mirror.MikroTik/Fluent-networks.tailscale-mikrotik
1
0
Fork 0
mirror of https://github.com/Fluent-networks/tailscale-mikrotik.git synced 2025-07-15 11:54:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

0.1.35

Browse source 
Revert from nftables to Alpine 3.19 + iptables-legacy
Added note re netfliter-mode flag in README
This commit is contained in:
Frank Edwards 2025-02-01 15:08:13 +10:00
parent 162055e2db
commit 84b1d447ae
4 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Dockerfile
View file

@ -60,7 +60,10 @@ RUN upx /go/bin/tailscale && upx /go/bin/tailscaled
FROM alpine:3.19 FROM alpine:3.19
RUN apk add --no-cache ca-certificates nftables iproute2 bash openssh curl jq RUN apk add --no-cache ca-certificates iptables iptables-legacy iproute2 bash openssh curl jq
RUN rm /sbin/iptables && ln -s /sbin/iptables-legacy /sbin/iptables
RUN rm /sbin/ip6tables && ln -s /sbin/ip6tables-legacy /sbin/ip6tables
RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa RUN ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
RUN ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa RUN ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

4
README.md
View file

@ -74,7 +74,9 @@ This section follows the Mikrotik Container documentation with additional steps
| CONTAINER_GATEWAY | The container bridge (veth1) IP address on the router | | | CONTAINER_GATEWAY | The container bridge (veth1) IP address on the router | |
| LOGIN_SERVER | Headscale login server | Only required for Headscale control server. Do not set if using Tailscale | | LOGIN_SERVER | Headscale login server | Only required for Headscale control server. Do not set if using Tailscale |
| UPDATE_TAILSCALE | Update tailscale on container startup | | | UPDATE_TAILSCALE | Update tailscale on container startup | |
| TAILSCALE_ARGS | Additional arguments passed to tailscale | Optional. Note ```---accept-routes``` is required to accept the advertised routes of the other subnet routers | | TAILSCALE_ARGS | Additional arguments passed to tailscale | Optional. Note:
```--accept-routes``` is required to accept the advertised routes of the other subnet routers.
```--netfilter-mode``` controls the degree of firewall configuration using iptables. See [tailscale up](https://tailscale.com/kb/1241/tailscale-up). |
| TAILSCALED_ARGS | Additional arguments passed to tailscaled | Optional | | TAILSCALED_ARGS | Additional arguments passed to tailscaled | Optional |
| STARTUP_SCRIPT | Extra script to execute in container before tailscaled | Optional | | STARTUP_SCRIPT | Extra script to execute in container before tailscaled | Optional |

2
build.sh
View file

@ -28,7 +28,7 @@
# #
PLATFORM="linux/amd64" PLATFORM="linux/amd64"
TAILSCALE_VERSION=1.78.1 TAILSCALE_VERSION=1.78.1
VERSION=0.1.34 VERSION=0.1.35
set -eu set -eu

3
tailscale.sh
View file

@ -38,9 +38,6 @@ if [[ -n "$STARTUP_SCRIPT" ]]; then
bash "$STARTUP_SCRIPT" || exit $? bash "$STARTUP_SCRIPT" || exit $?
fi fi
# Flag tailscale to use nftables
TS_DEBUG_FIREWALL_MODE=nftables
# Start tailscaled and bring tailscale up # Start tailscaled and bring tailscale up
/usr/local/bin/tailscaled ${TAILSCALED_ARGS} & /usr/local/bin/tailscaled ${TAILSCALED_ARGS} &
until /usr/local/bin/tailscale up \ until /usr/local/bin/tailscale up \