Tailscale

[alensiljak]

Package description

Tailscale service helps build mesh VPN networks using WireGuard.
The clients are available for Linux (with the mobile client in development).
In more detail: https://tailscale.com/blog/how-tailscale-works/

Link to home page and sources

1. Home page: https://tailscale.com/
2. Source code: https://github.com/tailscale/tailscale

Additional information
Have you compiled or tried to compile the package on device? No.

[alensiljak]

Staticly-linked binaries available at https://pkgs.tailscale.com/stable/#static, including ARM and ARM64.

[normanr]

I doubt termux would be able to create the wireguard interfaces, etc. You may be more interested in following tailscale/tailscale#285

[Grimler91]

@normanr controlling interfaces works fine with wireguard-tools, on rooted devices with the wireguard kernel module

[ihsakashi]

I support this package request. I don't think Tailscale can use the Wireguard kernel module. It uses wireguard-go.

[FarisZR]

Tailscale supports Userspace networking
https://tailscale.com/kb/1112/userspace-networking/

[DeicPro]

Tailscale support Userspace networking https://tailscale.com/kb/1112/userspace-networking/

Works like a charm to convert my phone in an exit node without the app (and the Android VPN connection). Thank you!

Here is a how-to for armv8, it's non-root, just in case.

Installation

1. Download and extract package:

curl -fsSL https://pkgs.tailscale.com/stable/tailscale_1.36.2_arm64.tgz | tar xzv

2. Move binaries and set permissions:

mv tailscale_1.36.2_arm64/{tailscale,tailscaled} . && chmod 700 {tailscale,tailscaled} && rm -r tailscale_1.36.2_arm64

First run

1. Run tailscale daemon:

./tailscaled -tun userspace-networking &

2. Link your account and setting up tailscale as exit node:

./tailscale up && ./tailscale set --advertise-exit-node

3. Go to https://login.tailscale.com/admin/machines > (click your device) > Machine settings > Edit route settings... > Turn on "Use as exit node"

In next sessions you can simply run the daemon command as in step 1 and nothing more.

[worldofgeese]

@DeicPro this didn't work for me:

~ $ ./tailscaled -tun userspace-networking &
[2] 24287
~ $ logtail started
Program starting: v1.36.2-t9450812f7-g622a25149, Go 1.19.4-tsdc0ce6324d: []string{"./tailscaled", "-tun", "userspace-networking"}
LogID: dcff35d155acaaa349538ba71805206f64ab5bf410f261a4b8fa41a57a643681
logpolicy: using system state directory "/data/data/com.termux/files/home/.local/share/tailscale"
flushing log.
logger closing down
logtail: dial "log.tailscale.io:443" failed: dial tcp: lookup log.tailscale.io on [::1]:53: read udp [::1]:43950->[::1]:53: read: connection refused (in 1ms), trying bootstrap...
trying bootstrapDNS("derp9.tailscale.com", "207.148.3.137") for "log.tailscale.io" ...
logtail: upload: log upload of 687 bytes compressed failed: Post "https://log.tailscale.io/c/tailnode.log.tailscale.io/90a76b1e96a30f21fd5e981981b695471876641eedc8541b4d9356ac9e79516a": context canceled
getLocalBackend error: monitor.New: route ip+net: netlinkrib: permission denied

[stevenxxiu]

@worldofgeese I needed root to get past the error.

First download the latest version in https://pkgs.tailscale.com/stable/#static.

The following worked for me. I use Nushell here but switch to your syntax and preferred directories.

$ sudo tailscaled -tun userspace-networking -statedir ~/.local/share/tailscale/tailscaled.state -socket $'($env.PREFIX)/var/run/tailscale/tailscaled.sock'

Then in another terminal:

$ sudo tailscale --socket $'($env.PREFIX)/var/run/tailscale/tailscaled.sock' up

[kb-1000]

Something that might be interesting to think about is supporting the tailscale CLI (so for example funnel) together with the android app, which could work without root. Though the app would likely need changes to support that.

[YCJDWCJI]

./tailscaled -tun userspace-networking

doesn't work for me, seems to be a new issue caused by Android 11, may require ROOT:

• cmd/tailscale: implement getInterfaces + SDK 30 tailscale/tailscale-android#21
• x/mobile: Calling net.InterfaceAddrs() fails on Android SDK 30 golang/go#40569

netmon.New: route ip+net: netlinkrib: permission denied

[YCJDWCJI]

@worldofgeese I needed root to get past the error.

First download the latest version in https://pkgs.tailscale.com/stable/#static.

The following worked for me. I use Nushell here but switch to your syntax and preferred directories.

