[Tailscale-native] update 1.52.1 without new APKG (shell script)

Native port (no docker) of tailscale VPN client / server
A frustratingly simple VPN.
Tailscale lets you easily manage access to private resources, quickly SSH into devices on your network, and work securely from anywhere in the world.

Moderator: Lillian.W@AST

User avatar
father.mande
Posts: 1808
youtube meble na wymiar Warszawa
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

[Tailscale-native] update 1.52.1 without new APKG (shell script)

Post by father.mande »

Hi,

An update of tailscale to version : 1.38.2 is available

Please update using internal update mechanism ( https://forum.asustor.com/viewtopic.php?f=244&t=13686 ) replace 1.36.2 by 1.38.2

changelog :
Tailscale v1.38.2

ALL PLATFORMS
tailscale lock tskey-wrap has been replaced by tailscale lock sign
tailscale lock sign now supports signing auth keys
LINUX
--tun=userspace-networking issue running in Azure App Services
MACOS
Sparkle automatically checks updates for the standalone package. This does not impact the App Store package.
FREEBSD
Issue setting the effective group ID on some non-interactive Tailscale SSH sessions. This issue is specific to FreeBSD’s implementation of setgroups and does not impact other platforms.
Mar 17, 2023
Multi-use invite links
Create multi-use invite links in the Machines page of the admin console, for sharing nodes
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update without new APKG (shell script)

Post by father.mande »

Hi,
An update of tailscale to version : 1.38.3 is available

Please update using internal update mechanism ( viewtopic.php?f=244&t=13686 ) replace 1.36.2 by 1.38.3

Not so major to require an APKG update

changelog :
Mar 31, 2023
Tailnet lock works for additional scenarios
Tailnet lock works with shared nodes and Tailscale SSH console
Mar 30, 2023
Tailscale Funnel Beta

Route traffic from the wider internet to one or more of your Tailscale nodes.
Mar 29, 2023
Tailscale v1.38.3

ALL PLATFORMS
Support for stripping HTTP request paths from Funnel proxy routes (#6571)
Tailscale Funnel is now beta
tailscale serve issue that did not use actual SrcAddr as X-Forwarded-For
LINUX
Certificate storage issue that did not actually use Kubernetes secrets
WINDOWS
Upgraded the Walk framework for the GUI client to improve menu responsiveness
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.46.1 without new APKG (shell script)

Post by father.mande »

Hi,

New update is available 1.46.1
... use internal update (before new APKG) : as root/your_admin_password use command : tailscale_mngt update
... VERY important for arm64 series ....

Changelog :
Jul 26, 2023
Tailscale v1.46.1

ALL PLATFORMS
Issue with tailnet lock signature verification
LINUX
Crash issue on ARM64
ANDROID
DNS and subnet routes issue
Jul 25, 2023
Autogroup now supports autogroup:member syntax
Syntax for autogroups now supports autogroup:member in addition to autogroup:members when referring to all users in a tailnet
Jul 24, 2023
OAuth scopes for logs API endpoints
The logs:read OAuth scope can be used to grant API access to configuration audit logs
The network-logs:read OAuth scope can be used to grant API access to network flow logs
Jul 20, 2023
SCIM ACL validation warnings in API
The tailnet policy file validation endpoint will now return warnings about SCIM synced groups in addition to errors in the response object. These will be the same warnings you would have seen visually in the admin console if you had tried to save that policy file. See the user and group provisioning documentaiton for more detail.
Jul 19, 2023
iOS app redesign

The Tailscale iOS client is updated with significant design and engineering improvements
Tailscale v1.46.0

LINUX
Initial support for nftables-based configuration. This option is currently behind a temporary flag for testing and feedback. See issue #391 for details.
WINDOWS
Tailnet lock is now supported
MACOS
Tailnet lock is now supported
IOS
Tailnet lock is now supported
Onboarding flow is added for easier initial setup of the app
Ping devices on your tailnet from the app
The app Machines page is improved
The app Exit Node section is improved
The app Settings page is improved
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.48.1 without new APKG (shell script)

Post by father.mande »

Hi,

New update available 1.48.1 (after 1.48.0 postponed for Linux)
... use internal update (before new APKG) : as root/your_admin_password use command : tailscale_mngt update

[Changelog]
Tailscale v1.48.1

ALL PLATFORMS
Fix a security vulnerability in UPnP port mapping (TS-2023-006)
LINUX
Resolve nftables interaction between Tailscale and UFW which resulted in blocking subnet routed traffic
SYNOLOGY
Determine correct CPU architecture in tailscale update (#8927)
Aug 18, 2023
Sync Azure AD groups to use in your Tailscale ACLs

