Re: tailscale on NetBSD (more $ available)

[ci4ic4 <ci4ic4%proton.me@localhost>]

Sent with Proton Mail secure email.

On Tuesday, 11 February 2025 at 21:44, sunqingyao19970825%icloud.com@localhost <sunqingyao19970825%icloud.com@localhost> wrote:

> Dear Ryo,
> 
> Thanks for the package! I can install it on NetBSD 10.1 but have some trouble starting the tailscale service. Please see the error message below (looks like I don’t have the “userspace-networking” interface?):
> 
> esbear# service tailscaled start
> 
> esbear# logtail started
> 
> Program starting: v1.81.0-ERR-BuildInfo, Go 1.23.6: []string{"/usr/pkg/bin/tailscaled", "-tun", "userspace-networking"}
> 
> LogID: 6e6ef0aa8d3fb3cfc2e38a54d67e975b2584a9c5defe535bf8adb04623e3a335
> 
> logpolicy: using system state directory "/var/db/tailscale"
> 
> dns: using dns.noopManager
> 
> cleanUp: ifdown=[ifconfig userspace-networking down]
> 
> cleanUp: interfaceName=userspace-networking
> 
> ifconfig down: exit status 1
> 
> usage: ifconfig [-h] [-m] [-v] [-z] [-L] interface
> 
>         [ af [ address [ dest_addr ] ] [ netmask mask ] [ prefixlen n ]
> 
>                 [ alias | -alias ] ]
> 
>         [ up ] [ down ] [ metric n ] [ mtu n ]
> 
>         [ advbase n ] [ advskew n ] [ carpdev iface ] [ pass passphrase ] [ state state ] [ vhid n ]
> 
>         [ maxupd n ] [ syncdev iface ] [syncpeer peer_addr]
> 
>         [ anycast | -anycast ] [ deprecated | -deprecated ]
> 
>         [ pltime n ] [ vltime n ] [ eui64 ]
> 
>         [ media type ] [ mediaopt opts ] [ -mediaopt opts ] [ instance minst ]
> 
>         [ [ af ] tunnel src_addr dest_addr ] [ deletetunnel ]
> 
>         [ vlan n vlanif i ] [ -vlanif i ]
> 
>         [ nwid network_id ] [ nwkey network_key | -nwkey ]
> 
>         [ list scan ]
> 
>         [ powersave | -powersave ] [ powersavesleep duration ]
> 
>         [ hidessid | -hidessid ] [ apbridge | -apbridge ]
> 
>         [ agrport i ] [ -agrport i ]
> 
>         [ session local-session-id remote-session-id ]
> 
>         [ cookie local-cookie-length local-cookie remote-cookie-length remote-cookie ]
> 
>         [ laggproto p ]
> 
>         [ laggport i [ pri n ] ] [ -laggport i ]
> 
>         [ laggportpri i [ pri n]]
> 
>         [ lagglacp [ dumpdu | -dumpdu ] [ stopdu | -stopdu ]
> 
>                 [ maxports n | -maxports ] [ optimistic | -optimistic ] ]
> 
>         [ laggfailover] [ rx-all | -rx-all ]
> 
>         [ arp | -arp ]
> 
>         [ preference n ]
> 
>         [ link0 | -link0 ] [ link1 | -link1 ] [ link2 | -link2 ]
> 
>         [ linkstr str | -linkstr ]
> 
>         [ unnumbered | -unnumbered ]
> 
>         [ description str | descr str | -description | -descr ]
> 
>        ifconfig -a [-b] [-d] [-h] [-m] [-u] [-v] [-z] [ af ]
> 
>        ifconfig -l [-b] [-d] [-s] [-u]
> 
>        ifconfig -C
> 
>        ifconfig -w n
> 
>        ifconfig interface create
> 
>        ifconfig interface destroy
> 
> wgengine.NewUserspaceEngine(tun "userspace-networking") ...
> 
> dns: using dns.noopManager
> 
> link state: interfaces.State{defaultRoute= ifs={wm0:[192.168.50.98/24 fd12:1869:2151:8b46:d56:52f3:6517:b497/64 llu6]} v4=true v6=true}
> 
> onPortUpdate(port=65531, network=udp6)
> 
> magicsock: failed to set UDP read buffer size to 7340032: set udp6 [::]:65531: setsockopt: no buffer space available
> 
> magicsock: failed to set UDP write buffer size to 7340032: set udp6 [::]:65531: setsockopt: no buffer space available
> 
> onPortUpdate(port=62964, network=udp4)
> 
> magicsock: failed to set UDP read buffer size to 7340032: set udp4 0.0.0.0:62964: setsockopt: no buffer space available
> 
> magicsock: failed to set UDP write buffer size to 7340032: set udp4 0.0.0.0:62964: setsockopt: no buffer space available
> 
> magicsock: disco key = d:0f0525ae75006803
> 
> Creating WireGuard device...
> 
> Bringing WireGuard device up...
> 
> Bringing router up...
> 
> Clearing router settings...
> 
> Starting network monitor...
> 
> Engine created.
> 
> pm: migrating "_daemon" profile to new format
> 
> logpolicy: using system state directory "/var/db/tailscale"
> 
> got LocalBackend in 2ms
> 
> Start
> 
> Backend: logs: be:6e6ef0aa8d3fb3cfc2e38a54d67e975b2584a9c5defe535bf8adb04623e3a335 fe:
> 
> Switching ipn state NoState -> NeedsLogin (WantRunning=false, nm=false)
> 
> blockEngineUpdates(true)
> 
> wgengine: Reconfig: configuring userspace WireGuard config (with 0/0 peers)
> 
> wgengine: Reconfig: configuring router
> 
> wgengine: Reconfig: configuring DNS
> 
> dns: Set: {DefaultResolvers:[] Routes:{} SearchDomains:[] Hosts:0}
> 
> dns: Resolvercfg: {Routes:{} Hosts:0 LocalDomains:[]}
> 
> dns: OScfg: {}
> 
> health(warnable=is-using-unstable-version): error: This is an unstable version of Tailscale meant for testing and development purposes. Please report any issues to Tailscale.
> 
> health(warnable=wantrunning-false): error: Tailscale is stopped.
> 
> Once I can successfully run tailscale SSH, I’m willing to make the payment as promised. You can send you Venmo/Zelle/PayPal/whatever account to this email address, and we’ll figure out how to send you $200!
> 
> Regarding the fact that tailscale/wireguard-go does not handle NetBSD's tun(4) device properly so we must use userspace networking, what’s the impact and where should we open an issue? I hope this can be resolved.
> 
> Bests,
> 
> Qingyao
> 
> From: Ryo ONODERA <ryo%tetera.org@localhost>
> Date: Tuesday, February 11, 2025 at 04:02
> To: rxg%lavabit.com@localhost <rxg%lavabit.com@localhost>, wb9ypa%fourway.net@localhost <wb9ypa%fourway.net@localhost>
> Cc: sunqingyao19970825%icloud.com@localhost <sunqingyao19970825%icloud.com@localhost>, pkgsrc-users%netbsd.org@localhost <pkgsrc-users%netbsd.org@localhost>, qs234%cornell.edu@localhost <qs234%cornell.edu@localhost>, abs%absd.org@localhost <abs%absd.org@localhost>
> Subject: Re: tailscale on NetBSD (more $ available)
> 
> Hi,
> 
> Rui-Xiang Guo <rxg%lavabit.com@localhost> writes:
> 
> > On Sun, Feb 09, 2025 at 04:42:24PM -0500, wb9ypa wrote:
> >> Dear NetBSD pkgsrc-users,Even I would be willing to kick in a donation to whoever needed the money to kick this Tailscale project off to a start.Mike sienicki
> >> -------- Original message --------From: sunqingyao19970825%icloud.com@localhost Date: 2/9/25  10:21  (GMT-05:00) To: pkgsrc-users%netbsd.org@localhost Cc: Qingyao Sun <qs234%cornell.edu@localhost>, abs%absd.org@localhost Subject: tailscale on NetBSD (more $ available)
> >>
> >> Dear all,
> >> ?
> >> Last year, David offered $200 to encourage the inclusion of tailscale into pkgsrc in
> >> a previous thread, but unfortunately nobody is motivated enough to do the work. I?m familiar with neither go modules nor pkgsrc, so it will probably take me forever to package
> >>  it on my own. Moreover, I cannot use their
> >> static builds because these are Linux ELF files.
> >> ?
> >> Since I really want a NetBSD box on my tailnet, I am matching David?s bounty by offering an additional $200 to whoever packages tailscale into pkgsrc (a platform-agnostic package would be perfect, but a NetBSD-only package suffice for now).
> >
> > Hi,
> > Not to sign up. :) Just do a quick review.
> > I supposed the required module below should be added NetBSD support first:
> > https://github.com/WireGuard/wireguard-go
> >
> > and this PR - https://github.com/WireGuard/wireguard-go/pull/49
> > could be used as a reference.
> 
> wireguard-go is in pkgsrc/net/wireguard-go.
> However it seems that it does not handle NetBSD's tun(4) device properly.
> 
> I have just added my userspace-networking only package as
> pkgsrc/net/tailscale.
> 
> You can connect tailscale.com as follows:
> 
> (1) Install pkgsrc/net/tailscale
> (2) Copy /usr/pkg/share/examples/rc.d/tailscaled under /etc/rc.d
> (3) Add tailscaled=YES in /etc/rc.conf
> (4) Run `service tailscaled start`
> (5) Run `tailscale up` as root and get URI of login.tailscale.com
> (6) Login tailscale.com with the URI
> 
> I am using SSH and ping between tailscale clients.
> I have no idea about the other functionalities.
> 
> Thank you.


