Skip to content

Instantly share code, notes, and snippets.

@jcgillespie

jcgillespie/running-tailscale-on-ubiquiti-usg.md

Last active June 9, 2025 14:58
Show Gist options
  • Save jcgillespie/84ecbc7c3a5c41388f64e8b6dc2cc182 to your computer and use it in GitHub Desktop.
Save jcgillespie/84ecbc7c3a5c41388f64e8b6dc2cc182 to your computer and use it in GitHub Desktop.
Download ZIP
Running Tailscale on Ubiquiti USG
Raw
running-tailscale-on-ubiquiti-usg.md

You will need ssh access to your USG. I suggest running sudo su so you're the root user throughout

Installation

  1. Download tailscale and put the files in /config/. Find the latest stable or unstable version for your USG's processor.
curl https://pkgs.tailscale.com/stable/tailscale_1.36.1_mips64.tgz | tar xvz -C /tmp
mv /tmp/tailscale_1.36.1_mips64 /config/tailscale
  1. Create the first boot and post config scripts
mkdir -p /config/scripts/firstboot.d
mkdir -p /config/scripts/post-config.d
cat << EOF > /config/scripts/firstboot.d/tailscale.sh
#!/bin/sh
ln -s /config/tailscale/tailscale /usr/bin/tailscale
ln -s /config/tailscale/tailscaled /usr/sbin/tailscaled
mkdir -p /var/lib/tailscale/
touch /config/auth/tailscaled.state
chmod 0400 /config/auth/tailscaled.state
ln -s /config/auth/tailscaled.state /var/lib/tailscale/tailscaled.state
sudo tailscaled > /dev/null 2>&1 &
disown
sudo tailscale up <your options here, eg. --ssh --accept-routes>
EOF
chmod +x /config/scripts/firstboot.d/tailscale.sh
cp /config/scripts/firstboot.d/tailscale.sh /config/scripts/post-config.d/tailscale.sh
  1. Run your script to start it up
bash /config/scripts/post-config.d/tailscale.sh

Upgrading

Get the latest stable or unstable version. NOTE: if you're connecting over your tailnet, this will abort your ssh connection.

sudo su #if you haven't already

url=https://pkgs.tailscale.com/stable/tailscale_1.37.1_mips64.tgz
curl $url | tar xvz -C /tmp                                   # Download and unpack
location=`find /tmp -type d -iname "tailscale*" | head -n1`   # get the location of the unpacked file
rm -Rf /config/tailscale-prev                                 # remove previous version, if present

tailscale down --accept-risk=lose-ssh && \                    # Take tailscale down
  tsid=`pidof tailscaled` && \                                # Find the pid of the tailscale daemon...
  kill pid $tsid && \                                         # ... and kill it
  mv /config/tailscale /config/tailscale-prev  && \           # move the current version to the previous folder
  mv $location /config/tailscale && \                         # move the new version from /temp into the /config folder
  bash /config/scripts/post-config.d/tailscale.sh             # run the startup script to spin everything back up.

Notes

  1. Extending the work and conversation in this gist
  2. I'm also running NextDNS on my USG and I've not yet found a way to resolve the health check warning regarding Linux DNS. Linux DNS config not ideal. /etc/resolv.conf overwritten. See https://tailscale.com/s/dns-fight
  3. For tailscale config, I'm using my USG as a Subnet router
@deonthomasgy
Copy link

update to 1.60.0 please

@jcgillespie
Copy link
Author

update to 1.60.0 please

@deonthomasgy I think it should work if you update the version numbers in the script, but my USG died and I replaced it with a dream machine, so I don't have a mechanism to test this.

@phillf
Copy link

phillf commented Apr 12, 2024

update to 1.60.0 please

@deonthomasgy I think it should work if you update the version numbers in the script, but my USG died and I replaced it with a dream machine, so I don't have a mechanism to test this.

I can verify this works with USG still.

@phillf
Copy link

phillf commented May 12, 2024

Successful upgrade to 1.66.1

@maroskukan
Copy link

Thank you for this guide. I can confirm that it still works with 1.78.1

@ThybCD
Copy link

ThybCD commented Jan 31, 2025

Successful install with 1.80.0
Thanks !

@phillf
Copy link

phillf commented Jan 31, 2025

Successful install with 1.80.0 Thanks !

Seconded. Just updated my USG-Pro

@cjhdc
Copy link

cjhdc commented Jun 6, 2025
edited
Loading

I have this installed on my USG-Pro 4 (running and authorized as a subnet router), but it refuses to route Tailscale to/from the attached LAN. I've tried setting a static route via GUI and CLI (next hop as the USG4P's tailnet address), but no luck. The router itself can connect just fine to the tailnet. What am I doing wrong?

@cjhdc
Copy link

cjhdc commented Jun 9, 2025
edited
Loading

I have this installed on my USG-Pro 4 (running and authorized as a subnet router), but it refuses to route Tailscale to/from the attached LAN. I've tried setting a static route via GUI and CLI (next hop as the USG4P's tailnet address), but no luck. The router itself can connect just fine to the tailnet. What am I doing wrong?

Thanks to this guide, I discovered that at least the USG4P doesn’t prioritize Tailscale’s Table 52 over the Local Table.

So, in order to connect 10.0.1.0/24 to 10.0.2.0/24 through Tailscale, I needed to add this line to the Local Table on the USG4P:

ip route add 10.0.2.0/24 via 100.126.135.1 table local

I can now ping back and forth across Tailscale. Thought I’d share in case this is able to help others.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment