Using Coder over Tailscale VPN
I'm troubleshooting a bit of an issue with out setup and am not sure what to do next. We use tailscale for our VPN and use our exit nodes as an allow list for a number of internal tools we host. As we're setting up coder, we'd like to ensure that we can use coder while connected via Tailscale.
When we are connected (and only when using an exit node), we end up having connection problems. For direct ssh, we see tunnels disconnected, and we see similar disconnect issues using VS Code's server & Zed's ssh tunneling. Is there additional configuration needed to get this to work?
Solution:Jump to solution
Hey, this is a known issue, unfortunately. Also seen here: https://github.com/coder/coder/issues/15523
Disabling direct connections (and connecting over a DERP relay instead) within Coder (not Tailscale) will workaround the issue....
7 Replies
<#1387204437528809522>
Category
Help needed
Product
Coder (v2)
Platform
Linux
Logs
Please post any relevant logs/error messages.
Solution
Hey, this is a known issue, unfortunately. Also seen here: https://github.com/coder/coder/issues/15523
Disabling direct connections (and connecting over a DERP relay instead) within Coder (not Tailscale) will workaround the issue.
The linked issue was recently closed because we made changes to ensure DERP is always used if a configuration like yours is detected, but I don't believe that change is yet available in a Coder release.
We'll try that, thank you! We do already have regional proxies installed, so I think this would work well for us if we could make that the default for our control plane.
Related question: will this also prevent trying to access STUN servers in a more isolated environment?
You can disable STUN servers seperately! https://coder.com/docs/tutorials/faqs#im-experiencing-networking-issues-so-want-to-disable-tailscale-stun-direct-connections-and-force-use-of-websocket
You probably don't need
CODER_DERP_FORCE_WEBSOCKETS thoughhey @Scott Windsor were you successful with it?