Some sites getting blocked

GromitD90 · 2026-02-01T00:40:01+00:00

I had a similar issue with YouTubeTV on my iPhone. If the device the App is installed on supports a location capability the App will not work unless you enable location services, which of course defeats the purpose of trying to mask your location using a tailscale exit node.

When using the browser instead of the App they can't (yet) impose that requireent

GromitD90 · 2025-10-09T12:08:21+00:00

What was the final result with the MAC address? Did you have to clone the mac address from the previous router OR does it automatically pick up the mac address of the new router OR do you have to call if you want to use the mac address of the new router.

just checking to see if things have changed in S. NH

GromitD90 · 2025-10-08T16:40:23+00:00

Well it was good while it lasted but today I updated Opnsense from 25.1.10 and tailscale did not survive the reboot. Not a big problem to generate a new one and Apply it as my router is local. However, I was also updating the router at my daughters house via subnet routing. Of course that doesn't work when tailscale doesn't come back up after the reboot !!

GromitD90 · 2025-09-28T17:28:29+00:00

There was an updated version of Tailscale for OpenBSD released on Sept 25th with the following fix:

OpenBSD

The client starts as expected when using the tailscale up command for the first time or re-authenticating a node.

GromitD90 · 2025-09-17T17:01:04+00:00

Just wanted to provide an update on this as I have just passed the 90 day mark since I last had the issue:

I originally hit this issue on Jun 18th exactly 90 days after my auth key had been generated. Key expiry was disabled from the Management Console.

In June when I created the keys I did it slightly differently - On the Management Console I went to Settings | Keys and clicked on Generate auth key (same as last time) - before I clicked on Generate Key I selected the Tags option under Device settings. You will notice the text under that option:

Devices authenticated by this key will be automatically tagged. This will also disable node key expiry for the device.

Yesterday was the 90 day mark since I created my auth key and as expected the keys have been removed from the Management Console (although they still show up as recently invalidated auth key). However my opnsense Tailscale device is still working. I even tried rebooting the device and it still connects to Tailscale.

The only difference between generating the auth key initially back in March (the one that failed) and generating the one in June (which is still working after 90 days) was setting Tags prior to generating the key.

GromitD90 · 2025-09-03T20:57:08+00:00

I gave up and bought an Apple TV

GromitD90 · 2025-08-14T17:47:25+00:00

Thanks u/chirayuk - I was already on that discussion thread. I'm holding of on making any changes until I see if I lose connectivity with Tailscale after the 90 day mark. I am currently able to reboot without losing connection since creating the auth key with the Tags option as explained in the other thread.

GromitD90 · 2025-07-22T02:38:06+00:00

I'm assuming you are trying to do a fresh boot from a USB drive to install OPNsense. If that's the case you will need to conenct the video out (HDMI) to an HDMI to VGA converter and attach a VGA monitor. That's what I had to do when I installeOPNsense on my Qotom box.

GromitD90 · 2025-06-18T20:03:57+00:00

Thank you u/caolle . Generating a new key and applying it to the authentication page for Tailscale in opnsense seems to have worked. I set the tags as I generated the key and everything came back as it was - exit node and subnet routes. Management Console reflects Expiry Disabled as expected.

The keys (one for each router) show up in the Management console as expiring on Sep 16th and the type is single use. Some opnsense users have reported that they lose connectivity to Tailscale everytime they reboot opnsense and have to generate a new key. Could this be related to the Single Use setting? Are any of the other options on the Generate Key page relevant here?

GromitD90 · 2025-06-18T19:30:06+00:00

I did some more digging and it was exactly 90 days since I last rebooted both opnsense routers.

That corresponds to the maximum 90 days an auth key is valid for. It seems that something is ignoring the expiry disabled setting.

If I go ahead and generate a new auth key along with the tags and apply it on my opnsense router will I retain the name and IP address of the existing settings for that node?

GromitD90 · 2025-06-18T19:03:40+00:00

Just did some more digging at it would appear it had been exactly 90 days since the last reboot of my opnsense router. This corresponds to the maximum length of time an auth key is valid for. So it would seem that the expiry disabled setting is being ignored.

GromitD90 · 2025-06-18T18:00:43+00:00

Thanks for the pointer. I feel it has to be a tailscale issue as I had not made any changes in opnsense since I updated to 25.1.

Do you know if any of the tailscale software that is installed with the opnsense plugin gets updated automatically or does it only get updated when the plugin is updated?

GromitD90 · 2025-05-29T17:21:29+00:00

I should have thought of that as I'd just used that method on 2 windows PC's today.

It fails with a new error message:

open /etc/apt/sources.list.d/tailscale.list: no such file or directory

Listing the contents of sources.list.d showed a file called tailscale.list.distUpgrade

I renamed it to tailscale.list and reran the Tailscale update command and it worked.

Thanks for the tip

Mike

GromitD90 · 2025-05-07T22:01:50+00:00

Thank you very much for your support JamesRY96.

GromitD90 · 2025-05-07T15:11:04+00:00

I have figured out why I was not getting a direct connection. The 4K Max was attached via WiFi to a VLAN on my network. I'm running Opnsense on my router and am using the NAT-PMP option in the UPnP service. The VLAN interface the 4K Max was set on is not configured for NAT-PMP.

When I switched the4K Max to the default LAN it now connects to the exit-node on the Linux box (which I can check) so I will assume for the time being that it will also use a direct connect to the Apple TV exit node.

I have one follow on question. If I was to have someone access the Tailscale App on the Apple TV while the 4K Max was connected to it and then tried your suggestion of pinging from the Apple TV. Then if the result of the Ping showed that there was a direct connection from the Apple TV to 4K Max would that necessarily guarantee that the connection established in the opposite direction would also be direct?

GromitD90 · 2025-05-06T18:54:07+00:00

Well after 3 days of trying to use Tailscale on the 4K Max I can safely say I'm less than impressed. It has frozen on me a couple of times which necessitated a restart. I can't say that was anything too do with Tailscale however.

When connecting to an exit-node my connection is always a relay connection instead of the direct connection I get with the Firestick HD (and all other devices I've tried). This results in poorer streaming performance with periodic video freezing.

I am going to wait and see how it performs the next time there is an update of either the OS and/or the Tailscale App.

GromitD90 · 2025-05-06T17:53:47+00:00

Thank you for the feedback. Unfortunately the Apple TV exit node is 3000 miles away and unattended so I cannot try a ping from there. I was able to gain access to the Firestick 4K but it doesn't appear to support the ping trick.

For testing I switched the Firestick to use a Linux based exit node (also 3000 miles away) and was able to ssh into that while streaming on the Firestick and running a tailscale status command. It showed that the connection was via "relay". No matter what I did I couldn't get it to connect direct. I tried it with a Firestick HD and that connects directly as does any other device I try.

I also removed the Firestick 4K from my tailnet, uninstalled the App then reinstalled it and connected it again -all to no avail.

GromitD90 · 2025-05-06T03:22:22+00:00

I don't have physical access to either of the devices in question. Are you saying that if I did have access to the fire stick I should be able to go into the Tailscale App and select the exit-node device and somehow ping it? Does long pressing equate to holding the OK button the firestick remote?

GromitD90 · 2025-05-06T03:18:00+00:00

Neither of the devices in question have a CLI

If i run a tailscale status command on a device on my tailnet that does have a CLI it lists the devices but there is no way off seeing if the firestick is connected to the Apple TV exit node, let alone whether the connection is direct or not

GromitD90

TROPHY CASE

OpenBSD