The official Tailscale subreddit. Not routinely monitored by Tailscale employees. Please contact support via https://tailscale.com/contact/support if you need further help.
Specifying an exit node in a docker container results in "selected but offline"
Trying to have a docker container route all of it's traffic through an exit node. Eventually this will be made part of a docker compose stack where all the containers use the tailscale container for their networking.
I'm starting the tailscale container with the following command:
sudo docker run --name=tailscale -v /var/lib:/var/lib -v /lib/modules:/lib/modules -v /dev/net/tun:/dev/net/tun -v ./ts-state:/client/data --cap-add=NET_ADMIN --cap-add=NET_RAW -e TS_HOSTNAME=den-test-b -e TS_STATE_DIR=/client/data -e TS_AUTHKEY=tskey-auth-redacted -e TS_EXTRA_ARGS="--exit-node=[exit-node-ip]" --privileged=true --rm tailscale/tailscale:latest
When I run sudo docker exec -it tailscale tailscale --socket /tmp/tailscaled.sock exit-node list I see my specified exit node but with a status of 'selected but offline'. Additionally, from inside the tailscale container (docker exec -it tailscale sh), wget -q -O /tmp/ipconfig 'https://ifconfig.me/ip' && cat /tmp/ipconfig shows the IP not going through the exit node.
This is on Ubuntu Bullseye with the official Docker installed. tailscale docker version 1.48.1. What am I missing?
Update: This is because tailscale is running in userspace mode inside a container. I switched to "kernel" mode by adding
-e TS_USERSPACE=false -e TS_TAILSCALED_EXTRA_ARGS="--tun=tailscale1"and got it working, mostly. It takes over all the networking on the host, instead of just the containers in docker. If I get that working I'll post updates here.Have you figured out how to run it only on the single container? I'm trying to achieve the same thing!
You can use tailscaled proxy setting when start the app to route all over your exit-node inside the container.
Example there : https://tailscale.com/kb/1107/heroku/
Hey there. I just wanted to do exactly this setup, but did not find a working solution. Did you by chance figure this out? I also tried adding the env variables as you suggested in your answer, but this also did not work for me. :/
Did you get this to work?
Yes, although it's not perfect. In my docker-compose I need:
services: tailscale: image: tailscale/tailscale:latest cap_add: - NET_ADMIN environment: - TS_EXTRA_ARGS=--exit-node ${EXIT_NODE_IP} - TS_TAILSCALED_EXTRA_ARGS=--tun=tailscale1https://forum.tailscale.com/t/no-internet-when-using-linux-docker-as-exit-node/3155/2
Thanks, I saw that but didn't know if applied to me since I'm trying to use an exit node with docker, not be an exit node. I'll read through it again and try a few things that are mentioned.