Great progress indeed, thanks a lot. 

In my case, on a -current machine from a few days, I am able to use it as a server, I can ssh to the NetBSD host over the tailnet. The reverse operation fails for me:

.....
# uname -a
NetBSD ym1r.lorien.lan 10.99.12 NetBSD 10.99.12 (GENERIC) #0: Thu Feb  6 05:42:06 GMT 2025  root%ym1r.lorien.lan@localhost:/bd/sysbuild/amd64/obj/home/sysbuild/src/sys/arch/amd64/compile/GENERIC amd64
# tailscale status
100.103.185.88  ym1r                 XXXXXX@      netbsd  -
...
100.83.75.41    ci4c                 XXXXXX@      linux   idle, tx 187640 rx 147512
...

# Health check:
#     - This is an unstable version of Tailscale meant for testing and development purposes. Please report any issues to Tailscale.
#     - Tailscale failed to fetch the DNS configuration of your device: getting OS base config is not supported
#     - getting OS base config is not supported
# tailscale ping ci4c
pong from ci4c (100.83.75.41) via 129.151.82.93:41641 in 33ms
# ssh ci4c
ssh: Could not resolve hostname ci4c: No address associated with hostname
# ssh ubuntu@100.83.75.41  (this hangs)
--------------

I suppose, this is due to the userspace networking, I do not see any iterface configured with the tailnet address at all.

Chavdar 


> 
> > -rxg
> >
> 
> --
> Ryo ONODERA // ryo%tetera.org@localhost
> PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB  FD1B F404 27FA C7D1 15F3