Possible to install tailscale at OS level?

[arcadeperfect]

Hi

Truenas CORE

Is it possible to install tailscale at the OS level? I know there's a BSD port which can be installed in a jail, but the same commands won't work in the Truenas shell (I don't know BSD admittedly).

I also know tailscale could be installed on another device as a relay, but it would be cleaner to just have tailscale installed on the Truenas OS. I've done the requisite googling and I suspect the answer is it's impossible and / or strongly not recommended but just checking!

Thanks

 

[danb35]

In theory it's possible, but installing software on the base OS is unsupported--under both CORE and SCALE.

 

[arcadeperfect]

OK, I did manage to install it (on a test box).

It does work. How dangerous is this?

 

[danb35]

Unlikely it will harm your data. Possible it will expose your NAS to external attack (unlikely, I think, but you are opening up another network connection). But the bigger issue is that it won't be persistent--it will probably go away with any updates, and it's possible you'll lose the configuration when you restart the system.

 

[arcadeperfect]

Understood. Thanks.

 

[arcadeperfect]

On a slightly different note, If I install tailscale in a jail is there any way it can expose the Truenas SMB shares, beyond mounting the volumes in the jail and running a separate SMB server from inside?

 

[tauronux]

On a slightly different note, If I install tailscale in a jail is there any way it can expose the Truenas SMB shares, beyond mounting the volumes in the jail and running a separate SMB server from inside?

Hey there,

i'm completely new to TrueNAS, FreeBSD, Unix and Linux so don't quote me on my response.

I'm planing to do exactly the same (Tailscale in Jail on Core) and from what i read, by advertising route to your LAN as a subnet (in Tailscale settings), you should be able to connect to any device on that LAN from any Tailscale node, using LAN IP addresses (so SMB shares on TrueNAS should be visible directly).

Somebody please correct me if i'm wrong.

 

[arcadeperfect]

Hey there,

i'm completely new to TrueNAS, FreeBSD, Unix and Linux so don't quote me on my response.

I'm planing to do exactly the same (Tailscale in Jail on Core) and from what i read, by advertising route to your LAN as a subnet (in Tailscale settings), you should be able to connect to any device on that LAN from any Tailscale node, using LAN IP addresses (so SMB shares on TrueNAS should be visible directly).

Somebody please correct me if i'm wrong.

I was able to get this to work! However, you won't be able to share it with any other Tailscale users because Tailscale doesn't support sharing routed subnets. This is kind of a deal breaker for me unfortunately. If you don't care about that then it's a great solution.

 

[tauronux]

I was able to get this to work! However, you won't be able to share it with any other Tailscale users because Tailscale doesn't support sharing routed subnets. This is kind of a deal breaker for me unfortunately. If you don't care about that then it's a great solution.

Could you please elaborate? What exactly doesn't work? SMB shares? Did you try to get to the shared folder directly by the machines LAN IP address (not the Tailscale one)?

 

[arcadeperfect]

Could you please elaborate? What exactly doesn't work? SMB shares? Did you try to get to the shared folder directly by the machines LAN IP address (not the Tailscale one)?

Running tailscale in a jail works, and you can access that jail's environment over tailscale in the normal way. You can also share that tailscale instance with someone else who has a different tailscale account via the web app. But of course the jail does not itself give access to the host OS's SMB shares directly.

Running tailscale in the Jail configuered as a sbunet router also works, and then via tailscale on another machine you can access the Truenas host's regular ip from the coffee shop as if it was still there on your lan.

The wrinkle is that only you can access the routed subnet. Sharing the jailed instance with a friend's tailscale account (as I want to) will give them access to that jail's environment but not the routed subnet. This is expected behaviour unfortunately. They say they are considering adding this feature at some point.

The jail can mount drives you expose to it, and you should be able to run a seperate smb server from that jail, which I will try next. But it's a bummer because you lose all the Truenas management features and will have to configure users / permissions through a shell. Or maybe another truenas install in the jail lol.

 

[tauronux]

I understand. So you need to use only one account, to be able to get to the routed subnet. For me, it's perfectly fine as i'm going to set it up in a small office and the people won't even know how it works.

Back to your case though .. what about upgrading to Scale and using Tailscale through the TrueCharts?

 

[arcadeperfect]

That wasn't an option I was aware of, I will look into it!