User & group provisioning for Azure AD (beta)
Sync Azure AD groups to use in your Tailscale ACLs
Aug 16, 2023
Log streaming with Panther Labs GA

Log streaming integration with Panther Labs GA (generally available)
Use Panther Labs for Log streaming
Tailnet lock beta

Tailnet lock is now in beta
Use tailnet lock to require your nodes to verify node keys distributed by the coordination server before trusting them
Tailscale Funnel interactive web UI
The Tailscale CLI now guides users through enabling serve and funnel.
Tailscale v1.48.0

ALL PLATFORMS
tailscale exit-node sub-command
--upstream flag in the tailscale version command
The tailscale funnel command provides an interactive web UI that prompts you to allow Tailscale to enable Tailscale Funnel on your behalf
The tailscale serve command provides an interactive web UI that prompts you to allow Tailscale to enable HTTPS and Tailscale Funnel on your behalf
Tailnet lock is in beta
LINUX
Note: 1.48.0 introduced a regression in the interaction between Tailscale and Linux ufw. The Linux release has been withdrawn pending a fix.

Support for nftables
RPM packages are now fully signed
Support for the tailscale update command on Alpine, Arch and Fedora distro families
SYNOLOGY
Support for the tailscale update command
MACOS
Support for the tailscale update command
IOS
Support for VPN On Demand
VPN tunnel lifecycle improvements
Improved exit node selection
Minor UI tweaks
Aug 15, 2023
GitLab CI/CD support for GitLab Runner
Use the Tailscale GitLab CI/CD configuration to access devices in your tailnet directly from your GitLab Runner
Aug 11, 2023
Machine explorer in the Tailscale VS Code extension

View and interact with machines on your tailnet within the Tailscale extension for Visual Studio Code. Powered by Tailscale SSH, you can remotely manage files, open terminal sessions, or attach remote VS Code sessions.
Aug 9, 2023
Log streaming private endpoints
Use private endpoints (beta) in your tailnet for log streaming
Jul 31, 2023
Additional autogroup value
autogroup:tagged to refer to all tagged nodes in a tailnet
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.48.1 without new APKG (shell script)

Post by father.mande »

Hi,

For people using only AppCentral, the new version (1.48.1) is posted to Asustor for validation.
So just wait .

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

[Tailscale-native] update 1.50.0 without new APKG (shell script)

Post by father.mande »

Hi,

New update available 1.50.0
... use internal update (before new APKG) : as root/your_admin_password (or any administrators with sudo) use command : tailscale_mngt update

[Changelog]
Sep 25, 2023
OAuth access tokens
Requests for OAuth access tokens may now specify a custom set of tags instead of always inheriting the tags from the OAuth client
Requesting OAuth access tokens with invalid scopes will now fail rather than returning a token with default scopes
Tailscale v1.50.0

ALL PLATFORMS
Wikimedia DNS using DNS-over-HTTPS is supported
Build with Go 1.21.1
tailscale update command is unhidden on most platforms
tailscale ping command sends an ICMP Ping code of 0
tailscale webcommand updated to use React
tailscale debug portmap command now has the --log-http option
tailscale netcheck command works even if the OS platform lacks CA certificates
UPnP falls back to a permanent lease if a limited lease fails
WireGuard peer endpoint selections are improved
LINUX
Debian package lists the iptables and iproute2 packages as recommended, not required
nftables support interoperates with Uncomplicated Firewall (UFW)
WINDOWS
tailscale bugreport logs contain additional diagnostic information
Windows executable installer detects when it is running on Windows 7 or Windows 8.x and will automatically download the appropriate v1.44.2 MSI package, which is the final release supporting those operating systems
Windows executable installer no longer embeds MSI packages in the executable. Instead, it automatically downloads the correct package. Users desiring the previous behavior may download the “full” executable installer at pkgs.tailscale.com.
MACOS
Shortcuts are added for finding and pinging devices
Mullvad Exit Nodes allows you to select nodes by country and city
Tailnet lock reliability improvements
Taildrop no longer replaces spaces with %20 in file names when sending files to Windows devices
IOS
Fast user switching is available
iOS 17 supports customized device naming from Settings
App Shortcuts in Spotlight and Siri are supported. Try saying: “Hey Siri, connect to Tailscale” or “Hey Siri, is Tailscale connected?”.
Shortcuts are added for finding and pinging devices
Mullvad Exit Nodes includes an option to pick the best available node
UI accessibility improvements when using VoiceOver
Taildrop no longer replaces spaces with %20 in file names when sending files to Windows devices
VPN On Demand rules are no longer reset when disabled and then restarted
Seems that update is supported (by tailscale and not as now by railscale_mngt) THIS NEED TO BE TESTED in next release, so TAKE ATTENTION to don't break your node at next release and wait for users (me or others) tester.

