Tailscale with truenas application ports

tegra · May 7, 2024, 7:22pm

So i got my TrueNAS-SCALE-23.10.2 working. Immich, tailscale, and Plex. What I cannot seem to do it get access truenas apps with tailscale. I saw some other things on here but nothing seemed to work.
I have subnets and exit node enabled in tailscale.
Enabled - Advertise Exit node
Enabled - Userspace
Enabled - Host network
Advertise Routes I added my home ip network. 192.168.1.0/24

I can access my truenas via tailscale but thats it. It does not like it when I add ports.
I tried to use nginx proxy manager to add the port that way like other applications. But any apps like immich do not work.

Any one have any ideas?

tegra · May 10, 2024, 1:45am

Anyone?

stk · May 10, 2024, 2:52am

You need to add your IP address of the box to the IPs you route to.

So my truenas is on 192.168.1.15 so I add this to the available routes. Then everything works like magic. All your apps will be accessible remotely.

This is because your truenas apps are wired to the LAN address, not the tailscale address.

You’d think this would work but it doesn’t so this workaround solves the problem.

WiteWulf · May 10, 2024, 8:11am

Just make sure you add the route to Tailscale as a /32, ie. 192.168.1.15/32, so you’re only routing to that specific host over Tailscale.

192.168.0.0/16 is an RFC1918 address range and likely to be used extensively in other locations. If you’re on someone else’s LAN (ie. a friend’s house, work, coffee shop, etc.) and it’s using 192.168.0.0/16 but you route all that traffic over your tailnet things will break.

tegra · May 10, 2024, 1:59pm

So I changed it from 192.168.1.0 to the actual ip of the truenas. I have tailscale Subnet routes pointing to the actual ip of my truenas.

I also added Advertise Routes the same ip with /32 at the end in truenas in the tailscale part. but its still not working. I always get refused to connect.
I should also note i am trying to connect to immich app on my truenas.

stk · May 10, 2024, 7:23pm

You need to accept the advertised routes in your main tailscale control panel (web interface to your tailscale account).

then make sure they work.

tegra · May 10, 2024, 8:00pm

I did it’s there. 192.168.1.55/32

stk · May 10, 2024, 10:57pm

so you manually accepted in the tailscale web GUI, NOT the truenas GUI?

Can you show me the screenshot of the confirmation?

It should look like this:

tegra · May 11, 2024, 1:21am

See below

tegra · May 17, 2024, 11:33am

I guess this is something that cant be done.

tudja · August 27, 2024, 7:14am

Hello, here the solution Reddit - Dive into anything

stk · September 23, 2024, 1:53am

that is true. This works fine for me, and for enabling apps, there is just ONE ip address you need to route to which limits the potential damage. It’s just a fast solution to a problem.

stk · September 23, 2024, 1:55am

Exactly!!! that is the same solution I came up with above. It’s the simplest solution by far.

The other solution is simply to re-write every URL to use the tailscale host name, but apps may generate URLs referencing the IP address so this alternative approach doesn’t go very far.