$ sudo tailscaled -tun userspace-networking -statedir ~/.local/share/tailscale/tailscaled.state -socket $'($env.PREFIX)/var/run/tailscale/tailscaled.sock'

Then in another terminal:

$ sudo tailscale --socket $'($env.PREFIX)/var/run/tailscale/tailscaled.sock' up

If using Termux and ROOT (su):

sudo ./tailscaled -tun userspace-networking --state=$PREFIX/var/lib/tailscale/tailscaled.state -socket $PREFIX/var/run/tailscale/tailscaled.sock --port=41641 &
sudo ./tailscale --socket $PREFIX/var/run/tailscale/tailscaled.sock up # --login-server=https://your-domain:443

perfect solution should be to use Magisk module: anasfanani/Magisk-Tailscaled.

[stevenxxiu]

Using a Magisk module does have downsides and is definitely not "perfect". It depends on the authors updating their module, requires a wrapper around it. Using Termux itself is enough. It only requires root, setting up a service if you want, Tailscale itself.

[AgentConDier]

I've been using self-built tailscale without root in userspace networking mode for ages. Works like a charm on both Android 10 and 12.

# Prepare
cd "$HOME"
pkg install golang

# Build tailscale
git clone https://github.com/tailscale/tailscale --depth=1
cd tailscale
go install tailscale.com/cmd/tailscale{,d}

# Cleanup
cd "$HOME"
rm -rf tailscale
chmod -R u+w go/pkg
rm -rf go/pkg
rm -r .cache/go-build/
apt purge golang

# To use it, add /data/data/com.termux/files/home/go/bin to $PATH
# Usage example:
# alias tailscale='tailscale --socket /data/data/com.termux/files/usr/run/tailscaled.sock'
# alias tailscaled='tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket /data/data/com.termux/files/usr/run/tailscaled.sock --statedir /data/data/com.termux/files/home/.config/tailscale/'

A package would be appreciated, the build doesn't work currently because go >= 1.22.0 is required.

[mattalxndr]

I've been using self-built tailscale without root in userspace networking mode for ages. Works like a charm on both Android 10 and 12.

# Prepare
cd "$HOME"
pkg install golang

# Build tailscale
git clone https://github.com/tailscale/tailscale --depth=1
cd tailscale
go install tailscale.com/cmd/tailscale{,d}

# Cleanup
cd "$HOME"
rm -rf tailscale
chmod -R u+w go/pkg
rm -rf go/pkg
rm -r .cache/go-build/
apt purge golang

# To use it, add /data/data/com.termux/files/home/go/bin to $PATH
# Usage example:
# alias tailscale='tailscale --socket /data/data/com.termux/files/usr/run/tailscaled.sock'
# alias tailscaled='tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket /data/data/com.termux/files/usr/run/tailscaled.sock --statedir /data/data/com.termux/files/home/.config/tailscale/'

A package would be appreciated, the build doesn't work currently because go >= 1.22.0 is required.

How does this get around the route ip+net: netlinkrib: permission denied issue?

Tried your params on the static files from https://pkgs.tailscale.com/stable/tailscale_1.60.1_arm64.tgz without sudoing and got the same error:

$ ./tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket /data/data/com.termux/files/usr/run/tailscaled.sock --statedir /data/data/com.termux/files/home/.config/tailscale/
2024/03/04 19:21:41 netmon.New: route ip+net: netlinkrib: permission denied

[AgentConDier]

How does this get around the route ip+net: netlinkrib: permission denied issue?

I've never seen that error on my end. I'm assuming that's either because when you build the beta on-device it automatically recognizes android and uses some kind of workaround, or I got lucky with my vendor specific android versions (Tried it on Huawei Emui 12 / Android 10 and Samsung Android 12).

I think the former is more likely though; it seems my tailscaled is using some android-specific route API:

[…]
interfaces: found Android default route 10.147.81.165
monitor: gateway and self IP changed: gw=10.147.81.165 self=10.147.81.165
post-rebind ping of DERP region 4 okay
post-rebind ping of DERP region 4 okay

[Adeor]

Currently the package builds on Android 14 / GrapheneOS (Pixel 8a) via Termux with the currently packaged golang 1.23.1, but tailscaled (run via tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket /data/data/com.termux/files/usr/run/tailscaled.sock --statedir /data/data/com.termux/files/home/.config/tailscale/) throws the same route ip+net: netlinkrib: permission denied error. It also doesn't output any more information, even with -verbose 9.

[gbraad]

This is related to how information is read for the network interface. It does not occur on all devices, and also not for the same environments.

• Termux from f-droid works for me on Android 12
• VScode for Android on the same device fails (uses proot).

I am looking into an alternative build for this, that uses @wlynxg's anet library