Well, I was able to push through your tutorial. It seems to be working for me. Thank you for all your help. And you can thank the software engineers for all the effort they obviously put into the development of TailScale. It must have been very challenging to make it somewhat simple for us mere mortals.
Awesome video Alex. I’ve been using TS on my synology for awhile- I just wish Tailscale SSH was supported- still awesome for NAS access without exposing it the outside interwebs
We'd love that too but unfortunately the DSM 7 sandboxing makes that impossible to implement. If your NAS can run VMs or containers, you could run Tailscale inside one of those and SSH the days away there instead. Not quite as good, but something? -Alex
An incredibly great video. Very sympathetically presented. I have learned so much and am absolutely happy to have seen this video. Tailnet makes it easy for me to use my NAS remotely. Thank you so much!
Awesome video tutorial, thanks for sharing!!! BTW, I can't open my Synology NAS from tailscale website as you show ~5:18 minute. It just copied short domain to clipboard for me. Would you please let me know what did i do wrong? Thanks!
I wasn't able to get the tailscale configure synology-cert command to work at first. It didn't understand what the "synology-cert" parameter was for. I checked for updates for tailscale and Package Center didn't say there was anything new available. In fact - I confirmed twice that the tailscale version Package Center said was installed was the same one that this video used (1.58.2). This made sense because I just installed tailscale on the NAS yesterday (several days after this video was posted). I tried several other things, but eventually decided to force run the tailscale-update task we created in this video. Reading the logs, it did in fact have an update available and bumped it up to 1.76.1. Once it was done, I ran the tailscale-cert task and it worked immediately. Hopefully this helps someone else!
Hi Alex, You may have been able to set the new certificate under Security > Certificate > Settings for each service instead of deleting the default cert. This section allows you to set a different cert for each service on the Synology. The default I believe only applies when a new service is created (adding a mail server for example) or in your case when a certificate goes away when you deleted it. I have in the past needed to run this "/var/packages/Tailscale/target/bin/tailscale configure-host; synosystemctl restart pkgctl-Tailscale.service" at startup to get tailscale working correctly - has this been fixed? Cheers John
Important note! I tried this and it worked great at first, but I forgot to read the link in the description that has a new section called "Enable outbound connections." This is very important because I found out a day later that my Synology could not longer access the package center. After a couple hours messing around, I finally used a paperclip to reboot my Synology (reset network settings) and I suddenly my package center (and all outgoing connections) started working. At this point I reinstalled Tailscale. Your tasks won't be deleted with the paperclip reboot, so just run them again. In summary, please follow along with this video, but make sure you also create and run the task command to "Enable outbound connections."
Hi all, I have version 1.58.2 and the update script does not update to the latest version. So I am also unable to create the certificate. Why is the update script not updating Tailscale? I appreciate your help
I'm new to this with my synology and this video is great. I followed the steps and was not able to delete or change the quickconnect certificate. It has the delete greyed out even when I kade the TS cert as default. When I log in through quick connect it still shows the quickconnect as the cert and not the TS. I'm totally new and not sure what else I need to do. Any help is appreciated
I speculate that this is because of QuickConnect hooking into the cert to prevent deletion. Not sure how else you would resolve this besides disabling QC though - if you find out let me know! - Alex
@@Tailscale Same issue, cannot delete quick connect, Quickconnect was already disabled. Additional note, that it works securely through synology drive client app on MacBook, but not secure in anything in a browser.
Hi, thank you for your useful videos. But could explain how to invit family members without any microsoft, google or github account. Is there any ways to bypass this requirement. thanks
I use TS on my NAS and another remote NAS to back each other up. Working great. However, using the task scheduler for update caused an issue (the boot up script needs to be run each time the TS version is updated). Causes the scheduled backup to fail. Synology NAS needed to be reboot to get back to normal operation. Looks like a reboot should also be scheduled shortly after the update (just in case the TS version is updated). Not mentioned in this video.
This is your last chance to evacuate planet earth, before it is recycled. My absolute favorite band these days, no question. Maybe the second coming of Tool is up there too. - Alex
For some reason I had the script triggered at boot up that allows outbound connections from the NAS (very handy for backing up remote server without opening any port) and completely missed the update script. Was very excited but I noticed this morning that my backups were failing. Turns out I had to rerun the boot up script to allow outbound connections. So I basically appended the content of the boot up script to the update script and all is good now.
