#
Tailscale
#
Stuck while using up command
Symptoms:
tailscale upappears to hang.tailscale statusshowsLogged out.ping login.tailscale.comworks.
Fix steps (1‑2‑3):
- Reset Tailscale state
sudo tailscale down sudo tailscaled --cleanup 2>/dev/null || true- Restart the daemon
sudo systemctl restart tailscaled sudo systemctl status tailscaled # confirm active (running)- Bring it up and authenticate
sudo tailscale up --accept-dns=false --reset --ssh- Wait for the “To authenticate, visit: https://login.tailscale.com/…” URL.
- Open that URL in a browser, log in, and approve the node.
- Verify with:
tailscale status
#
Exposed Server in background
Here is an example of how to run a server in the background using Tailscale.
In this example im gonna use jellyfin service on port 8096.
sudo tailscale serve --bg --https=443 localhost:8096--bgruns the server in the background--https=443forwards port 443 to the serverlocalhost:8096forwards port 8096 to the server
Once the server is running, you can access it at https://<your-server-name>.<your-tailscale-name>.ts.net.
- You can find your full tailnet name in the Admin Console DNS page.
You can check the status of the server with:
tailscale serve statusTo stop the server, use:
tailscale serve stop
#
Tailscale UDP Throughput Optimization (GRO)
Status: Resolved
Component: Network Interface Controller (NIC) / Tailscale Daemon
Impact: High CPU load during encrypted tunnel traffic; Suboptimal Exit Node throughput.
#
Issue Description
Upon initializing the Tailscale daemon with advertise-exit-node enabled, the system returns a warning regarding suboptimal UDP forwarding configuration.
Error Log:
Warning: UDP GRO forwarding is suboptimally configured on <interface_name>, UDP forwarding throughput capability will increase with a configuration change.
See [https://tailscale.com/s/ethtool-config-udp-gro](https://tailscale.com/s/ethtool-config-udp-gro)
#
Technical Root Cause
Tailscale encapsulates traffic within UDP packets. On high-bandwidth exit nodes, processing each individual UDP packet generates a significant number of CPU interrupts.
Generic Receive Offload (GRO) allows the Network Interface Card (NIC) to aggregate multiple incoming packets into a single large buffer before passing it up the networking stack to the CPU.
By default, many Linux distributions do not enable rx-udp-gro-forwarding (UDP GRO) or have conflicting rx-gro-list settings, forcing the CPU to handle packet segmentation manually. This creates a bottleneck on older CPUs (e.g., Sandy Bridge architecture).
#
Resolution
#
Prerequisites
Ensure ethtool is installed to modify NIC parameters.
sudo apt update && sudo apt install -y ethtool
#
1. Immediate Fix (Runtime)
Modify the offload parameters for the active network interface. This enables UDP GRO forwarding and disables the conflicting GRO list feature.
# Syntax: sudo ethtool -K <interface_name> rx-udp-gro-forwarding on rx-gro-list off
sudo ethtool -K <interface_name> rx-udp-gro-forwarding on rx-gro-list offVerify the warning is gone by restarting the Tailscale up command.
#
2. Persistent Fix (Systemd Unit)
Since ethtool configurations are volatile and reset upon reboot, a systemd unit is required to re-apply the optimization during the network initialization phase.
File Path: /etc/systemd/system/tailscale-ethtool.service
[Unit]
Description=Tailscale UDP GRO Optimization
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
# Replace <interface_name> with the actual identifier (e.g., enp2s0, eth0)
ExecStart=/sbin/ethtool -K <interface_name> rx-udp-gro-forwarding on rx-gro-list off
[Install]
WantedBy=multi-user.target
#
3. Deployment
Reload the daemon and enable the service for auto-start.
sudo systemctl daemon-reload
sudo systemctl enable tailscale-ethtool
sudo systemctl start tailscale-ethtool
#
Verification
Inspect the offload status of the interface to confirm rx-udp-gro-forwarding is set to on.
sudo ethtool -k <interface_name> | grep "udp-gro-forwarding"
# Expected Output: rx-udp-gro-forwarding: on