As I mentioned the other day, I fell in love using Tailscale for making my local private network accessible remotely. I’m also using this in my company, but with one colleague, had an issue, I didn’t find any documented solution online. So here is mine.
I have a Tailscale network with multiple self-hosted services running in Docker and made available with Tailscale. If you have an account and your account is invited to the network, you can access them. This worked for 2 of 3 colleagues. The third had the Tailscale client running on their Windows, it showed up as active in the Tailscale admin console and the list of machines. It looks like it runs perfectly, but when you try access the the service within the network, it fails in Firefox with the error PR_END_OF_FILE_ERROR or SSL_ERROR_INTERNAL_ERROR_ALERT. In other browsers the error would just show as a connection error.
If you put the service in a public Tailscale tunnel, access is possible.
if you go on their machine, open Powershell and call tailscale status it would show all status just fine. Calling tailscale ping <service-name> shows success ping to the service.
I tested Windows defender and firewall settings, but could not find anything that could explain the issues.
Calling tailscale dns status provides on the machine provides an overview of the dns options Tailscale is using. Here it showed this:
=== 'Use Tailscale DNS' status ===
Tailscale DNS: disabled.
Tailscale is configured to handle DNS queries on this device.
Run 'tailscale set --accept-dns=false' to revert to your system default DNS resolver.So I switched this on:
tailscale set --accept-dns=trueEt voila, calling the service work again!
So now I’m in this half-satisfactory space of having a solution, but not knowing the root cause. My guess is that this colleague hasn’t updated Tailscale since them installed it initially in October and when they installed the latest version, it did not install the latest default configurations properly.
My expectation would be that turn Tailscale DNS off again, would lead to the same issue, but it didn’t.
tailscale set --accept-dns=falseSo something is weird, is resetted when activated DNS and stays good when deactivating it again.
Well it works, for now and I hope it’s a permanent solution.