Awesome, but I have a question - when I am at home on the same network and trying to use the mobile apps - am I expected to be able to use the Magic DNS provided URL? I can't get that to work, only visiting the 100.tailscale IPv4 address works for me...
The 'tailscale configure synology-cert' script works fine and sets up the certificate on its first run. However, it doesn't renew an existing valid certificate. I believe this is by design, as according to GitHub discussions, Tailscale caches valid certificates. My question is: Should I run the script daily to ensure the certificate doesn't expire, or is there a way to force a renewal?
@@Tailscale I tried to post the url twice, but it keeps disappearing, probably because of TH-cam restrictions. Any other channel I can use to send it to you?
@@BroadcastsFromPoorFarm no, it disappears as well. anyway, I found it in the conversation about pull request #10994 ("Add CLI command to update certs on Synology devices."). Search for "caches".
Amazing video, thanks for the auto-update script!! Do you know if there are any speed implications for shared devices versus them being in the same tailnet? We lately had some trouble streaming a movie outside of our home network. The device was my brothers Apple TV and I had shared our NAS at home from my tailnet to his.
These devices should still use the Tailscale NAT traversal magic to establish direct connections - perhaps your brothers Apple TV was going via a relay server?
@ Thanks for the reply, sounds like that could be the case, of course also our home network could’ve been the limiting factor with slow upload speeds (we don’t really have symmetrical internet plans here, we have 1 Gbits download but only 50 MBits upload…) How could I check next time if indeed the connection was established via said relay server? 🤔
Great video, thanks Alex. Though, I would appreciate if I could use Mullvad VPN add-on service on my Synology, which is not currently supported by Tailscale.
Doesn't work for me. Still stays on 1.58.2 version. Script copied from tailscale docs, so no typo. Tried on 2 difrent Nas, DS218j and DS1821+. restarting, renaming tasks,... nothing. Reinstaled teilscale on NAS, but 1.58.2 is only one available. Any prerequisite apps except tailscale? Do I need to enable some access? Edit. Checked execution logs and it says : network is unreachable. So tailscale is down or do I need to open some ports??? Edit 2 : Found a way to download 1.76.1 and install it manually. Now it can also access from outside network. Might be just Tailscale servers misplaced some files today.
Hi great video. Unfortunately I can't get the site to not say 'not secure'. I did delete the other Synology certificate, but can't seem to delete the quick connect one. Any ideas on what else to try to get it to show as secure? Many thanks, total newbie here.
I have the exact same issue. Synolodgy drive client (app on Mac) works, but anything in browser still says not secure. Delete on quick connect is also greyed out for me.
need too add subnet routing settings on tail scale app for qnap that SSH is not working QNAPQVP-63B Pro and on admin console so it can be set on the dashboard to make it easy to set features request and edit the IP to whatever range I want gui on admin console and application it self for Windows and qnap application for tailescale
It works brilliantly I have been using it for a while. Thanks for the tutorial on updates and certificates.
Love the tip on updating via the task scheduler. The version in the package center is lagging by about 10 months!
It’s frustrating for all involved. But at least we have a decent work around for now.
Well, I was able to push through your tutorial. It seems to be working for me. Thank you for all your help. And you can thank the software engineers for all the effort they obviously put into the development of TailScale. It must have been very challenging to make it somewhat simple for us mere mortals.
Scheduled tailscale update is genius! Thanks.
Awesome video Alex. I’ve been using TS on my synology for awhile- I just wish Tailscale SSH was supported- still awesome for NAS access without exposing it the outside interwebs
We'd love that too but unfortunately the DSM 7 sandboxing makes that impossible to implement. If your NAS can run VMs or containers, you could run Tailscale inside one of those and SSH the days away there instead. Not quite as good, but something? -Alex
@@Tailscale 💯
@6:48 there's a scheduled task to boot up TS. What do I need to configure?
I’ve been looking for a secure way to access my NAS without opening firewall ports. This was easy and I love it! ❤
An incredibly great video. Very sympathetically presented. I have learned so much and am absolutely happy to have seen this video. Tailnet makes it easy for me to use my NAS remotely. Thank you so much!