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
alt_f4
Posts: 9
Joined: Wed Feb 15, 2023 8:54 pm

Re: [Tailscale-native] update 1.50.0 without new APKG (shell script)

Post by alt_f4 »

father.mande wrote:New update available
1.50.1 working fine :-)
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.50.0 without new APKG (shell script)

Post by father.mande »

Hi,
alt_f4 wrote: 1.50.1 working fine :-)
Thanks, I am out up to next Friday ... in mountain ... so thanks to maintains information up to date.

Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.52.0 without new APKG (shell script)

Post by father.mande »

Hi,

Update is available (Major) 1.52.0 tested on my own NAS
... using internal (to the APKG) update mechanism (read previous post)
... I will also post APKG for this version and propose to Asustor the validation for AppCentral
Oct 30, 2023
OAuth clients GA and Search domains GA
OAuth clients GA (generally available)
Use OAuth clients to provide delegated fine-grained access to the Tailscale API
Search domains GA (generally available)
Use Search domains to set custom DNS domain suffixes that are automatically appended to any domain name that is not a fully qualified domain name (FQDN)
Tailscale v1.52.0

ALL PLATFORMS
tailscale cert command renews in the background. The current certificate only displays if it has expired.
tailscale status command displays a message about client updates when newer versions are available
tailscale up command displays a message about client updates when newer versions are available
Taildrop now resumes file transfers after partial transfers are interrupted
Taildrop prevents file duplication
Taildrop detects conflicting file transfers and only proceeds with one transfer
Wake on LAN (WoL) is now supported for peer node wake-ups
TCP DNS queries are speculatively started if UDP hasn’t responded quickly enough
Truncated UDP DNS results are properly retried using TCP
Go is updated to version 1.21.3

LINUX
tailscale set command flag --auto-update is added to opt in to automatic client updates (beta)
tailscale serve and tailscale funnel commands are updated for improved usability
tailscale update command for manual updates is now in beta
Taildrop file transfer displays a progress meter
nftables auto-detection is improved when TS_DEBUG_FIREWALL_MODE=auto is used
DNS detection of NetworkManager with configured but absent systemd-resolved, such as EndeavourOS
DNS detection for Debian resolvconf version 1.90 or later

WINDOWS
tailscale set command flag --auto-update is added to opt in to automatic client updates (beta)
Preferences section contains auto-update setting
Update notice displays, when a new version is available
System policies allow system administrators to set a forced/suggested tailnet name, hide settings menu items, and more
tailscale serve and tailscale funnel commands are updated for improved usability
tailscale update command for manual updates is now in beta
iphlpsvc, netprofm, and WinHttpAutoProxySvc service dependencies are checked during installation

MACOS
tailscale set command flag --auto-update is added to opt in to automatic client updates (beta)
App menu displays a notification item when a newer version is available
System policies allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide categories of network devices and setting menu items, and more
Settings section has an option added for turning on auto-updates
Reauthenticate menu item shows time until expiry more prominently, presenting alerts when necessary
tailscale serve and tailscale funnel commands are updated for improved usability
tailscale update command for manual updates is now in beta
About window more clearly distinguishes between the Standalone and App Store variants of the client
Sparkle is updated to version 2.5.1

IOS
Settings page displays a notification banner when a newer version is available on the App Store
Home and lock screen widgets are supported
System policies allow system administrators to set a forced/suggested tailnet name, prevent the VPN from stopping, hide the VPN On-Demand settings, categories of network devices and settings menu items, and more

TVOS
DNS support when operating as an exit node
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
User avatar
father.mande
Posts: 1808
Joined: Sat Sep 12, 2015 2:55 am
Location: La Rochelle (France)

Re: [Tailscale-native] update 1.52.1 without new APKG (shell script)

Post by father.mande »

Hi,

New update 1.52.1 BUT NOT mandatory for Asustor NAS
... this update can be done using tailscale_mngt update command
... ATTENTION : NAS platforms is for Synology only, even multiple mail the port on Asustor is not integrated by Tailscale team ... considering only docker ... even with limitations compare to native version.
... update integrated (also with cron) in Asustor APKG already (from first version) clean up downloaded upgrades.
Nov 2, 2023
Delete non-provisioned users
Delete non-provisioned users on a tailnet with user & group provisioning enabled
Tailscale v1.52.1

WINDOWS
Resolve an incompatibility with other software that uses wintun
NAS PLATFORMS
Clean up downloaded upgrades after applying them
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
Post Reply

Return to “Tailscale-native”