Cason Adams

Posted on Nov 29, 2020 • Edited on Mar 25, 2021

Edge Router X | OpenWRT | Tailscale

#tutorial #linux #tailscale

Tailscale is an awesome opensource project. It leverages WireGuard to create a light weight VPN like connection.

I am using an EdgeRouter X with OpenWRT on it. This router is using a mipsle chipset.

Getting started

Build from source below or download the static bin file from builds

Clone the tailscale repo

git clone https://github.com/tailscale/tailscale.git

Build the `mipsle` binaries

Other options

GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -o tailscale tailscale.com/cmd/tailscale

GOOS=linux GOARCH=mipsle GOMIPS=softfloat go build -o tailscaled tailscale.com/cmd/tailscaled

Copy binaries to /usr/sbin/

scp <bins> root@<router-ip>:/usr/sbin/

Install deps

opkg update
opkg install ca-bundle kmod-tun

Create /etc/init.d/tailscaled

NOTE line /usr/sbin/tailscale up is commented out remove comment after logging in manually

#!/bin/sh /etc/rc.common
### BEGIN INIT INFO
# Provides:       tailscaled
# Description:    tailscaled daemon service
### END INIT INFO

USE_PROCD=1

# starts after network starts
START=21
# stops before networking stops
STOP=89

PROG=/usr/sbin/tailscaled

start_service() {
        echo "starting tailscaled"
        procd_open_instance
        procd_set_param env SERVICE_RUN_MODE=1
        procd_set_param command $PROG -state /etc/tailscale/tailscaled.state
        procd_set_param pidfile /var/run/tailscaled.pid
        procd_set_param stdout 1
        procd_set_param stderr 1
        procd_set_param respawn
        procd_close_instance
        # /usr/sbin/tailscale up
}

service_triggers() {
        procd_add_reload_trigger "tailscaled"
}

Make the file executable

chmod +x /etc/init.d/tailscaled

Test service

/etc/init.d/tailscaled start
/usr/sbin/tailscale up

This should prompt with a url. Use this to authorize the device. If everything is good. Remove the comment in the /etc/init.d/tailscaled (tailscale up)

Enable service

/etc/init.d/tailscaled enable

Reboot

reboot
Verify things are working

Top comments (7)

iChangeMyMind • Mar 9 '21

I'm using:

Model:  Xiaomi Redmi Router AC2100
Architecture:   MediaTek MT7621 ver:1 eco:3
Firmware Version:   OpenWrt SNAPSHOT r15976-8078d89a53 / LuCI Master git-21.050.34860-b8d2bcd
Kernel Version: 5.4.100

and for the tailscale I downloaded from pkgs.tailscale.com/unstable/#static

I copied your procd script and after I chmod +x and run it I got this error

root@OpenWrt:~# /etc/init.d/tailscaled start
': No such file or directory.common

when I run tailscaled alone without using the procd it works but when I run it using procd I got that error again

how do I fix this?

Cason Adams • Mar 17 '21

What do your other service scripts look like that in, that /etc/init.d/ dir?

Maybe taking the first line from one of them and replace the first line in this script will correct the issue you are seeing?

iChangeMyMind • Mar 19 '21

here the inside of cron looks like:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

START=50

USE_PROCD=1
PROG=/usr/sbin/crond

validate_cron_section() {
    uci_validate_section system system "${1}" \
        'cronloglevel:uinteger'
}

start_service() {
    [ -z "$(ls /etc/crontabs/)" ] && return 1

    loglevel="$(uci_get "system.@system[0].cronloglevel")"

    [ -z "${loglevel}" ] || {
        /sbin/validate_data uinteger "${loglevel}" 2>/dev/null
        [ "$?" -eq 0 ] || {
            echo "validation failed"
            return 1
        }
    }

    mkdir -p /var/spool/cron
    ln -s /etc/crontabs /var/spool/cron/ 2>/dev/null

    procd_open_instance
    procd_set_param command "$PROG" -f -c /etc/crontabs -l "${loglevel:-5}"
    for crontab in /etc/crontabs/*; do
         procd_set_param file "$crontab"
    done
    procd_set_param respawn
    procd_close_instance
}

service_triggers() {
    procd_add_validation validate_cron_section
}

here the inside of boot looks like:

#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

START=10
STOP=90

uci_apply_defaults() {
    . /lib/functions/system.sh

    cd /etc/uci-defaults || return 0
    files="$(ls)"
    [ -z "$files" ] && return 0
    mkdir -p /tmp/.uci
    for file in $files; do
        ( . "./$(basename $file)" ) && rm -f "$file"
    done
    uci commit
}

boot() {
    [ -f /proc/mounts ] || /sbin/mount_root
    [ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc

    mkdir -p /var/run
    mkdir -p /var/log
    mkdir -p /var/lock
    mkdir -p /var/state
    mkdir -p /var/tmp
    mkdir -p /tmp/.uci
    chmod 0700 /tmp/.uci
    touch /var/log/wtmp
    touch /var/log/lastlog
    mkdir -p /tmp/resolv.conf.d
    touch /tmp/resolv.conf.d/resolv.conf.auto
    ln -sf /tmp/resolv.conf.d/resolv.conf.auto /tmp/resolv.conf
    grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
    grep -q bpf /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime,mode=0700 -t bpf bpffs /sys/fs/bpf
    grep -q pstore /proc/filesystems && /bin/mount -o noatime -t pstore pstore /sys/fs/pstore
    [ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe

