Tailscale Android: per-app routing to Termux cycles up/down on ~10-min interval #105

New issue

Open

opened 2026-05-24 18:47:51 +00:00 by coilysiren · 0 comments

coilysiren commented 2026-05-24 18:47:51 +00:00

Owner

Copy link

Symptom

From Kai's Pixel 9 (100.77.253.100, tailnet name pixel-9), Termux loses ability to reach the tailnet on a ~5-10 minute interval, then self-recovers ~5-10 minutes later, then drops again. Chrome on the same phone stays reachable throughout (loads http://api/ and https://forgejo.coilysiren.me continuously). No phone-side intervention triggers recovery - it just comes back on Tailscale's timescale.

Started: within the last few weeks per Kai. Tailscale Android shipped recent changes to per-app VPN routing.

Diagnostic evidence gathered today

• ping -c 3 100.69.164.66 from Termux: 100% packet loss during 'down' window
• ssh -4 -v kai@100.69.164.66 from Termux: hangs at Connecting to ... port 22; SYN never reaches kai-server (no entry in auth.log for the attempt)
• mosh kai@100.69.164.66 from Termux: connects fine during 'up' windows; survives the 'down' windows because mosh's UDP transport tolerates the gap
• Tailscale split-tunnel: exclude-list, Termux NOT excluded (so it should be tunneled)
• Always-on VPN: enabled
• Battery optimization: Unrestricted for both Tailscale and Termux
• Tailscale app health: occasional 'San Francisco relay unavailable' warning, otherwise healthy

Workaround

Use mosh exclusively from Termux instead of ssh. Mosh's session-resumption is purpose-built for this failure mode. ssh from Termux is currently unusable.

Server-side: nothing to do

kai-server's sshd, mosh-server, and ufw are all healthy. Packets simply aren't arriving. This is an upstream Tailscale Android client bug.

Next steps when there's time

• Reproduce with Tailscale Android debug logs (tailscale bugreport from the phone) and file upstream at github.com/tailscale/tailscale
• Pin Tailscale Android version that worked (check Play Store update history)
• Consider whether downgrading Tailscale Android is worth it

Related

• Tracking doc: coilysiren/mobile-ssh-debug.md on Kai's workstation
• infrastructure#102, #103, #104 - server-side hygiene surfaced during the same session

Filed by Claude.

**Symptom** From Kai's Pixel 9 (`100.77.253.100`, tailnet name `pixel-9`), Termux loses ability to reach the tailnet on a ~5-10 minute interval, then self-recovers ~5-10 minutes later, then drops again. Chrome on the same phone stays reachable throughout (loads `http://api/` and `https://forgejo.coilysiren.me` continuously). No phone-side intervention triggers recovery - it just comes back on Tailscale's timescale. **Started:** within the last few weeks per Kai. Tailscale Android shipped recent changes to per-app VPN routing. **Diagnostic evidence gathered today** - `ping -c 3 100.69.164.66` from Termux: 100% packet loss during 'down' window - `ssh -4 -v kai@100.69.164.66` from Termux: hangs at `Connecting to ... port 22`; SYN never reaches kai-server (no entry in `auth.log` for the attempt) - `mosh kai@100.69.164.66` from Termux: connects fine during 'up' windows; survives the 'down' windows because mosh's UDP transport tolerates the gap - Tailscale split-tunnel: exclude-list, Termux NOT excluded (so it should be tunneled) - Always-on VPN: enabled - Battery optimization: Unrestricted for both Tailscale and Termux - Tailscale app health: occasional 'San Francisco relay unavailable' warning, otherwise healthy **Workaround** Use `mosh` exclusively from Termux instead of `ssh`. Mosh's session-resumption is purpose-built for this failure mode. ssh from Termux is currently unusable. **Server-side: nothing to do** kai-server's sshd, mosh-server, and ufw are all healthy. Packets simply aren't arriving. This is an upstream Tailscale Android client bug. **Next steps when there's time** - Reproduce with Tailscale Android debug logs (`tailscale bugreport` from the phone) and file upstream at github.com/tailscale/tailscale - Pin Tailscale Android version that worked (check Play Store update history) - Consider whether downgrading Tailscale Android is worth it **Related** - Tracking doc: `coilysiren/mobile-ssh-debug.md` on Kai's workstation - [infrastructure#102](https://forgejo.coilysiren.me/coilysiren/infrastructure/issues/102), [#103](https://forgejo.coilysiren.me/coilysiren/infrastructure/issues/103), [#104](https://forgejo.coilysiren.me/coilysiren/infrastructure/issues/104) - server-side hygiene surfaced during the same session **Filed by Claude.**

coilysiren referenced this issue 2026-05-24 18:52:31 +00:00

Home 5GHz WiFi: Tailscale tunnel cycles up/down on ~2-5 min intervals from this network only #106

coilysiren referenced this issue 2026-05-24 20:00:26 +00:00

Home 5GHz WiFi: Tailscale tunnel cycles up/down on ~2-5 min intervals from this network only #106

coilysiren added the

P3

label 2026-05-31 01:54:37 +00:00

coilysiren added

P4

and removed

P3

labels 2026-05-31 07:00:42 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

dispatch/issue-294

tangled-knot

dispatch/issue-216

No results found.

Labels

Clear labels

  

P0

now / blocking / urgent

  

P1

next / important

  

P2

backlog / will do

  

P3

someday / low

  

P4

icebox / frozen / reopen if it becomes real

No labels

P0

P1

P2

P3

P4

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

coilyco-flight-deck/infrastructure#105

No description provided.