@yobyot said in "Tailscale is not online" problem:

I'm late to the party but unless I misunderstand this thread it's not about Tailscale not starting up but instead about the auth key expiring.

Auth keys are good for a maximum of 90 days. If you reboot pfSense on day 91, Tailscale will not come up and the "API" error will be generated (it's actually an auth key expired error).

Thus, unless you never reboot pfSense, starting with the 91st day, you must re-generate an auth key and input it to Tailscale even if you have key expiry disabled.

What makes this worse, IMHO, is that the longer you go between reboots, the more obscure the problem. So, Tailscale is not a reliable service because it cannot survive a reboot after 90 days.

This occurs on both CE 2.7.2 in a Protectli Vault Proxmox VM and on a real SG-1100 running Plus 24.11 (packages as distributed with those releases).

I wish TS would introduce a new feature "a la Acme update" so that this would be done automatically.

Any luck getting this fixed? I am running into the exact same issue with my setup. Latest Headscale (0.26.1), PFSense 2.7.2, and Tailscale package 1.84.2 installed on PfSense.

@brinkmann I personally am not running 2.8.0 yet, but yes.

@maxpol @TravisH Did you get this resolved?

I have th esame issues or very similiar. The first tailnet client works, then when i add additional ones they sometimes work, but majoritvly they fail.

PFSense+ latest f/w. All endpoint showing online in tailscale status within pfsense and also on the tailscale portal.

Thanks

Thank you, @elvisimprsntr, I did that and it worked beautifully.

From TS support

"I’m Kelly from the Tailscale support team. Thanks for reaching out! This is a common point of confusion- Even with the “Key Expiry: Disabled” option selected in the Tailscale web UI, that only applies to machines authenticated via the web login.

You need to generate a Reusable, Ephemeral = false, Pre-Auth Key via the Tailscale admin panel, and use that on the pfsense."

@Gertjan

Thanks for the reply! Thats what I was afraid of. We have 100s of pfsense/tailscale nodes that we don't have UI access to. We use Ansible to automatically configure them in a remote fashion, everything was fine until this routes issue. But I will check out the link.

Thanks again!

@IanMcLeish said in Tailscale not online:

I got it!

great 👍

@DavcoreTech

Looks like you may be running an older version of pfSense and/or Tailscale.

You might want to upgrade to latest version (1.78.1) on all clients, which may resolve some of the connection issues.

Although, Netgate has not updated the Tailscale package in some time, you can manually update

How to update to the latest Tailscale version?

You may also want to upgrade Windows 8.1, which MS officially stopped supporting on January 10, 2023

@chudak

Service Status
Shows running or not

Otherwise no widget avail might blew up the dashboard caused by the amount of possible nodes / clients on a tails scale net (filtering or show only specific clients might do the trick)

Might be a cool project for someone

Br np