Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERROR: Tailscale's Funnel support is disabled #447

Open
CoolhappyDE opened this issue Jan 5, 2025 · 3 comments
Open

ERROR: Tailscale's Funnel support is disabled #447

CoolhappyDE opened this issue Jan 5, 2025 · 3 comments

Comments

@CoolhappyDE
Copy link

Problem/Motivation

Since some days Tailscale is not starting up. I did not change the config.

Expected behavior

That Tailscale is starting up fine.

Actual behavior

It’s is working for some Seconds and then shutting down.

(What actually happened)
Stops working with

Core 2025.1.0
Supervisor 2024.12.3
Operating System 14.1

And with

Core 2024.12.5
Supervisor 2024.12.3
Operating System 14.1
Frontend 20241127.8

Steps to reproduce

Fill in the Config:

advertise_exit_node: true
advertise_routes:
  - 192.168.3.0/24
  - 192.168.1.0/24
funnel: true
log_level: trace
proxy: true
proxy_and_funnel_port: "443"
snat_subnet_routes: true
taildrop: true
userspace_networking: true

Then there is the logfile:

{"version":"2025.1.0","version_latest":"2025.1.0","update_available":false,"machine":"qemux86-64","ip_address":"172.30.32.1","arch":"amd64","image":"ghcr.io/home-assistant/qemux86-64-homeassistant","boot":true,"port":8123,"ssl":false,"watchdog":true,"audio_input":null,"audio_output":null,"backups_exclude_database":false} .port
[21:19:47] TRACE: bashio::cache.set: core.port 8123
[21:19:47] TRACE: bashio::fs.directory_exists: /tmp/.bashio
[21:19:47] TRACE: bashio::core.port
[21:19:47] TRACE: bashio::core core.port .port
[21:19:47] TRACE: bashio::cache.exists: core.port
[21:19:47] TRACE: bashio::fs.file_exists: /tmp/.bashio/core.port.cache
[21:19:47] TRACE: bashio::cache.get: core.port
[21:19:47] TRACE: bashio::cache.exists: core.port
[21:19:47] TRACE: bashio::fs.file_exists: /tmp/.bashio/core.port.cache
[21:19:47] TRACE: bashio::config.true: funnel
[21:19:47] TRACE: bashio::config: funnel
[21:19:47] TRACE: bashio::addon.config
[21:19:47] TRACE: bashio::cache.exists: addons.self.options.config
[21:19:47] TRACE: bashio::fs.file_exists: /tmp/.bashio/addons.self.options.config.cache
[21:19:47] TRACE: bashio::cache.get: addons.self.options.config
[21:19:47] TRACE: bashio::cache.exists: addons.self.options.config
[21:19:47] TRACE: bashio::fs.file_exists: /tmp/.bashio/addons.self.options.config.cache
[21:19:47] TRACE: bashio::jq: {"advertise_exit_node":true,"advertise_routes":["192.168.3.0/24","192.168.1.0/24"],"funnel":true,"log_level":"trace","proxy":true,"proxy_and_funnel_port":"443","snat_subnet_routes":true,"taildrop":true,"userspace_networking":true} if (.funnel == null) then
            null
        elif (.funnel | type == "string") then
            .funnel // empty
        elif (.funnel | type == "boolean") then
            .funnel // false
        elif (.funnel | type == "array") then
            if (.funnel == []) then
                empty
            else
                .funnel[]
            end
        elif (.funnel | type == "object") then
            if (.funnel == {}) then
                empty
            else
                .funnel
            end
        else
            .funnel
        end
[21:19:47] TRACE: bashio::var.true: true
[21:19:47] ERROR: Tailscale's Funnel support is disabled
[21:19:47] TRACE: bashio::exit.nok:
[21:19:47] TRACE: bashio::var.has_value: 
[21:19:47] INFO: Service serve exited with code 1 (by signal 0)
s6-rc: info: service legacy-services: stopping
s6-rc: info: service legacy-services successfully stopped
s6-rc: info: service taildrop: stopping
s6-rc: info: service serve: stopping
s6-rc: info: service nginx: stopping
s6-rc: info: service serve successfully stopped
[21:19:47] INFO: Service taildrop exited with code 256 (by signal 15)
s6-rc: info: service taildrop successfully stopped
s6-rc: info: service post-tailscaled: stopping
s6-rc: info: service post-tailscaled successfully stopped
s6-rc: info: service tailscaled: stopping
2025/01/05 21:19:47 tailscaled got signal terminated; shutting down
2025/01/05 21:19:47 canceling captive portal context
2025/01/05 21:19:47 control: client.Shutdown ...
2025/01/05 21:19:47 control: mapRoutine: exiting
2025/01/05 21:19:47 control: authRoutine: exiting
2025/01/05 21:19:47 control: updateRoutine: exiting
2025/01/05 21:19:47 control: Client.Shutdown done.
2025/01/05 21:19:47 magicsock: closing connection to derp-26 (conn-close), age 2s
2025/01/05 21:19:47 magicsock: 0 active derp conns
2025/01/05 21:19:47 flushing log.
2025/01/05 21:19:47 logger closing down
[21:19:47] INFO: Service NGINX exited with code 0 (by signal 0)
s6-rc: info: service nginx successfully stopped
s6-rc: info: service init-nginx: stopping
s6-rc: info: service web: stopping
s6-rc: info: service init-nginx successfully stopped
[21:19:47] INFO: Service tailscaled exited with code 0 (by signal 0)
s6-rc: info: service tailscaled successfully stopped
[21:19:47] INFO: Service Tailscale web exited with code 256 (by signal 15)
s6-rc: info: service web successfully stopped
s6-rc: info: service legacy-cont-init: stopping
s6-rc: info: service legacy-cont-init successfully stopped
s6-rc: info: service fix-attrs: stopping
s6-rc: info: service base-addon-log-level: stopping
s6-rc: info: service fix-attrs successfully stopped
s6-rc: info: service base-addon-log-level successfully stopped
s6-rc: info: service base-addon-banner: stopping
s6-rc: info: service base-addon-banner successfully stopped
s6-rc: info: service s6rc-oneshot-runner: stopping
s6-rc: info: service s6rc-oneshot-runner successfully stopped

