Newly built packages disable routing for local network.

[DocEmmetBrown]

Hey folks,
I tried to install the latest 1.36 package on my TS-451, and once properly configured, I lose inbound connectivity to my local IP, even though the Tailscale IP works
If I stop the tailscale daemon, my local IP pings again from my local network.
I can take a shell on the machine through Tailscale IP / alias, and from there I can ping my local network.
On the NAS, the routing table looks exactly the same with version 1.34.1 (which works as intended), and 1.36.0 (which doesn't).
I had the exact same issue experimenting with the 1.34.2 Pre-release package.
Happy to provide more details if needed.

[KilllerRabbbit]

I had the same problem with a few preleases I tried but with the official release [v1.36.0] (https://github.com/tailscale/tailscale-qpkg/releases/tag/v1.36.0) that didn't happen.
There were some other problems with login that required ssh as the GUI was not really working in the beginning but no problems with network routing/isolation.

[talios]

I had this with this official release of Tailscale_1.36.0-1_x86_64.qpkg - GUI doesn't work (never did), tried running tailscale up again and reattaching - then I noticed it was only the local network that was dead.

Rolled back and all good again.

[DentonGentry]

GUI doesn't work (never did)

What happens when you click on the Tailscale icon in the App Center? Does it open a new browser window? Gives an error in the browser? Something else?

then I noticed it was only the local network that was dead.

Do you have any subnet routers on your tailnet? Might the QNAP be receiving routes from somewhere?

[talios]

When I open the GUI (note - I have changed the default web port for the QNAP):

Where would I find logs for that?

No subnet routers that I'm away of - just the QNAP, the Macbook, a raspberry pi and an iPhone.

I don't believe theres anything else that'd issue routes - ports, maybe, but not routes.

[DentonGentry]

The screenshot shows a browser connection to nas50d992:9090/wailscaleweb, but it is supposed to open a connection to nas50d992:9090/cgi-bin/qpkg/Tailscale/index.cgi

Is this using https://github.com/tailscale/tailscale-qpkg/releases/tag/v1.36.0 ?

[talios]

Ahh no it wasn't - that was using the earlier release as I'd rolled back due the local networking issue. I'll try again.

Local networking/dns seems to be working again this time - I see the shortcut to Tailscale on the 'desktop' and the menu still point to the old URL, however manually changing the URL I get:

Get "http://127.0.0.1:8080/cgi-bin/authLogin.cgi?sid=rdzanxjv": dial tcp 127.0.0.1:8080: connect: connection refused

[talios]

Interesting - without any changes I now seem to get:

http: named cookie not present

from that above link.

[davegoodfellow]

Hey folks, I tried to install the latest 1.36 package on my TS-451, and once properly configured, I lose inbound connectivity to my local IP, even though the Tailscale IP works If I stop the tailscale daemon, my local IP pings again from my local network. I can take a shell on the machine through Tailscale IP / alias, and from there I can ping my local network. On the NAS, the routing table looks exactly the same with version 1.34.1 (which works as intended), and 1.36.0 (which doesn't). I had the exact same issue experimenting with the 1.34.2 Pre-release package. Happy to provide more details if needed.

I have the same problem.
QTS 5.0.0.2131 TVS-672N
Tailscale_1.36.0-1_x86_64.qpkg
GUI works fine when I start the app.
I then lose connection to QNAP on 192.168.1.17 and can only connect on tailscale IP 100.xx.xx.xx
Do I need to add a static route?

[DocEmmetBrown]

@DentonGentry : just tried the new Tailscale_1.36.1-1 on my TS-451, and had the exact same behaviour 🤔 .
Immediately after enabling the device in the admin console, I loose all connectivity on my LAN IP.
Reverting back to 1.34.1 and deleting / recreating the device in the console did make it work again, but I wonder if I have something special in my config 🤔 .
Happy to provide whatever details I can to help debug this issue.

[FlintyLemming]

@DocEmmetBrown
When I keep the WebUI port is 5000 which is default, same as above

After change it into 8080, everything is fine.

May it help you.

[DocEmmetBrown]

Hey @DentonGentry,
I did a bit of digging and I think I understand better the problem:

TL;DR :
the newly built packages seem to have the --accept-routes flag enabled.

On my network, I have one of my nodes that advertises my local network route (192.168.166.0/24).
When I disable this route advertisement, my NAS works perfectly.
As soon as I enable the route advertisement, I loose all inbound connectivity to the LAN interface.

Here you have the (redacted) logs when enabling route sharing (through the admin UI) :

2023/05/05 19:03:12 wgengine: Reconfig: configuring userspace WireGuard config (with 2/7 peers)
2023/05/05 19:03:12 wgengine: Reconfig: configuring router
2023/05/05 19:03:12 wgengine: Reconfig: configuring DNS
2023/05/05 19:03:12 dns: Set: {DefaultResolvers:[999.999.999.999] Routes:{beta.tailscale.net.:[] tailnet4242.ts.net.:[] ts.net.:[333.333.333.333 1234:123:1234::53]}+65arpa SearchDomains:[tailnet4242.ts.net. mygithubuser.github.beta.tailscale.net.] Hosts:16}
2023/05/05 19:03:12 dns: Resolvercfg: {Routes:{.:[999.999.999.999] ts.net.:[333.333.333.333 1234:123:1234::53]} Hosts:16 LocalDomains:[beta.tailscale.net. tailnet4242.ts.net.]+65arpa}
2023/05/05 19:03:12 dns: OScfg: {Nameservers:[100.100.100.100] SearchDomains:[tailnet4242.ts.net. mygithubuser.github.beta.tailscale.net.] MatchDomains:[] Hosts:[]}
2023/05/05 19:03:12 monitor: RTM_NEWROUTE: src=, dst=192.168.166.0/24, gw=, outif=21, table=52

and disabling route sharing

2023/05/05 19:03:23 wgengine: Reconfig: configuring userspace WireGuard config (with 1/7 peers)
2023/05/05 19:03:23 wgengine: Reconfig: configuring router
2023/05/05 19:03:23 monitor: RTM_DELROUTE: src=, dst=192.168.166.0/24, gw=, outif=21, table=52
2023/05/05 19:03:23 wgengine: Reconfig: configuring DNS
2023/05/05 19:03:23 dns: Set: {DefaultResolvers:[999.999.999.999] Routes:{beta.tailscale.net.:[] tailnet4242.ts.net.:[] ts.net.:[333.333.333.333 1234:123:1234::53]}+65arpa SearchDomains:[tailnet4242.ts.net. mygithubuser.github.beta.tailscale.net.] Hosts:16}
2023/05/05 19:03:23 dns: Resolvercfg: {Routes:{.:[999.999.999.999] ts.net.:[333.333.333.333 1234:123:1234::53]} Hosts:16 LocalDomains:[tailnet4242.ts.net. beta.tailscale.net.]+65arpa}
2023/05/05 19:03:23 dns: OScfg: {Nameservers:[100.100.100.100] SearchDomains:[tailnet4242.ts.net. mygithubuser.github.beta.tailscale.net.] MatchDomains:[] Hosts:[]}

Happy to share more details if that can help.

Cheers

[n1majne3]

seems still have issue in latest 1.48, lost LAN connect once enable tailscale, now use docker instead....

[wingcomm]

Same issue here still on 1.68.2.