Re: Progress on tailscale on NetBSD (plus $ available)

[Kevin Bloom <ktnb%netbsd.org@localhost>]

> aOn Mon, 20 Apr 2026 at 19:54, Kevin Bloom <ktnb%netbsd.org@localhost> wrote:
> >
> > > From: Kevin Bloom <ktnb%netbsd.org@localhost>
> > >
> > > > Following up on my previous message
> > > >
> > > > Using pkgsrc/wip/tailscale (many thanks to ktnb for maintaining that!)
> > > > I seem to be able to get a pretty reliable full (not needing the -tun
> > > > userspace-networking workaround) tailscale client on NetBSD-11_RC3 by:
> > >
> > > My apologies for not getting the NetBSD support for wip/tailscale
> > > better. That's partly why I keep it in wip and not merged in -current.
> > > I use tailscale for work but I only use macOS and Linux (both with
> > > pkgsrc) so I mostly keep it up-to-date for those systems.
>
> Not at all - thanks for all the work maintaining it - it provided a
> ready platform for me to try poking at :)
>
> > [...]
> >
> > Okay, I'm not 100% sure I have it good enough to consider this "fixed"
> > but I think I do having it working.
> >
> > https://mail-index.netbsd.org/pkgsrc-wip-changes/2026/04/20/msg036257.html
> >
> > Once intsalled:
> > # tailscaled
> > $ tailscale login
> > ...
> > # tailscale up --accept-routes
> > Done.
> >
> > ifconfig(8) shows the tun0 with status active as well. So I'm guessing
> > it's working.
> >
> > I can ping everyone on the tailnet. No need to do anything with the ip.
> > Let me know if it works for y'all.
>
> (Great - leaps in enthusiastically and finds things to trip over :)
>
> I've taken the last three versions from pkgsrc-wip for a spin. Using
> the GITHUB_TAG as a reference and a snippet of the commit message they
> would be:
>
> acb9d410 - "update to 1.94.4"
> 025e1f2e  - "tun(4) support"
> 73f86934  - "userspace-networking"
>
> (As an aside I got myself into a terrible mess with not destroying the
> tun0 between switching versions to ensure a clean baseline). For each
> test I ensure there are no tun interfaces present and no other
> wireguard or similar processes, then with a pre-authed tailscale just
> run "service tailscaled onestart". This is on 11.0_RC3/amd64 with a
> single configured ethernet interface
>
> In all cases userspace-networking seems to work fine for me - my test
> is 'tailscale ssh <ip>' where <ip> is a Linux box on the same tailnet.
>
> Trying to test with rc.d/tailscaled updated to remove -tun
> userspace-networking - the two latest versions will bring up tun0 with
> the correct IP, and I can use 'tailscale ping', but I cannot use 'ssh
> <ip>' to ssh directly across the tailnet.
>
> Trying my workaround to create and assign an IP to tun0 before
> starting tailscaled still allows me to 'ssh <ip>' across the tailnet
> with acb9d410, but it no longer works for the latter two versions.
>
> I'm pretty sure I must be missing something, but I don't know what! :/
>
> Thanks
>
> David
>

Okay, I just pushed up another commit that uses the orignal code but
keeps the new logic. I've tested it and I have been successful with
both tun0 and userspace-networking. I didn't have to destroy the tun0
device for this one to work but the commit before this I had to kill
it before trying. (Interestingly enough, the previous commit stopped
working for me once you said that it didn't work for you...)

Let me know how it goes!

Note: I didn't use the rc script just the raw command:
  tailscaled [-tun=userspace-networking]

Just had to login, up --accept-routes, and I was good. I'll test it
again tomorrow morning since apparently when the sun comes up it
stopped working before!