configuration ===

This is the DNS configuration provided by the coordination server to this device.

MagicDNS: disabled tailnet-wide.

Resolvers (in preference order):
  - fd7a:115c:a1e0::16
  - fd7a:115c:a1e0::17
  - fd7a:115c:a1e0::18
  - fd7a:115c:a1e0::19
  - 100.64.0.22
  - 100.64.0.23
  - 100.64.0.24
  - 100.64.0.25

Split DNS Routes:
  (no routes configured: split DNS disabled)

Search Domains:
  - example.com
  - headscale

=== System DNS configuration ===

This is the DNS configuration that Tailscale believes your operating system is using.
Tailscale may use this configuration if 'Override Local DNS' is disabled in the admin console,
or if no resolvers are provided by the coordination server.

Nameservers:
  - 127.0.0.1
  - 192.168.2.5
  - 192.168.255.251
  - 192.168.255.253
  - fc00:0:0:2::5
  - fc00:0:0:255::251
  - fc00:0:0:255::253
  - fc00:0:0:2::4
  - fd00:976a::9
  - fd00:976a::10
  - fd00:976a::9
  - fd00:976a::10

Search domains:
  - example.com

[this is a preliminary version of this command; the output format may change in the future]

Headscale Config

server_url: https://hs.example.com
listen_addr: 0.0.0.0:8080
metrics_listen_addr: 0.0.0.0:9090
grpc_listen_addr: 0.0.0.0:50443
grpc_allow_insecure: false
noise:
  private_key_path: /var/lib/headscale/noise_private.key
prefixes:
  v4: 100.64.0.0/24
  v6: fd7a:115c:a1e0::/64
  allocation: sequential
derp:
  server:
    enabled: false
  urls:
    - https://controlplane.tailscale.com/derpmap/default
  auto_update_enabled: true
  update_frequency: 24h
  disable_check_updates: false
  ephemeral_node_inactivity_timeout: 30m
database:
  type: sqlite
  debug: false
  gorm:
    prepare_stmt: true
    parameterized_queries: true
    skip_err_record_not_found: true
    slow_threshold: 1000
  sqlite:
    path: /etc/headscale/db.sqlite
    write_ahead_log: true
    wal_autocheckpoint: 1000
log:
  format: text
  level: info
policy:
  mode: file
  path: ""
dns:
  magic_dns: false
  base_domain: headscale
  nameservers:
    global:
      - fd7a:115c:a1e0::16
      - fd7a:115c:a1e0::17
      - fd7a:115c:a1e0::18
      - fd7a:115c:a1e0::19
      - 100.64.0.22
      - 100.64.0.23
      - 100.64.0.24
      - 100.64.0.25
  search_domains:
    - example.com
unix_socket: /var/run/headscale/headscale.sock
unix_socket_permission: "0770"
logtail:
  enabled: false
randomize_client_port: false

Headscale Log

2025-02-08T08:03:00Z WRN An updated version of Headscale has been found (0.25.0-beta.2 vs. your current v0.24.3). Check it out https://github.com/juanfont/headscale/releases

