I am trying to make all my umbrel traffic use a vps as an exit node via tailscale.
Although I have a lot of trouble commanding tailscale to use the VPS as an exit node via the SSH terminal commands. Even when using the docker commands.
Does anyone have any experience here?
I had the same issue few weeks ago. The Tailscale docker app never routed my traffic when used as an exit node. I removed the Tailscale dock and manually installed the app from the command line.
Then I started it using the command sudo tailscale up --advertise-exit-node
I can then route the traffic from another node using sudo tailscale up --exit-node=umbrel_node_name
Yeah I did the same thing . SSH into umbrel and then install tailscale outside of the docker. I then rerouted all umbrel traffic to exit node my a vps. Seems to work well . But wonder if there are any issues with doing this i am not aware of.
I think the Tailscale docker is just missing the –advertise-exit-node argument which then prevents the routing feature.
I would have spent a bit more time trying to figure out how to add this argument within the Umbrel Tailscale docker but then on every update there is the risk of losing any manual workaround…
Don’t think there are any issues doing this, we’re just removing this “docker layer”. Also the tailscale version we manually installed has a newer version than the Umbrel version.
Only drawback is if you want to keep Tailscale updated you have to run an apt-get update & apt-get install from the shell instead of the nicely check for update button 
I created Allow setting exit node in Tailscale · Issue #816 · getumbrel/umbrel-apps · GitHub to track this, but in hindsight I think you guys are right, it’s a limitation of the tail scale docker image.
The docker image documents a TS_EXTRA_ARGS environment variable which passes extra args to tailscale set (see Tailscale Docker image · Tailscale Docs)
tailscale set allows the --exit-node <ip|name> flag (see Tailscale CLI · Tailscale Docs)
Therefore we should be able to update the docker-compose.yml to use that environment variable like so:
services:
web:
network_mode: "host" # TODO: We can remove this later with some iptables magic
image: tailscale/tailscale:v1.48.1@sha256:51c756718c30b15d1d3d228b1f4425cba646ec15da5d188a0d55c32b8ea4f378
restart: on-failure
stop_grace_period: 1m
command: "sh -c 'tailscale web --listen 0.0.0.0:8240 & exec tailscaled --tun=userspace-networking'"
volumes:
- ${APP_DATA_DIR}/data:/var/lib
environment:
TS_EXTRA_ARGS: "--exit-node <ip|name>"
1 Like
this is great! thanks for sharing