Skip to content

troubleshooting.md

Latest commit

 

History

History
31 lines (21 loc) · 783 Bytes

troubleshooting.md

File metadata and controls

31 lines (21 loc) · 783 Bytes

Troubleshooting

Sidecar starts but guard fails

Check allocation logs:

nomad alloc logs -stderr <alloc-id> tailscale
nomad alloc logs -stderr <alloc-id> egress-guard

Common causes:

  • missing TS_AUTHKEY
  • auth key expired or not preauthorized
  • tag not allowed by Tailnet ACL tagOwners
  • exit node unavailable or not approved
  • /dev/net/tun unavailable when not using userspace mode correctly

Workload cannot reach internet through proxy

Inside the workload allocation, verify proxy env vars:

env | grep -i proxy
curl -fsS --proxy "$HTTPS_PROXY" https://ifconfig.me/ip

Egress IP verification fails

Set TS_EGRESS_EXPECTED_IPS to the public IP(s) expected from the selected exit node, comma-separated. Leave empty to skip verification.