2025-02-08T08:03:00Z INF Opening database database=sqlite3 path=/etc/headscale/db.sqlite
2025-02-08T08:03:01Z WRN Listening without TLS but ServerURL does not start with http://
2025-02-08T08:03:01Z INF listening and serving HTTP on: 0.0.0.0:8080
2025-02-08T08:03:01Z INF listening and serving debug and metrics on: 0.0.0.0:9090
2025-02-08T08:03:01Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002480, chan: 0xc000454540 node=syCanA node.id=22 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:02Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002780, chan: 0xc00030f0a0 node=syLab node.id=16 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:05Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027b200, chan: 0xc0005356c0 node=Bound2 node.id=30 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002600, chan: 0xc000518fc0 node=gns3 node.id=23 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023a480, chan: 0xc00030e700 node=Bound1 node.id=34 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027b380, chan: 0xc000455880 node=kvm-player2 node.id=42 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023a780, chan: 0xc00030f340 node=Bound4 node.id=32 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002900, chan: 0xc000303180 node=doklaba node.id=19 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023b200, chan: 0xc0005205b0 node=Player1 node.id=2 omitPeers=false readOnly=false stream=true
2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027be00, chan: 0xc000300150 node=Bound3 node.id=31 omitPeers=false readOnly=false stream=true
@MeCJay12 commented on GitHub (Feb 8, 2025): **sudo journalctl -u tailscaled** 270k lines. Too large to upload. [See here](https://oc.cshaheen.tech/s/lKGHFOCibsJoBmy). **tailscale netcheck** ``` Report: * Time: 2025-02-08T17:21:37.457183435Z * UDP: true * IPv4: yes, <public_ip>:60742 * IPv6: no, but OS has support * MappingVariesByDestIP: false * PortMapping: * Nearest DERP: Chicago * DERP latency: - ord: 36ms (Chicago) - tor: 39.1ms (Toronto) - iad: 46.3ms (Ashburn) - nyc: 49.9ms (New York City) - dfw: 53.4ms (Dallas) - mia: 57ms (Miami) - den: 63.9ms (Denver) - sfo: 82.2ms (San Francisco) - lax: 84.5ms (Los Angeles) - sea: 98.3ms (Seattle) - hnl: 113.8ms (Honolulu) - par: 114.6ms (Paris) - lhr: 116.5ms (London) - fra: 118.6ms (Frankfurt) - ams: 119.3ms (Amsterdam) - mad: 126.2ms (Madrid) - waw: 133.4ms (Warsaw) - nue: 143.8ms (Nuremberg) - sao: 147.2ms (São Paulo) - tok: 184.6ms (Tokyo) - syd: 217ms (Sydney) - dbi: 219.5ms (Dubai) - hkg: 230.8ms (Hong Kong) - jnb: 255.8ms (Johannesburg) - sin: (Singapore) - blr: (Bangalore) - nai: (Nairobi) ``` **tailscale status** ``` # Health check: # - Unable to connect to the Tailscale coordination server to synchronize the state of your tailnet. Peer reachability might degrade over time. ``` ^ Goes away for awhile after restarting Tailscale **sudo tailscale dns status** ``` === 'Use Tailscale DNS' status === Tailscale DNS: enabled. Tailscale is configured to handle DNS queries on this device. Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver. === MagicDNS configuration === This is the DNS configuration provided by the coordination server to this device. MagicDNS: disabled tailnet-wide. Resolvers (in preference order): - fd7a:115c:a1e0::16 - fd7a:115c:a1e0::17 - fd7a:115c:a1e0::18 - fd7a:115c:a1e0::19 - 100.64.0.22 - 100.64.0.23 - 100.64.0.24 - 100.64.0.25 Split DNS Routes: (no routes configured: split DNS disabled) Search Domains: - example.com - headscale === System DNS configuration === This is the DNS configuration that Tailscale believes your operating system is using. Tailscale may use this configuration if 'Override Local DNS' is disabled in the admin console, or if no resolvers are provided by the coordination server. Nameservers: - 127.0.0.1 - 192.168.2.5 - 192.168.255.251 - 192.168.255.253 - fc00:0:0:2::5 - fc00:0:0:255::251 - fc00:0:0:255::253 - fc00:0:0:2::4 - fd00:976a::9 - fd00:976a::10 - fd00:976a::9 - fd00:976a::10 Search domains: - example.com [this is a preliminary version of this command; the output format may change in the future] ``` **Headscale Config** ``` server_url: https://hs.example.com listen_addr: 0.0.0.0:8080 metrics_listen_addr: 0.0.0.0:9090 grpc_listen_addr: 0.0.0.0:50443 grpc_allow_insecure: false noise: private_key_path: /var/lib/headscale/noise_private.key prefixes: v4: 100.64.0.0/24 v6: fd7a:115c:a1e0::/64 allocation: sequential derp: server: enabled: false urls: - https://controlplane.tailscale.com/derpmap/default auto_update_enabled: true update_frequency: 24h disable_check_updates: false ephemeral_node_inactivity_timeout: 30m database: type: sqlite debug: false gorm: prepare_stmt: true parameterized_queries: true skip_err_record_not_found: true slow_threshold: 1000 sqlite: path: /etc/headscale/db.sqlite write_ahead_log: true wal_autocheckpoint: 1000 log: format: text level: info policy: mode: file path: "" dns: magic_dns: false base_domain: headscale nameservers: global: - fd7a:115c:a1e0::16 - fd7a:115c:a1e0::17 - fd7a:115c:a1e0::18 - fd7a:115c:a1e0::19 - 100.64.0.22 - 100.64.0.23 - 100.64.0.24 - 100.64.0.25 search_domains: - example.com unix_socket: /var/run/headscale/headscale.sock unix_socket_permission: "0770" logtail: enabled: false randomize_client_port: false ``` **Headscale Log** ``` 2025-02-08T08:03:00Z WRN An updated version of Headscale has been found (0.25.0-beta.2 vs. your current v0.24.3). Check it out https://github.com/juanfont/headscale/releases 2025-02-08T08:03:00Z INF Opening database database=sqlite3 path=/etc/headscale/db.sqlite 2025-02-08T08:03:01Z WRN Listening without TLS but ServerURL does not start with http:// 2025-02-08T08:03:01Z INF listening and serving HTTP on: 0.0.0.0:8080 2025-02-08T08:03:01Z INF listening and serving debug and metrics on: 0.0.0.0:9090 2025-02-08T08:03:01Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002480, chan: 0xc000454540 node=syCanA node.id=22 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:02Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002780, chan: 0xc00030f0a0 node=syLab node.id=16 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:05Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027b200, chan: 0xc0005356c0 node=Bound2 node.id=30 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002600, chan: 0xc000518fc0 node=gns3 node.id=23 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023a480, chan: 0xc00030e700 node=Bound1 node.id=34 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027b380, chan: 0xc000455880 node=kvm-player2 node.id=42 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023a780, chan: 0xc00030f340 node=Bound4 node.id=32 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc000002900, chan: 0xc000303180 node=doklaba node.id=19 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00023b200, chan: 0xc0005205b0 node=Player1 node.id=2 omitPeers=false readOnly=false stream=true 2025-02-08T08:03:06Z INF home/runner/work/headscale/headscale/hscontrol/poll.go:634 > node has connected, mapSession: 0xc00027be00, chan: 0xc000300150 node=Bound3 node.id=31 omitPeers=false readOnly=false stream=true ```
adam commented 2025-12-29 02:25:52 +01:00
Author
Owner
Copy Link

