davosian · March 10, 2025 20:47 · Feb 11, 2023 · Feb 11, 2023 · Feb 11, 2023
diff --git a/running-tailscale-on-ubiquiti-usg.md b/running-tailscale-on-ubiquiti-usg.md
@@ -1,4 +1,5 @@
-I suggest running  `sudo su` so you're the root user throughout
+You will need [ssh access](https://help.ui.com/hc/en-us/articles/204909374) to your USG.
+I suggest running `sudo su` so you're the root user throughout
 
 # Installation
 

diff --git a/running-tailscale-on-ubiquiti-usg.md b/running-tailscale-on-ubiquiti-usg.md
@@ -54,3 +54,8 @@ tailscale down --accept-risk=lose-ssh && \                    # Take tailscale d
   bash /config/scripts/post-config.d/tailscale.sh             # run the startup script to spin everything back up.
 ```
 
+# Notes
+1. Extending the work and conversation in [this gist](https://gist.github.com/lg/6f80593bd55ca9c9cf886da169a972c3)
+2. I'm also running NextDNS on my USG and I've not yet found a way to resolve the health check warning regarding Linux DNS.
+` Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight`
+3. For tailscale config, I'm using my USG as a [Subnet router](https://tailscale.com/kb/1019/subnets/)
diff --git a/running-tailscale-on-ubiquiti-usg.md b/running-tailscale-on-ubiquiti-usg.md
@@ -0,0 +1,56 @@
+I suggest running  `sudo su` so you're the root user throughout
+
+# Installation
+
+1. Download tailscale and put the files in /config/. Find the latest [stable](https://pkgs.tailscale.com/stable/#static) or [unstable](https://pkgs.tailscale.com/unstable/#static) version for your USG's processor.
+
+```
+curl https://pkgs.tailscale.com/stable/tailscale_1.36.1_mips64.tgz | tar xvz -C /tmp
+mv /tmp/tailscale_1.36.1_mips64 /config/tailscale
+```
+
+2. Create the first boot and post config scripts
+```
+mkdir -p /config/scripts/firstboot.d
+mkdir -p /config/scripts/post-config.d
+cat << EOF > /config/scripts/firstboot.d/tailscale.sh
+#!/bin/sh
+ln -s /config/tailscale/tailscale /usr/bin/tailscale
+ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
+mkdir -p /var/lib/tailscale/
+touch /config/auth/tailscaled.state
+chmod 0400 /config/auth/tailscaled.state
+ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
+sudo tailscaled > /dev/null 2>&1 &
+disown
+sudo tailscale up <your options here, eg. --ssh --accept-routes>
+EOF
+chmod +x /config/scripts/firstboot.d/tailscale.sh
+cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh
+```
+3. Run your script to start it up
+```
+bash /config/scripts/post-config.d/tailscale.sh
+```
+
+# Upgrading
+
+Get the latest [stable](https://pkgs.tailscale.com/stable/#static) or [unstable](https://pkgs.tailscale.com/unstable/#static) version.
+NOTE: if you're connecting over your tailnet, this will abort your ssh connection.
+
+```
+sudo su #if you haven't already
+
+url=https://pkgs.tailscale.com/stable/tailscale_1.37.1_mips64.tgz
+curl $url | tar xvz -C /tmp                                   # Download and unpack
+location=`find /tmp -type d -iname "tailscale*" | head -n1`   # get the location of the unpacked file
+rm -Rf /config/tailscale-prev                                 # remove previous version, if present
+
+tailscale down --accept-risk=lose-ssh && \                    # Take tailscale down
+  tsid=`pidof tailscaled` && \                                # Find the pid of the tailscale daemon...
+  kill pid $tsid && \                                         # ... and kill it
+  mv /config/tailscale /config/tailscale-prev  && \           # move the current version to the previous folder
+  mv $location /config/tailscale && \                         # move the new version from /temp into the /config folder
+  bash /config/scripts/post-config.d/tailscale.sh             # run the startup script to spin everything back up.
+```
+