Re: Progress on tailscale on NetBSD (plus $ available)

[Kevin Bloom <ktnb%netbsd.org@localhost>]

> aOn Mon, 20 Apr 2026 at 19:54, Kevin Bloom <ktnb%netbsd.org@localhost> wrote:
> >
> > > From: Kevin Bloom <ktnb%netbsd.org@localhost>
> > >
> > > > Following up on my previous message
> > > >
> > > > Using pkgsrc/wip/tailscale (many thanks to ktnb for maintaining that!)
> > > > I seem to be able to get a pretty reliable full (not needing the -tun
> > > > userspace-networking workaround) tailscale client on NetBSD-11_RC3 by:
> > >
> > > My apologies for not getting the NetBSD support for wip/tailscale
> > > better. That's partly why I keep it in wip and not merged in -current.
> > > I use tailscale for work but I only use macOS and Linux (both with
> > > pkgsrc) so I mostly keep it up-to-date for those systems.
>
> Not at all - thanks for all the work maintaining it - it provided a
> ready platform for me to try poking at :)
>
> > [...]
> >
> > Okay, I'm not 100% sure I have it good enough to consider this "fixed"
> > but I think I do having it working.
> >
> > https://mail-index.netbsd.org/pkgsrc-wip-changes/2026/04/20/msg036257.html
> >
> > Once intsalled:
> > # tailscaled
> > $ tailscale login
> > ...
> > # tailscale up --accept-routes
> > Done.
> >
> > ifconfig(8) shows the tun0 with status active as well. So I'm guessing
> > it's working.
> >
> > I can ping everyone on the tailnet. No need to do anything with the ip.
> > Let me know if it works for y'all.
>
> (Great - leaps in enthusiastically and finds things to trip over :)
>
> I've taken the last three versions from pkgsrc-wip for a spin. Using
> the GITHUB_TAG as a reference and a snippet of the commit message they
> would be:
>
> acb9d410 - "update to 1.94.4"
> 025e1f2e  - "tun(4) support"
> 73f86934  - "userspace-networking"
>
> (As an aside I got myself into a terrible mess with not destroying the
> tun0 between switching versions to ensure a clean baseline). For each
> test I ensure there are no tun interfaces present and no other
> wireguard or similar processes, then with a pre-authed tailscale just
> run "service tailscaled onestart". This is on 11.0_RC3/amd64 with a
> single configured ethernet interface
>
> In all cases userspace-networking seems to work fine for me - my test
> is 'tailscale ssh <ip>' where <ip> is a Linux box on the same tailnet.
>
> Trying to test with rc.d/tailscaled updated to remove -tun
> userspace-networking - the two latest versions will bring up tun0 with
> the correct IP, and I can use 'tailscale ping', but I cannot use 'ssh
> <ip>' to ssh directly across the tailnet.
>
> Trying my workaround to create and assign an IP to tun0 before
> starting tailscaled still allows me to 'ssh <ip>' across the tailnet
> with acb9d410, but it no longer works for the latter two versions.
>
> I'm pretty sure I must be missing something, but I don't know what! :/
>
> Thanks
>
> David
>

Hmm, interesting. I didn't try ssh during my test. I tried with just
pinging and going to some of our tailnet sites that are for company
use only. Those worked fine with the tun0 device for me. Also on
11.0_RC3 amd64. I'll give this another try tonight and see if I can
get it working with ssh.

What _should_ happen is the tun0 device should get replace when you
restart tailscaled. I must have something wrong that is causing it
a.) not kill and revive the tun0 device and b.) either not work
specifically with ssh or just has the "works on my machine" stamp
on it ;)