@nblock commented on GitHub (Feb 9, 2025):

Are you using systemd-resolved, please post the output of resolvectl status .

@nblock commented on GitHub (Feb 9, 2025): Are you using `systemd-resolved`, please post the output of `resolvectl status` .
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@nblock commented on GitHub (Feb 9, 2025):

Probably related:

@nblock commented on GitHub (Feb 9, 2025): Probably related: * https://github.com/tailscale/tailscale/issues/14486 * https://github.com/tailscale/tailscale/issues/13906
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@MeCJay12 commented on GitHub (Feb 9, 2025):

resolvectl status

Global
           Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
         DNS Servers: 127.0.0.1
Fallback DNS Servers: 192.168.2.4

Link 2 (eth0)
Current Scopes: DNS
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: fd00:976a::9 fd00:976a::10

Link 3 (vlan2)
Current Scopes: DNS
     Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
   DNS Servers: 192.168.2.5 192.168.255.251 192.168.255.253 fc00:0:0:2::5 fc00:0:0:255::251
                fc00:0:0:255::253 fc00:0:0:2::4 fd00:976a::9 fd00:976a::10
    DNS Domain: cshaheen.tech

Link 4 (tailscale0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 5 (br-00edbee28006)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 6 (br-7540beaf1abd)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 7 (docker0)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 8 (br-de821f6e70c8)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 10 (veth9335f16)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 12 (vetha3ad70f)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 14 (vethff56857)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 17 (veth33e9513)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 19 (veth5a41571)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 23 (vethf9097a5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 25 (vethe952455)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 27 (veth351d6d9)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 29 (veth0ba56c3)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 31 (vetheb6422d)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 33 (vethdd4b181)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 35 (vetha1cf3e5)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 37 (vethd79a74c)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 85 (veth542451b)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported

