Sanitized mirror from private repository - 2026-03-31 11:35:19 UTC
This commit is contained in:
62
docs/networking/TAILSCALE_MESH_TEST.md
Normal file
62
docs/networking/TAILSCALE_MESH_TEST.md
Normal file
@@ -0,0 +1,62 @@
|
||||
# Tailscale Mesh Connectivity Test
|
||||
|
||||
Last tested: 2026-03-31
|
||||
|
||||
## Test Method
|
||||
|
||||
Full `tailscale ping` from each SSH-accessible host to all other online Headscale nodes. This tests WireGuard tunnel establishment and reports whether the connection is direct (peer-to-peer) or relayed via DERP.
|
||||
|
||||
## Results
|
||||
|
||||
All 10 online hosts can reach all other online hosts. No failures.
|
||||
|
||||
### Connection Type Matrix
|
||||
|
||||
`D` = direct, `R` = DERP relay, `—` = self
|
||||
|
||||
| From \ To | Atlantis | Calypso | Pi-5 | Homelab | Matrix-Ubuntu | Setillo | NUC | Guava | Seattle | PVE |
|
||||
|-----------|----------|---------|------|---------|---------------|---------|-----|-------|---------|-----|
|
||||
| **Atlantis** | — | D | D | D | D | D | D | D | D | D |
|
||||
| **Calypso** | D | — | D | D | D | R | D | D | D | D |
|
||||
| **Pi-5** | D | D | — | D | D | D | D | D | D | D |
|
||||
| **Homelab-VM** | D | D | D | — | D | R | D | D | D | D |
|
||||
| **Matrix-Ubuntu** | (tested inbound) | | | | — | | | | | |
|
||||
| **Setillo** | D | D | D | R | R | — | | | | |
|
||||
| **NUC** | D | D | D | D | R | D | — | R | D | R |
|
||||
| **Guava** | (no CLI) | | | | | | | — | | |
|
||||
| **Seattle** | D | D | D | D | D | D | R | D | — | D |
|
||||
| **PVE** | D | D | D | D | D | D | D | D | D | — |
|
||||
|
||||
### Notes
|
||||
|
||||
- **Atlantis/Calypso**: Tailscale binary at `/var/packages/Tailscale/target/bin/tailscale` (Synology package)
|
||||
- **Setillo**: Tailscale binary at `/usr/local/bin/tailscale`
|
||||
- **Guava**: Tailscale runs via TrueNAS built-in management; no `tailscale` CLI in PATH. Confirmed reachable via inbound pings from all other hosts.
|
||||
- **Matrix-Ubuntu**: SSH via LAN IP (192.168.0.154) was unreliable during testing due to table 52 LAN interception (since fixed). Confirmed reachable via Tailscale IP and inbound pings.
|
||||
- **DERP relays** (NUC ↔ some peers, Setillo ↔ homelab/matrix-ubuntu): Normal for nodes behind different NATs. Adds 15-60ms latency but does not affect reliability. Connections may upgrade to direct over time.
|
||||
|
||||
### ICMP Ping Notes
|
||||
|
||||
Standard ICMP ping from the OS (not `tailscale ping`) fails for Atlantis, Calypso, and Setillo because those hosts have ICMP blocked at the firewall level. This does not indicate a connectivity problem — `tailscale ping` and SSH both work.
|
||||
|
||||
## Tailscale Health Warnings
|
||||
|
||||
After fixes applied on 2026-03-31:
|
||||
|
||||
| Host | Health |
|
||||
|------|--------|
|
||||
| Homelab-VM | none |
|
||||
| Pi-5 | none |
|
||||
| NUC | none |
|
||||
| Seattle | none |
|
||||
| PVE | none (was `--accept-routes is false`, fixed) |
|
||||
| Matrix-Ubuntu | none (was `--accept-routes is false`, fixed) |
|
||||
|
||||
## Fixes Applied (2026-03-31)
|
||||
|
||||
1. **Pi-5**: Enabled `--accept-routes`, added LAN routing rule (priority 5200), persistent via dispatcher script + cron
|
||||
2. **Matrix-Ubuntu**: Enabled `--accept-routes`, added LAN routing rule (priority 5200), persistent via dispatcher script + cron
|
||||
3. **PVE**: Enabled `--accept-routes`, added LAN routing rule (priority 5200), persistent via cron @reboot
|
||||
4. **Kuma monitors**: Added LAN-based monitors for Rustdesk (ID:124) and Rackula (ID:125) on `192.168.0.250` to replace flapping Tailscale IP monitors. Fixed corrupted `accepted_statuscodes_json` field in Kuma DB.
|
||||
|
||||
See [LAN Routing Fix](GUAVA_LAN_ROUTING_FIX.md) for full details on the table 52 issue.
|
||||
Reference in New Issue
Block a user