 

[tauronux]

... and i've just learned about Seafile. You can install it in a Jail just like Tailscale, but it's more in the likes of Google Drive / Dropbox services, even with it's own desktop client! You can use the client to mount a virtual drive in your OS file explorer and you can then work with files, just like they were on your local drive. It even shows thumbnails and files are opened in your default applications localy on your PC. And here's the big deal ... until you open a file, it shows only headers, so you're not wasting bandwith and drive space to download files you don't need. But once you open a file, it will cache it to your PC and lock it for other users - you hear me? For other users! You can setup permissions for different users, like you would on SMB.

I need some sleep now so i didn't read all of it, but seems like it beats the purpose of Tailscale for me.

 

[danb35]

Sounds a lot like Nextcloud. Or Owncloud. Both of which are also available as apps for SCALE.

 

[tauronux]

From what i read, compared to Seafile, Nextcloud uses WebDAV for desktop client syncing and it's implemented in a way, that makes it slow and slower, with the amount and size of files you are trying to sync, to a point, where it just fails and might corrupt data.

Seafile has two types of clients - one that caches files, which are being opened (while showing everything else in the file explorer, like it would do if the files were saved localy), with the ability to set a size for the cache.

The second type is normal syncing of whole folders, in the likes of Dropbox.

The important thing here is the speed and stability of the syncing compared to Nextcloud.

 

[danb35]

Nextcloud uses WebDAV for desktop client syncing and it's implemented in a way, that makes it slow and slower, with the amount and size of files you are trying to sync, to a point, where it just fails and might corrupt data.

I guess that point must be somewhere north of the 350k files and 275 GB of data in my own Nextcloud installation. But the Nextcloud client doesn't yet have the "local cache for remote data" feature you mention--though it's been some time since they promised it.

 

[tauronux]

I guess that point must be somewhere north of the 350k files and 275 GB of data in my own Nextcloud installation. But the Nextcloud client doesn't yet have the "local cache for remote data" feature you mention--though it's been some time since they promised it.

So if i understand it correctly, you're using Nextcloud as a backup? Did you ever had to reinstall your client OS or set up the client app on a new computer? How long did it take to sync all that data for the first time?

In my case, i'm trying to find an optimal Linux storage solution for a small office with 8 on-site devices + 8 off-site which needs to connect to the storage remotely through the internet, with the ability to edit mainly Microsoft Office documents directly after doubleclicking them (so FTP, web portals, or Office apps alternatives like on Synology NAS are out of question). I was planning to go the Tailscale route and SMB, but just learned about Seafile and Nextcloud. Would you recommend Nextcloud on TrueNAS scale for this particular use?

 

[ChrisRJ]

I use Syncthing in a jail (installed following the instruction from Lawrence Systems on YouTube) for this use-case.

How do you plan to handle the network connectivity? VPN?

 

[tauronux]

I use Syncthing in a jail (installed following the instruction from Lawrence Systems on YouTube) for this use-case.

How do you plan to handle the network connectivity? VPN?

As far as i know, Syncthing does sync all the files between devices, and it doesn't have the caching feature, right?

First i thought i would setup a Debian server running SMB shares and using OpenVPN for remote connection. Then i discovered Tailscale and TrueNAS and i think that for me as a Linux-beginner, this soultion is the easiest to get running. I choosed Core, because of it's age and stability and Tailscale, because it doesn't need ports to be opened. Yesterday i've discovered Seafile / Nextcloud and i thought, that it's the perfect solution, but i've dived into their documentation today and it seems like Seafile in a Jail would be nothing easy to accomplish (at least for a beginner) as it doesn't officialy support FreeBSD and even if i would go the Scale route and install it in a VM, i would need to open ports, which i would rather not do for now, if there are other ways to make it work (Tailscale).

So now it's just a question of using Core/Jail or Scale/TrueCharts. I'm gonna try the Core today and see how it goes. I'll keep an eye on Seafile though, because i might use it in the future, when i get more experience with Linux distros.

 

[arcadeperfect]

I understand. So you need to use only one account, to be able to get to the routed subnet. For me, it's perfectly fine as i'm going to set it up in a small office and the people won't even know how it works.

Back to your case though .. what about upgrading to Scale and using Tailscale through the TrueCharts?

I had been resisting moving to Scale, but I can confirm that the TrueCharts version of Tailscale works as I was hoping it would. So thanks for that suggestion. It does seem like a bummer to migrate the whole thing to Scale for the sake of one app but it's either that or a reckless OS level install on BSD I think.

Seafile also sounds interesting. I was thinking of using Nextcloud as an alternative for those who don't want to install tailscail so maybe it could fill that role.