    /sbin/kmodloader

    [ ! -f /etc/config/wireless ] && {
        # compat for bcm47xx and mvebu
        sleep 1
    }

    /bin/config_generate
    uci_apply_defaults

    # temporary hack until configd exists
    /sbin/reload_config
}

and here the inside of zerotier (installed using opkg) looks like:

#!/bin/sh /etc/rc.common

START=90

USE_PROCD=1

PROG=/usr/bin/zerotier-one
CONFIG_PATH=/var/lib/zerotier-one

section_enabled() {
    config_get_bool enabled "$1" 'enabled' 0
    [ $enabled -ne 0 ]
}

start_instance() {
    local cfg="$1"
    local port secret config_path local_conf path
    local args=""

    if ! section_enabled "$cfg"; then
        echo "disabled in config"
        return 1
    fi

    config_get config_path $cfg 'config_path'
    config_get port $cfg 'port'
    config_get secret $cfg 'secret'
    config_get local_conf $cfg 'local_conf'

    path=${CONFIG_PATH}_$cfg

    # Remove existing link or folder
    rm -rf $path

    # Create link from CONFIG_PATH to config_path
    if [ -n "$config_path" -a "$config_path" != "$path" ]; then
        if [ ! -d "$config_path" ]; then
            echo "ZeroTier config_path does not exist: $config_path" 1>&2
            return
        fi

        # ensure that the symlink target exists
        mkdir -p $(dirname $path)

        ln -s $config_path $path
    fi

    mkdir -p $path/networks.d

    # link latest default config path to latest config path
    rm -f $CONFIG_PATH
    ln -s $path $CONFIG_PATH

    if [ -n "$port" ]; then
        args="$args -p${port}"
    fi

    if [ -z "$secret" ]; then
        echo "Generate secret - please wait..."
        local sf="/tmp/zt.$cfg.secret"

        zerotier-idtool generate "$sf" > /dev/null
        [ $? -ne 0 ] && return 1

        secret="$(cat $sf)"
        rm "$sf"

        uci set zerotier.$cfg.secret="$secret"
        uci commit zerotier
    fi

    if [ -n "$secret" ]; then
        echo "$secret" > $path/identity.secret
        # make sure there is not previous identity.public
        rm -f $path/identity.public
    fi

    if [ -f "$local_conf" ]; then
        ln -s "$local_conf" $path/local.conf
    fi

    add_join() {
        # an (empty) config file will cause ZT to join a network
        touch $path/networks.d/$1.conf
    }

    config_list_foreach $cfg 'join' add_join

    procd_open_instance
    procd_set_param command $PROG $args $path
    procd_set_param stderr 1
    procd_close_instance
}

start_service() {
    config_load 'zerotier'
    config_foreach start_instance 'zerotier'
}

stop_instance() {
    local cfg="$1"

    # Remove existing link or folder
    rm -rf ${CONFIG_PATH}_${cfg}
}

stop_service() {
    config_load 'zerotier'
    config_foreach stop_instance 'zerotier'
    rm -f ${CONFIG_PATH}
}

Everything looks similar to me? :/

Cason Adams • Mar 25 '21

any luck on this one?

iChangeMyMind • Mar 25 '21

Nope, I'm going back to zerotier The speed drawback is not that bad for my workflow anyway ¯_(ツ)_/¯

Cason Adams • Mar 25 '21

I am on an older kernel

Linux OpenWrt 4.14.209 #0 SMP Sun Dec 6 07:31:03 2020 mips GNU/Linux

so maybe there are some diffs. Tailscale is worth the pain to figure it out.

Cason Adams • Mar 17 '21

Thanks for the link to the unstable static bins! Saves a few steps!

DEV Community

Edge Router X | OpenWRT | Tailscale

Getting started

Clone the tailscale repo

Build the `mipsle` binaries

Copy binaries to /usr/sbin/

Install deps

Create /etc/init.d/tailscaled

Test service

Enable service

Reboot

Top comments (7)

Read next

Add a sidebar with options in a Filament resource

How I can run elasticsearch locally for development using docker?

Debian in WSL not Ubuntu

Understanding Application Package Management in Linux: Package Index and Package Manager

Getting started

Clone the tailscale repo

Build the mipsle binaries

Copy binaries to /usr/sbin/

Install deps

Create /etc/init.d/tailscaled

Test service

Enable service

Reboot

Read next

Add a sidebar with options in a Filament resource

How I can run elasticsearch locally for development using docker?

Debian in WSL not Ubuntu

Understanding Application Package Management in Linux: Package Index and Package Manager

Build the `mipsle` binaries