tailscale-on-siflower.md

Installing Tailscale on GL.iNet SiFlower (SiChang) routers

I have no experience creating opkg packages for OpenWRT, so manual installation it is!

Automatic installation

Lanrat's Tailscale Repository

It's not compressed as of writing this, but it's much easier to install, and now supports our architecture

Manual compilation and installation

Prerequisites

1. A GL.iNet SiFlower router, like the Opal (GL-SFT1200)
2. A Linux system (or WSL2 on Windows) to build Tailscale

Building Tailscale

1. Clone the Tailscale repository:

git clone https://github.com/tailscale/tailscale.git

2. Install Golang: https://golang.org/doc/install

• Verify that Go is installed correctly:

go version

3. Install the latest (important!) version of UPX: https://github.com/upx/upx/releases/latest
4. Install binutils-mipsel-linux-gnu

sudo apt install binutils-mipsel-linux-gnu
mipsel-linux-gnu-strip --version

5. Build Tailscale:

# Change to the Tailscale directory:
cd tailscale

# Optionally switch to a specific version:
# git checkout tags/v1.44.0 -b v1.44.0

# Build the combined binary - mipsel, hardfloat (?), linked statically, stripped, verbose:
# Note: mipsel = mipsle for Golang
GOOS=linux GOARCH=mipsle GOMIPS=hardfloat CGO_ENABLED=0 go build -v -o tailscale.combined -tags ts_include_cli -trimpath -ldflags="-s -w" ./cmd/tailscaled

6. Compress the binary:

mipsel-linux-gnu-strip tailscale.combined
upx --lzma --best -o tailscale.upx ./tailscale.combined

Installing Tailscale

1. Copy the tailscale.upx binary to the router:

scp tailscale.upx [email protected]:/root # or whatever your router's IP is

2. SSH into the router:

ssh [email protected] # or whatever your router's IP is

3. Make the binary executable:

chmod +x tailscale.upx

4. Verify that the binary works (keep in mind that it's UPX-compressed, so it will take a few seconds to decompress):

./tailscale.upx -version

5. Create links:

ln -s tailscale.upx tailscale
ln -s tailscale.upx tailscaled

6. Create init script:

cat << EOF > /etc/init.d/tailscale
#!/bin/sh /etc/rc.common

# Copyright 2020 Google LLC.
# SPDX-License-Identifier: Apache-2.0

USE_PROCD=1
START=99
STOP=1

start_service() {
  procd_open_instance
  procd_set_param command /root/tailscaled

  # Set the port to listen on for incoming VPN packets.
  # Remote nodes will automatically be informed about the new port number,
  # but you might want to configure this in order to set external firewall
  # settings.
  procd_append_param command --port 41641

  # OpenWRT /var is a symlink to /tmp, so write persistent state elsewhere.
  procd_append_param command --state /etc/config/tailscaled.state
  
  # Persist files for TLS cert & Taildrop files
  procd_append_param command --statedir /etc/tailscale/

  procd_set_param respawn
  procd_set_param stdout 1
  procd_set_param stderr 1

  procd_close_instance
}

stop_service() {
  /root/tailscaled --cleanup
}
EOF

7. Make the init script executable:

chmod +x /etc/init.d/tailscale

8. Enable the init script:

/etc/init.d/tailscale enable

9. Verify that the service is enabled:

ls /etc/rc.d/S*tailscale*

10. Start the service:

/etc/init.d/tailscale start

11. Verify that the service is running:

ps | grep tailscaled

12. Hope for the best and try to up tailscale:

/root/tailscale up --accept-dns=false

If you get a segmentation fault, you might want to try skipping the UPX compression step altogether, but mind that the binary will be 30MB instead of 5.4MB. Mind the binary name being tailscale.combined instead of tailscale.upx in the steps.

Potential fix for the UPX segfault may be something like compiling 2 binaries separately - tailscale and tailscaled, and compressing them individually, but I haven't explored that yet.