Running Tailscale in LXD VMs

LXD
#1

Had a question about running Tailscale in LXD VMs. I see the following piece of advice on the tailscale website - https://tailscale.com/kb/1130/lxc-unprivileged/

Had a couple of questions about this

a. Do I still need to do “lxc.cgroup2.devices.allow: c 10:200 rwm” and “lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file” if I am running an LXD VM as opposed to a container?
b. All the advice I see online is in the proxmox context and asks me to modify /etc/pve/lxc/112.conf. I am using lxd directly (via its api). What should I be doing to apply the above configuation, which part needs to be on the host and which part needs to be in the guest LXD vm?

#2

I was able to solve this, but as I started writing things down for this post to describe what I did I notice that the vm no longer has the config keys I applied to it. So its possible that I messed things up but since the steps caused me to go from working to non working am still sharing those

lxc config show <vm_name> > tmp_file
<edit tmp_file to add following lines in config section>
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
<end edit>
lxc config edit <vm_name> < tmp_file

I then rebooted the vm and checked that /dev/net/tun existed and that I could reach the LXD vm from another machine via the tailscale ip.

I will try configuring another vm from scratch over the coming days and update this thread with what I find.

#3

I just tried a new lxd vm completely from scratch and am happy to report that things work perfectly out of the box with tailscale. I just setup nginx and was immediately able to reach it using the tailscale ip. No configuration changes are required at all and the steps I listed above are completely unnecessary.

My initial troubles were linked to the fact that I was trying to get Hashicorp tools working inside the VM and the issue about things not being reachable was a result of me not having configured those tools correctly. This should serve as a reminder to me to change on thing at a time :slight_smile: