Client stops connecting to the Tailscale tailnet after several days #3643
Description
Operating system
Android
System version
16
Installation type
sing-box for Android Graphical Client
If you are using a graphical client, please provide the version of the client.
1.12.13 from F-droid
Description
I use Tailscale endpoint in my config for Android phone to have access to my homelab without constant switching from VPN to Tailscale and back.
I developed setup that works for me:
- device is connected to tailnet;
- magic DNS works for tailnet services;
- connection to tailnet services works;
- VPN for non-tailnet services works at the same time.
But then (after ~9 days in my last case) phone just stops connecting to tailnet and persists in machines list as offline despite that sing-box is running, while VPN still works as expected.
I insured that:
- client persists in tailnet machines list;
- client was approved;
- client expiry was disabled;
- tailnet security settings is permissive and wasn't changed.
I tried:
- restart sing-box - wasn't helpful;
- clear app cache - wasn't helpful;
- wipe app data, then use the same config with the same Tailscale access token - wasn't helpful;
- generate new Tailscale access token, replace old token with new one in sing-box config, restart sing-box - WORKED!
So, in my case problem solves with generating new token and re-adding device to tailnet. But it's really annoying to do this constantly.
Reproduction
Steps to reproduce:
- add Tailscale endpoint to config using token (without login by url);
- approve device (if required by your tailnet security settings) ;
- disable client expiry;
- ensure that device connects to tailnet and have access to tailnet members;
- use this setup up to two weeks;
- ensure that device STILL connects to tailnet and have access to tailnet members.
Config to reproduce:
{
"log": {
"disabled": false,
"level": "info",
"timestamp": true
},
"dns": {
"servers": [
{
"tag": "google-dns",
"type": "tls",
"server": "8.8.8.8"
},
{
"type": "tailscale",
"tag": "tailscale-dns",
"endpoint": "tailscale-ep",
"accept_default_resolvers": true
}
],
"rules": [
{
"ip_accept_any": true,
"domain_suffix": ".ts.net",
"server": "tailscale-dns"
}
],
"final": "google-dns"
},
"endpoints": [
{
"type": "tailscale",
"tag": "tailscale-ep",
"auth_key": "tskey-auth-*****",
"domain_resolver": "google-dns"
}
],
"inbounds": [
{
"type": "tun",
"tag": "tun-in",
"address": [
"172.19.0.1/30"
],
"route_exclude_address": [
"192.168.0.0/16"
],
"interface_name": "tun0",
"auto_route": true
}
],
"outbounds": [
{
"type": "vless",
"tag": "vpn-out",
"server": "*****",
"server_port": *****,
"uuid": "*****",
"flow": "xtls-rprx-vision",
"tls": {
"enabled": true,
"server_name": "*****",
"utls": {
"enabled": true,
"fingerprint": "chrome"
},
"reality": {
"enabled": true,
"public_key": "*****",
"short_id": "*****"
}
},
"packet_encoding": "xudp"
}
],
"route": {
"rules": [
{
"action": "sniff"
},
{
"protocol": "dns",
"action": "hijack-dns"
},
{
"ip_cidr": [
"100.64.0.0/10",
"fd7a:115c:a1e0::/48"
],
"domain_suffix": ".ts.net",
"outbound": "tailscale-ep"
}
},
"default_domain_resolver": "google-dns",
"auto_detect_interface": true,
"override_android_vpn": true,
"final": "vpn-out"
},
"experimental": {
"cache_file": {
"enabled": true
}
}
}
Supporter
- I am a sponsor
Integrity requirements
- I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
- I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
- I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
- I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.