Tailscale disconnects, service still running

Started by clarknova, November 13, 2025, 06:01:31 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 13, 2025, 06:01:31 PM
OPNsense 25.7.4-amd64
Tailscale plugin 1.2 (1.88.1)

I have multiple firewalls running Tailscale. On November 1 two of these dropped off the tailnet. The hosts are still online, but when I look at their Tailscale status it shows that the service is running, but no peers are visible. I restarted the service but it's still not connecting to the tailnet. Key expiry is disabled for these hosts and they were initially connected using a pre-authentication key.

I don't see any Tailscale logs. What's the best way to troubleshoot this before I just update the firmware and reboot without knowing?
November 13, 2025, 07:50:27 PM #1
Now I've updated one of these two firewalls to OPNsense 25.7.7_4 and after a reboot Tailscale is still showing no peers and is not seen on the Tailscale Admin Console. I generated a new auth key and applied it and the host is now connected again. It seems the original auth key expired or somehow became invalid, even though it was generated without expiry, and I haven't found a log on the host itelf or the Tailscale console to confirm this.
November 13, 2025, 08:59:45 PM #2
Hi,

I was facing same issue. For me the pre-authentication key was expired.
Try to set following as pre-authentication-Key: "file:/dev/null"

Then the problem should be gone.

BR
November 13, 2025, 10:06:00 PM #3
Thank you for the suggestion. How did you know the pre-authentication key was expired? My hosts have expiry disabled, but I'm not sure how to check the status of the key.
November 14, 2025, 04:48:49 PM #4
The max valid time for this pre validated key is 90 days. After that Tailscale-App tries to authenticate but of course cannot.
Print
Go Up Pages1
User actions