Great tutorial, clear instructions. Loving Tailscale so far. Worked flawlessly abroad on vacation too. Highly recommended!
Awesome video tutorial, thanks for sharing!!!
BTW, I can't open my Synology NAS from tailscale website as you show ~5:18 minute. It just copied short domain to clipboard for me. Would you please let me know what did i do wrong? Thanks!
Worked straight away. Thanks.
I wasn't able to get the tailscale configure synology-cert command to work at first. It didn't understand what the "synology-cert" parameter was for. I checked for updates for tailscale and Package Center didn't say there was anything new available. In fact - I confirmed twice that the tailscale version Package Center said was installed was the same one that this video used (1.58.2). This made sense because I just installed tailscale on the NAS yesterday (several days after this video was posted).
I tried several other things, but eventually decided to force run the tailscale-update task we created in this video. Reading the logs, it did in fact have an update available and bumped it up to 1.76.1. Once it was done, I ran the tailscale-cert task and it worked immediately.
Hopefully this helps someone else!
Your comments helped me very much. Thank you! Good fortune to you for the coming new year!
Much to consider and much to implement. Thank you.
Thank you for detailed explanation :)
Great video! Is there a way we can access Docker-hosted services via subdomains of the Tailnet domain (via https)?
Can we have the same (certificate & scripts) on QNAP QTS devices? Shall we expect a guide anytime soon?
Hi Alex,
You may have been able to set the new certificate under Security > Certificate > Settings for each service instead of deleting the default cert. This section allows you to set a different cert for each service on the Synology. The default I believe only applies when a new service is created (adding a mail server for example) or in your case when a certificate goes away when you deleted it.
I have in the past needed to run this "/var/packages/Tailscale/target/bin/tailscale configure-host; synosystemctl restart pkgctl-Tailscale.service" at startup to get tailscale working correctly - has this been fixed?
Cheers
John
So in addition to these steps what would I need to do on my Android phone to have access to DS Cam?
Important note! I tried this and it worked great at first, but I forgot to read the link in the description that has a new section called "Enable outbound connections." This is very important because I found out a day later that my Synology could not longer access the package center. After a couple hours messing around, I finally used a paperclip to reboot my Synology (reset network settings) and I suddenly my package center (and all outgoing connections) started working. At this point I reinstalled Tailscale. Your tasks won't be deleted with the paperclip reboot, so just run them again. In summary, please follow along with this video, but make sure you also create and run the task command to "Enable outbound connections."
Hi all,
I have version 1.58.2 and the update script does not update to the latest version. So I am also unable to create the certificate. Why is the update script not updating Tailscale? I appreciate your help
I'm new to this with my synology and this video is great. I followed the steps and was not able to delete or change the quickconnect certificate. It has the delete greyed out even when I kade the TS cert as default. When I log in through quick connect it still shows the quickconnect as the cert and not the TS. I'm totally new and not sure what else I need to do. Any help is appreciated
I speculate that this is because of QuickConnect hooking into the cert to prevent deletion. Not sure how else you would resolve this besides disabling QC though - if you find out let me know! - Alex
same ..
@@Tailscale Same issue, cannot delete quick connect, Quickconnect was already disabled. Additional note, that it works securely through synology drive client app on MacBook, but not secure in anything in a browser.
What about adding ports that the Synology apps use on mobile phones that connect with the NAS? Do they need to be added after the Tailscale IP?
Hi, thank you for your useful videos. But could explain how to invit family members without any microsoft, google or github account. Is there any ways to bypass this requirement.
thanks
I use TS on my NAS and another remote NAS to back each other up. Working great. However, using the task scheduler for update caused an issue (the boot up script needs to be run each time the TS version is updated). Causes the scheduled backup to fail. Synology NAS needed to be reboot to get back to normal operation. Looks like a reboot should also be scheduled shortly after the update (just in case the TS version is updated). Not mentioned in this video.
@tailscale, you may want to remove/edit the video as you have just shared @4:44 private details in a video for anyone to see.
It’s all good. Everything is rotated before publishing. Thanks for being so considerate though 👍
Porcupine Tree t-shirt. Cheers, Alex!
