"
I just did some checking and can confirm that my pre-authorized key used by opnsense was no longer found in tailscale. Recreating it solved the issue.
I think this has to do with the expiration of a node-key, which is different from the expiration of the pre-auth key used by Opnsense. Here is the tailscale documentation:
"If an auth key expires, any device authorized by it remains authorized until its node key expires. Each device generates a node key when you log in to Tailscale and uses it to identify itself to the tailnet. **By default, node keys automatically expire every 180 days.** You can change the default node key expiry from the Key Expiry section of the Device management page of the admin console."
[See: https://tailscale.com/kb/1085/auth-keys?q=auth]
From what I can tell, the node key expiry cannot be overridden. What may have happened is that those of us who started using the new tailscale plugin were using node keys that finally expired, which might explain why the reports in the forum are spread out over several days. It seems that reauthentication is necessary at some point, even if you have chosen "Expiry disabled" for the machine in question. I think.
I think this has to do with the expiration of a node-key, which is different from the expiration of the pre-auth key used by Opnsense. Here is the tailscale documentation:
"If an auth key expires, any device authorized by it remains authorized until its node key expires. Each device generates a node key when you log in to Tailscale and uses it to identify itself to the tailnet. **By default, node keys automatically expire every 180 days.** You can change the default node key expiry from the Key Expiry section of the Device management page of the admin console."
[See: https://tailscale.com/kb/1085/auth-keys?q=auth]
From what I can tell, the node key expiry cannot be overridden. What may have happened is that those of us who started using the new tailscale plugin were using node keys that finally expired, which might explain why the reports in the forum are spread out over several days. It seems that reauthentication is necessary at some point, even if you have chosen "Expiry disabled" for the machine in question. I think.
