Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5e43a65a7e560fd0d141592bd641a24e70fbb06
homelab-optimized/docs/networking/TAILSCALE_MESH_TEST.md
Gitea Mirror Bot b5e43a65a7
Some checks failed
Documentation / Build Docusaurus (push) Failing after 1m12s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-03-31 11:35:19 UTC
2026-03-31 11:35:19 +00:00

3.1 KiB
Raw Blame History

Tailscale Mesh Connectivity Test

Last tested: 2026-03-31

Test Method

Full tailscale ping from each SSH-accessible host to all other online Headscale nodes. This tests WireGuard tunnel establishment and reports whether the connection is direct (peer-to-peer) or relayed via DERP.

Results

All 10 online hosts can reach all other online hosts. No failures.

Connection Type Matrix

D = direct, R = DERP relay, = self

From \ To Atlantis Calypso Pi-5 Homelab Matrix-Ubuntu Setillo NUC Guava Seattle PVE
Atlantis D D D D D D D D D
Calypso D D D D R D D D D
Pi-5 D D D D D D D D D
Homelab-VM D D D D R D D D D
Matrix-Ubuntu (tested inbound)
Setillo D D D R R
NUC D D D D R D R D R
Guava (no CLI)
Seattle D D D D D D R D D
PVE D D D D D D D D D

Notes

  • Atlantis/Calypso: Tailscale binary at /var/packages/Tailscale/target/bin/tailscale (Synology package)
  • Setillo: Tailscale binary at /usr/local/bin/tailscale
  • Guava: Tailscale runs via TrueNAS built-in management; no tailscale CLI in PATH. Confirmed reachable via inbound pings from all other hosts.
  • Matrix-Ubuntu: SSH via LAN IP (192.168.0.154) was unreliable during testing due to table 52 LAN interception (since fixed). Confirmed reachable via Tailscale IP and inbound pings.
  • DERP relays (NUC ↔ some peers, Setillo ↔ homelab/matrix-ubuntu): Normal for nodes behind different NATs. Adds 15-60ms latency but does not affect reliability. Connections may upgrade to direct over time.

ICMP Ping Notes

Standard ICMP ping from the OS (not tailscale ping) fails for Atlantis, Calypso, and Setillo because those hosts have ICMP blocked at the firewall level. This does not indicate a connectivity problem — tailscale ping and SSH both work.

Tailscale Health Warnings

After fixes applied on 2026-03-31:

Host Health
Homelab-VM none
Pi-5 none
NUC none
Seattle none
PVE none (was --accept-routes is false, fixed)
Matrix-Ubuntu none (was --accept-routes is false, fixed)

Fixes Applied (2026-03-31)

  1. Pi-5: Enabled --accept-routes, added LAN routing rule (priority 5200), persistent via dispatcher script + cron
  2. Matrix-Ubuntu: Enabled --accept-routes, added LAN routing rule (priority 5200), persistent via dispatcher script + cron
  3. PVE: Enabled --accept-routes, added LAN routing rule (priority 5200), persistent via cron @reboot
  4. Kuma monitors: Added LAN-based monitors for Rustdesk (ID:124) and Rackula (ID:125) on 192.168.0.250 to replace flapping Tailscale IP monitors. Fixed corrupted accepted_statuscodes_json field in Kuma DB.

See LAN Routing Fix for full details on the table 52 issue.

Reference in New Issue View Git Blame Copy Permalink