(How can someone else make/see it happen)

Proposed changes

(If you have a proposed change, workaround or fix,
describe the rationale behind it)
@lmagyar
Copy link
Contributor

lmagyar commented Jan 6, 2025

It doesn't work, because you disabled it on TS admin page. See the add-on docs, or TS docs: https://tailscale.com/kb/1223/funnel#requirements-and-limitations "Funnel requires the following to work: ... A funnel node attribute in your tailnet policy file. This attribute tells Tailscale which tailnet users can use Funnel."

@CoolhappyDE
Copy link
Author

CoolhappyDE commented Jan 6, 2025
edited
Loading

I Fixd it! Instead of

{

	"nodeAttrs": [
		{
			"target": ["autogroup:member"],
			"attr":   ["funnel"],
		},
	],

	"tagOwners": {

		"tag:funnel":             ["autogroup:member"],
		"tag:exitnode":           ["autogroup:admin"],
	},
}

I changed it to that:

"nodeAttrs": [
		{
			"target": ["tag:funnel"],
			"attr":   ["funnel"],
		},

@lmagyar
Copy link
Contributor

lmagyar commented Jan 6, 2025

Yeah, as I remember autogroups and tags "don't mix well". :)

You can test the result of the ACL edits with: turn off funnel in the add-on config, start it, then execute this in the command line:

docker exec -it `docker ps -q -f name=tailscale` /bin/bash
/opt/tailscale status --json --peers=false | jq -M '.Self.CapMap'

There should be a funnel line in the output if you configured TS right:

{
  "funnel": null,
  ...
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lmagyar @CoolhappyDE