This is your last chance to evacuate planet earth, before it is recycled.
My absolute favorite band these days, no question. Maybe the second coming of Tool is up there too.
- Alex
After installing the tailscale, can I remove the 2FA on the synology nas?
Thank you.
For some reason I had the script triggered at boot up that allows outbound connections from the NAS (very handy for backing up remote server without opening any port) and completely missed the update script. Was very excited but I noticed this morning that my backups were failing. Turns out I had to rerun the boot up script to allow outbound connections. So I basically appended the content of the boot up script to the update script and all is good now.
Great tip. We'll be following up on the outbound connections in a future video!
Awesome, but I have a question - when I am at home on the same network and trying to use the mobile apps - am I expected to be able to use the Magic DNS provided URL? I can't get that to work, only visiting the 100.tailscale IPv4 address works for me...
I couldn’t seem to generate the cert. does keeping quick connect on disables it?
The 'tailscale configure synology-cert' script works fine and sets up the certificate on its first run. However, it doesn't renew an existing valid certificate. I believe this is by design, as according to GitHub discussions, Tailscale caches valid certificates. My question is: Should I run the script daily to ensure the certificate doesn't expire, or is there a way to force a renewal?
Could you link to the GitHub discussion? I’ll pin this comment once we figure this out.
@@Tailscale I tried to post the url twice, but it keeps disappearing, probably because of TH-cam restrictions. Any other channel I can use to send it to you?
@@Meltforce-tr1xv Sometimes you can bypass the auto mod by replacing the "." before the com with "(dot)" so that it is not an active URL.
@@BroadcastsFromPoorFarm no, it disappears as well. anyway, I found it in the conversation about pull request #10994 ("Add CLI command to update certs on Synology devices.").
Search for "caches".
how to configure 2 Synology NAS. one home, and one as backup on remote location?
Amazing video, thanks for the auto-update script!! Do you know if there are any speed implications for shared devices versus them being in the same tailnet? We lately had some trouble streaming a movie outside of our home network. The device was my brothers Apple TV and I had shared our NAS at home from my tailnet to his.
These devices should still use the Tailscale NAT traversal magic to establish direct connections - perhaps your brothers Apple TV was going via a relay server?
@ Thanks for the reply, sounds like that could be the case, of course also our home network could’ve been the limiting factor with slow upload speeds (we don’t really have symmetrical internet plans here, we have 1 Gbits download but only 50 MBits upload…)
How could I check next time if indeed the connection was established via said relay server? 🤔
Great video, thanks Alex. Though, I would appreciate if I could use Mullvad VPN add-on service on my Synology, which is not currently supported by Tailscale.
I had to remove tailscale from my NAS as it kept disconnecting my cameras, they'd just stop recording. Removed tailscale and they stay connected now.
Doesn't work for me. Still stays on 1.58.2 version. Script copied from tailscale docs, so no typo. Tried on 2 difrent Nas, DS218j and DS1821+. restarting, renaming tasks,... nothing. Reinstaled teilscale on NAS, but 1.58.2 is only one available. Any prerequisite apps except tailscale? Do I need to enable some access?
Edit. Checked execution logs and it says : network is unreachable. So tailscale is down or do I need to open some ports???
Edit 2 : Found a way to download 1.76.1 and install it manually. Now it can also access from outside network. Might be just Tailscale servers misplaced some files today.
Hi great video. Unfortunately I can't get the site to not say 'not secure'. I did delete the other Synology certificate, but can't seem to delete the quick connect one. Any ideas on what else to try to get it to show as secure? Many thanks, total newbie here.
I have the exact same issue. Synolodgy drive client (app on Mac) works, but anything in browser still says not secure. Delete on quick connect is also greyed out for me.
need too add subnet routing settings on tail scale app for qnap that SSH is not working QNAPQVP-63B Pro and on admin console so it can be set on the dashboard to make it easy to set
features request and edit the IP to whatever range I want
gui on admin console and application it self for Windows and qnap application for tailescale
Tailscale is amazing
Tailscale wont install on my synology nas and there’s no one over at tailscale to answer a question.
support@tailscale.com good luck! 👍
I can not get it working.
This site cant be reached
first