Bug #16004
open
tailscale unexpected state: NoState
0%
Description
Found taiscale down today, status: unexpected state: NoState
Restarting the service didn't fix the issue.
To fix, I had to remove pfsense from tailnet, register a new key and login again with pfSense.
Then, disabled key expiry, changed the hostname to what was set previously, same for tailnet IP.
Saved, accepted routes in tailnet and done.
pfSense 2.7.2, all packages up to date, including system pachtes (all patches applied).
Found some users mentioning that this issue may be related to KEA, but I'm not using KEA and I can't see that there is a relation between tailscale and KEA.
Also found some posts in tailscale github page, mentioning that the --unattended fixes the issue.
Please, let me know if I can provide more details about this.
Files
Updated by Satrajit Das 8 months ago
Upgraded to 25.07 and facing the same issue. Tried the "tailscale up" command as suggested in the netgate forum thread but restarting the tailscale service kills the login again.
Updated by Lance Fogle about 3 hours ago
This is STILL a problem. You can easily reproduce. The issue is that it seems like the package tries to re-auth using the saved key instead of using existing state. This leads to an issue when you use one-time use keys (like everyone typically does for network devices) so that the firewall is a tagged device with no key expiry. This should allow the firewall to stay connected for infinite time but instead, it tries to auth you get this after saving anything in the GUI (i.e., adding/removing subnets advertised, etc.):
This should NOT happen and does not happen for any tailscale install outside of pfsense package. This really needs to be fixed in order to be useful at all. Otherwise, the ONLY fix is getting local access to the firewall to provide a new one-time auth key as mentioned above.
Updated by Satrajit Das about 3 hours ago
Looks like also reported here: https://redmine.pfsense.org/issues/16751