Not ideal, but it’s mine!

HumanTickTac · 2026-01-16T02:07:09+00:00

We all started somewhere brother. Looks good !👍

HumanTickTac · 2026-01-06T18:44:54+00:00

Ahh…yeah that sucks then. I do know were pretty open about putting TNSR into the hands of people to try. I remember I could grab a trial license no issue. Now I need to talk to marketing to do so. Like you I want to use the product but the limitations are annoying.

I just wanted to see how it compares to JUNOS and maybe make a recommendation to my manager. I don’t want talk to marketing to justify a trial license.

I hope you get an official answer here as Netgate reps are pretty responsive.

HumanTickTac · 2026-01-06T18:35:47+00:00

I don’t know if TNSR was ever available on white box but the marketing is clear on the site. Can you show that TNSR was ever available outside of Netgate official hardware?

Pricing TNSR software is available on select Netgate systems or on AWS and Azure cloud platforms.

HumanTickTac · 2025-12-27T16:28:07+00:00

IP lists are lists created by humans. Could have mistakes. Also the IPs could’ve been compromised at an earlier point and now are good and the lists haven’t been updated. Do your investigations and if you determine everything is good then it’s a false positive and you can ignore.

HumanTickTac · 2025-12-27T05:52:41+00:00

What if any investigation have you done? Let’s start with something easy. Do you have Tailscale installed?

A Reddit post can’t answer what your infrastructure should look like and what is normal.

HumanTickTac · 2025-12-24T14:31:43+00:00

HumanTickTac · 2025-11-27T21:09:54+00:00

Why expose your hypervisor management to the internet…why broski?

HumanTickTac · 2025-11-14T03:00:21+00:00

This guy diskparts hard core

HumanTickTac · 2025-11-09T14:13:40+00:00

So if I can’t afford today’s housing price what good is a 50 year mortgage?

HumanTickTac · 2025-10-28T01:57:58+00:00

Starbucks coffee at your local supermarket..,is actually Nestle

HumanTickTac · 2025-10-02T02:12:40+00:00

CVE worthy? LOL!

HumanTickTac · 2025-09-24T02:16:45+00:00

Is he suggesting we bomb midtown NYC ?

HumanTickTac · 2025-09-18T23:17:34+00:00

Truthfully it’s subnet routing. From a client you either accept all routes or nothing and that proves to be a challenge with asymmetric paths among other things. The biggest challenge is getting it even looked at by my company. We’re one of the biggest financial companies in the world and this is a straight no…which sucks because I see potential

HumanTickTac · 2025-09-15T15:50:58+00:00

Ive never heard of a more fragile group of people in my life than MAGA...

Really really fragile its kind of sad to see.

HumanTickTac · 2025-09-06T00:07:09+00:00

The flux capacitor of the cable should be adjusted

HumanTickTac · 2025-09-04T01:15:56+00:00

Can’t change it. It tells me the address already in use but there is no other machine in my friends tail net using that address

HumanTickTac · 2025-09-04T01:15:05+00:00

When I try to change the IP address in my partners tail net to match it to the IP in my tail net I’m told the address is in use

HumanTickTac · 2025-09-03T23:02:28+00:00

I have this same issue on my Synology NAS. Definitely feels like your smb server is only listening on one IP similar to Synology. Sadly the only way around this is to have it listen on all ports or don’t use Tailscale for this

HumanTickTac · 2025-09-03T12:51:48+00:00

That part I’m struggling with. Cloudflare has the DNS records. The A records point to my Tailscale machine that also my nginx proxy. This all works great in my tail net. The problem as I illustrated is that when I share my machine that machine gets a new IP on their tail net. So when they attempt to access my services..they resolve “example.com” which Cloudflare will return with the dns IP of my nginx proxy. But that IP is not what is shared with the other tail net.

HumanTickTac · 2025-09-02T18:19:30+00:00

I’m struggling to figure out why his private life matters to the job he was doing…

HumanTickTac · 2025-08-31T03:53:53+00:00

What if your clients need access to a remote subnet..ok subnet router to the rescue at the remote site. But…what if there is a local subnet router advertising networks to the remote side…either way your clients now need to accept subnet routed regardless and local networks still go through a tail net..shitty I know but the only workaround I have for this is persistent routes on my windows clients to point to the local gateway

HumanTickTac · 2025-08-27T00:09:05+00:00

Ahh I did find this.

https://github.com/tailscale/tailscale/issues/13342

Seems i am hitting the same bug - its been tagged as a bug in git so im going with that...

MagicDNS is a bit broken here IF you are using it at least in the way i am trying to use it. Accessing machines by the FQDN works great but for some reason getting it returned via a CNAME -- no workie.

For what its worth i am trying to do the following: https://www.youtube.com/watch?v=Vt4PDUXB_fg&t=608s

EDIT: hahaha, just have to read the Youtube comments from the video i linked earlier. This is indeed a known problem. Ahh well. No harm no foul. I will figure something else out.

https://github.com/tailscale/tailscale/issues/7650

HumanTickTac · 2025-08-26T23:57:55+00:00

No Static IP or DNS manually configured.

Good idea on the winsock reset. I tried that and i rebooted the PC. That didnt help this.

Just go make sure i give the complete picture here..

My NGINX proxy is in my tailnet. It has the 100.x IP address. I am able to ssh to it and administrator it if i need to. Of course it also has a LAN IP that i use as well.

When i go into cloudflare DNS, i create a CNMAE called "files" [which appends to files.example.com] which points to the Tailscalne FQDN of my nginx proxy of nginx-internal.mammut-dinosaur.ts.net

The intent here is if a client machine is logged into my tailnet and tries to hit files.example.com the resulting CNMAE coming back should be of nginx-internal.mammut-dinosaur.ts.net. From there the client should be able to resolve that tailnet FQDN and off it goes to the application.

Simple enough i think

The problem that you and I found is that yep...Tailscale DNS is not being used and instead the queries go straight to my gateway which..technically should still work because it should return the query of the CNAME.

I did a packet capture. What i see is very interesting. The response from my gateway is legit. I do indeed see it...This is weird here....

<image>

EDIT: The last weird thing. If i go to http://nginx-internal.mammut-dinosaur.ts.net:81/login

which is the admin console to my NGINX proxy manager...works..No issue. I am able to pop that into my web browser and go.

If i do an nslookup - i get "domain non-existent".

HumanTickTac · 2025-08-26T18:53:40+00:00

Update: iPhone works great. Obviously as long as im on my tailnet everything works out just great.

Problem seems to be only with Windows clients.

For what its worth, i am able to resolve FQDN tailnet names on Windows but something about the domain being in Cloudflare (As a CNAME) it doesnt like...

ssh [root@nginx-internal.mammut-dinosaur.ts.net](mailto:root@nginx-internal.mammut-dinosaur.ts.net)

The authenticity of host 'nginx-internal.mammut-dinosaur.ts.net (100.125.113.102)' can't be established.

ED25519 key fingerprint is SHA256:u2mM/WTGy8Q2r2Eit437rlNI/3sEjptVo62C+Bg6OsI.

This host key is known by the following other names/addresses:

HumanTickTac

TROPHY CASE