Link 87 (veth73c7452)
Current Scopes: none
     Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
@MeCJay12 commented on GitHub (Feb 9, 2025): **resolvectl status** ``` Global Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported resolv.conf mode: foreign DNS Servers: 127.0.0.1 Fallback DNS Servers: 192.168.2.4 Link 2 (eth0) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: fd00:976a::9 fd00:976a::10 Link 3 (vlan2) Current Scopes: DNS Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported DNS Servers: 192.168.2.5 192.168.255.251 192.168.255.253 fc00:0:0:2::5 fc00:0:0:255::251 fc00:0:0:255::253 fc00:0:0:2::4 fd00:976a::9 fd00:976a::10 DNS Domain: cshaheen.tech Link 4 (tailscale0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 5 (br-00edbee28006) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 6 (br-7540beaf1abd) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 7 (docker0) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 8 (br-de821f6e70c8) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 10 (veth9335f16) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 12 (vetha3ad70f) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 14 (vethff56857) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 17 (veth33e9513) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 19 (veth5a41571) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 23 (vethf9097a5) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 25 (vethe952455) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 27 (veth351d6d9) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 29 (veth0ba56c3) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 31 (vetheb6422d) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 33 (vethdd4b181) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 35 (vetha1cf3e5) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 37 (vethd79a74c) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 85 (veth542451b) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported Link 87 (veth73c7452) Current Scopes: none Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported ```
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@jdewinne commented on GitHub (Mar 11, 2025):

In case you're not able to use https for the control server, I've made a PR (tailscale/tailscale#15277) that allows disabling the noise dial check.
This can be a valid use case when running headscale in a ephemeral way, so that creating a valid cert is not possible.

@jdewinne commented on GitHub (Mar 11, 2025): In case you're not able to use https for the control server, I've made a PR (tailscale/tailscale#15277) that allows disabling the noise dial check. This can be a valid use case when running headscale in a ephemeral way, so that creating a valid cert is not possible.
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@MeCJay12 commented on GitHub (Mar 12, 2025):

That could be my issue. Does the noise dial check require direct HTTPS to the server? My Headscale server is behind a reverse proxy that does the actual HTTPS decryption and passes back to the server in plain HTTP.

@MeCJay12 commented on GitHub (Mar 12, 2025): That could be my issue. Does the noise dial check require direct HTTPS to the server? My Headscale server is behind a reverse proxy that does the actual HTTPS decryption and passes back to the server in plain HTTP.
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@jdewinne commented on GitHub (Mar 12, 2025):

This is the case the PR handles:

control: controlhttp: forcing port 443 dial due to recent noise dial

If headscale is using a private IP, the forcing port 443 will not happen if using tailscale 1.80.3+
If headscale is not using a private IP, you should most likely look into at least running it using https. If that is not possible (for whatever reason) the PR tailscale/tailscale#15277 could be a workaround to disable the noise dial check.

So it looks like if a recent noise dial check happened, the tailscale client will automatically switch to using https, unless you have headscale running on a private ip.

@jdewinne commented on GitHub (Mar 12, 2025): This is the case the PR handles: > control: controlhttp: forcing port 443 dial due to recent noise dial If headscale is using a private IP, the `forcing port 443` will not happen if using tailscale 1.80.3+ If headscale is not using a private IP, you should most likely look into at least running it using https. If that is not possible (for whatever reason) the PR tailscale/tailscale#15277 could be a workaround to disable the noise dial check. So it looks like if a recent noise dial check happened, the tailscale client will automatically switch to using https, unless you have headscale running on a private ip.
adam commented 2025-12-29 02:25:53 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Jun 11, 2025):

This issue is stale because it has been open for 90 days with no activity.

@github-actions[bot] commented on GitHub (Jun 11, 2025): This issue is stale because it has been open for 90 days with no activity.
adam commented 2025-12-29 02:25:54 +01:00
Author
Owner
Copy Link

@github-actions[bot] commented on GitHub (Jun 18, 2025):

This issue was closed because it has been inactive for 14 days since being marked as stale.

@github-actions[bot] commented on GitHub (Jun 18, 2025): This issue was closed because it has been inactive for 14 days since being marked as stale.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
CLI
DERP
DNS
Nix
OIDC
SSH
bug
database
documentation
duplicate
enhancement
faq
good first issue
grants
help wanted
might-come
needs design doc
needs investigation
no-stale-bot
out of scope
performance
policy 📝
pull-request
Mirrored from GitHub Pull Request
 question
regression
routes
stale
tags
tailscale-feature-gap
well described ❤️
wontfix
No Label bug question stale
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/headscale#911
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?