Re: Progress on tailscale on NetBSD (plus $ available)

[David Brownlee <abs%absd.org@localhost>]

aOn Mon, 20 Apr 2026 at 19:54, Kevin Bloom <ktnb%netbsd.org@localhost> wrote:
>
> > From: Kevin Bloom <ktnb%netbsd.org@localhost>
> >
> > > Following up on my previous message
> > >
> > > Using pkgsrc/wip/tailscale (many thanks to ktnb for maintaining that!)
> > > I seem to be able to get a pretty reliable full (not needing the -tun
> > > userspace-networking workaround) tailscale client on NetBSD-11_RC3 by:
> >
> > My apologies for not getting the NetBSD support for wip/tailscale
> > better. That's partly why I keep it in wip and not merged in -current.
> > I use tailscale for work but I only use macOS and Linux (both with
> > pkgsrc) so I mostly keep it up-to-date for those systems.

Not at all - thanks for all the work maintaining it - it provided a
ready platform for me to try poking at :)

> [...]
>
> Okay, I'm not 100% sure I have it good enough to consider this "fixed"
> but I think I do having it working.
>
> https://mail-index.netbsd.org/pkgsrc-wip-changes/2026/04/20/msg036257.html
>
> Once intsalled:
> # tailscaled
> $ tailscale login
> ...
> # tailscale up --accept-routes
> Done.
>
> ifconfig(8) shows the tun0 with status active as well. So I'm guessing
> it's working.
>
> I can ping everyone on the tailnet. No need to do anything with the ip.
> Let me know if it works for y'all.

(Great - leaps in enthusiastically and finds things to trip over :)

I've taken the last three versions from pkgsrc-wip for a spin. Using
the GITHUB_TAG as a reference and a snippet of the commit message they
would be:

acb9d410 - "update to 1.94.4"
025e1f2e  - "tun(4) support"
73f86934  - "userspace-networking"

(As an aside I got myself into a terrible mess with not destroying the
tun0 between switching versions to ensure a clean baseline). For each
test I ensure there are no tun interfaces present and no other
wireguard or similar processes, then with a pre-authed tailscale just
run "service tailscaled onestart". This is on 11.0_RC3/amd64 with a
single configured ethernet interface

In all cases userspace-networking seems to work fine for me - my test
is 'tailscale ssh <ip>' where <ip> is a Linux box on the same tailnet.

Trying to test with rc.d/tailscaled updated to remove -tun
userspace-networking - the two latest versions will bring up tun0 with
the correct IP, and I can use 'tailscale ping', but I cannot use 'ssh
<ip>' to ssh directly across the tailnet.

Trying my workaround to create and assign an IP to tun0 before
starting tailscaled still allows me to 'ssh <ip>' across the tailnet
with acb9d410, but it no longer works for the latter two versions.

I'm pretty sure I must be missing something, but I don't know what! :/

Thanks

David