Seamlessly Integrating Tailscale with Ubiquiti USG: A Comprehensive Guide

Networking Home Networking
,
1

To successfully run Tailscale on your Ubiquiti USG, you will need SSH access to your device. It is advisable to execute sudo su to operate as the root user throughout the installation process.

Installation Steps

  1. Download Tailscale
    Acquire the appropriate version of Tailscale for your USG’s processor architecture. You can choose from the latest stable or unstable releases. Use the following command to download and extract the files into the /config/ directory:

    curl https://pkgs.tailscale.com/stable/tailscale_1.72.2_mips64.tgz | tar xvz -C /tmp
mv /tmp/tailscale_1.72.2_mips64 /config/tailscale

  2. Create Initialization Scripts
    Set up scripts for first boot and post-configuration by executing the following commands:

    mkdir -p /config/scripts/firstboot.d
mkdir -p /config/scripts/post-config.d

cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscale/tailscale /usr/bin/tailscale
ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
sudo tailscaled > /dev/null 2>&1 &
disown
sudo tailscale up
EOF

chmod +x /config/scripts/firstboot.d/tailscale.sh
cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh

  3. Execute the Startup Script
    To initiate Tailscale, run the following command:

    bash /config/scripts/post-config.d/tailscale.sh

Upgrading Tailscale

To upgrade to the latest version of Tailscale, follow these steps, keeping in mind that connecting over your tailnet will interrupt your SSH session:

sudo su  # Ensure you are operating as root
url=https://pkgs.tailscale.com/stable/tailscale_1.72.2_mips64.tgz
curl $url | tar xvz -C /tmp  # Download and unpack

# Identify the unpacked file location
location=$(find /tmp -type d -iname "tailscale*" | head -n1)

# Upgrade process
rm -Rf /config/tailscale-prev  # Remove previous version if it exists
tailscale down --accept-risk=lose-ssh && \
tsid=$(pidof tailscaled) && \
kill $tsid && \
mv /config/tailscale /config/tailscale-prev && \
mv $location /config/tailscale && \
bash /config/scripts/post-config.d/tailscale.sh  # Restart Tailscale services

Additional Notes

  1. This guide builds upon discussions found in this gist.
  2. If running NextDNS on your USG, you may encounter a health check warning regarding Linux DNS configuration: “Linux DNS config not ideal. /etc/resolv.conf overwritten.” For more information, refer to Tailscale’s documentation.
  3. The configuration of Tailscale is set up with your USG functioning as a Subnet router.

By following these detailed steps, you can effectively integrate Tailscale into your Ubiquiti USG setup, enhancing your network’s flexibility and security.

2

There is some stuff missing (e.g. touch /config/auth/tailscaled.state doesn’t work without first creating /config/auth) and there is the auto-update functionality of tailscale tailscale set --auto-update which may suit your need as well instead of manually updating.

Lastly Ubiquity stopped using /config and instead is using /data now, I would honestly recommend just using this script: GitHub - SierraSoftworks/tailscale-udm: Run Tailscale on your Unifi Dream Machine

3

It’s an old guide, I have moved away from unifi to opnsense for my gateway. I was planning to buy the new fiber gateway but then dell r730 happened and that derailed the plan. I will bookmark your comment if someone needs it. Thanks for the heads up