In this article, you will learn how to set up Tailscale on a Firewalla device using Docker. We’ll guide you through creating necessary directories, setting up a Docker Compose file, starting the Tailscale container, and configuring it to auto-start on reboot. This setup will ensure a secure and stable connection using Tailscale’s VPN capabilities on your Firewalla device.
Step 1: Prepare Directories
Create the necessary directories for Docker and Tailscale:
mkdir -p /home/pi/.firewalla/run/docker/tailscale
cd /home/pi/.firewalla/run/docker/tailscale
Step 2: Create Docker Compose File
Create and populate the docker-compose.yml
file:
cat > docker-compose.yml << EOF
version: "3"
services:
tailscale:
image: tailscale/tailscale:stable
container_name: firewalla-tailscale
deploy:
restart_policy:
condition: on-failure
max_attempts: 3
network_mode: "host"
volumes:
- "/home/pi/.firewalla/run/docker/tailscale:/var/lib"
- "/dev/net/tun:/dev/net/tun"
privileged: true
cap_add:
- net_admin
- sys_module
command: tailscaled
EOF
In this configuration, the image tag stable
ensures a stable version of Tailscale is used.
Step 3: Start the Container
Start Docker and the Tailscale container:
sudo systemctl start docker
sudo docker-compose up -d
sudo docker exec firewalla-tailscale tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
sudo docker exec firewalla-tailscale tailscale status
Follow the printed instructions to authorize the node and routes.
Step 4: Auto-Start on Reboot
Ensure Docker and Tailscale start on reboot by creating the following script:
mkdir -p /home/pi/.firewalla/config/post_main.d/
cd /home/pi/.firewalla/config/post_main.d/
cat > start_tailscale.sh <<EOF
#!/bin/bash
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - starting docker"
sudo systemctl start docker
sleep 60
cd /home/pi/.firewalla/run/docker/tailscale
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - pulling latest images"
sudo docker-compose pull
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - bringing containers up"
sudo docker-compose up -d
sleep 60
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - starting tailscale"
sudo docker exec firewalla-tailscale tailscale up --advertise-routes=192.168.1.0/24 --advertise-exit-node
sleep 15
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - checking status"
sudo docker exec firewalla-tailscale tailscale status
echo "\$0 - \$(date "+%Y-%m-%d - %H:%M:%S") - pruning images"
sudo docker system prune -f
EOF
Make the script executable:
chmod +x start_tailscale.sh
With these steps, you should have Tailscale running on Firewalla using Docker. Adjust the advertise-routes
command as needed for your network configuration.
For additional details and troubleshooting, refer to the original Firewalla community post.