Connect Worker trough Tailscale VPN

[Skyfay]

I want to use Cronicle over VPN. However, when I add a worker, it is immediately shown as offline. The adding process works though. The problem is probably that Cronicle directly uses the public IP of the server and therefore cannot establish a connection. How can I prevent it from not connecting via the IP address that is entered?

[jhuckaby]

Hi there! So sorry you ran into this. Cronicle v1 requires bidirectional connections between the primary and worker servers. So both primary and workers need to all be behind the same VPN or LAN so they can route to each other.

When a worker starts up, it picks the first non-private IPv4 interface from the network cards to use as the IP. If you need to override this, add a top-level ip property in your config.json file, and set to the IP that the primary should use to connect to the worker.

Cronicle v2 (which will be released later in 2025) redesigns this whole thing, and the connections are ONLY one way. Worker servers connect to the primary server, and NEVER the other way around. This should open up a lot of new use cases that are difficult to setup under v1, specifically around VPNs.

Hope this helps!

[Skyfay]

Okay so i added the ip in the config file and this works. However the worker is listed as offline. Does both connections establish a connection trough port 3012? Because if it picks a random port my setup wont work.

[peterbuga]

@Skyfay
it's not impossible to achieve workers via vpn but not quite easy either. on top of what @jhuckaby mentioned above earlier I'm using some custom routes on top of tailscale that "trick" cronicle all the nodes are available locally when in reality they're physically in multiple places behind NATs.
worth mentioning that i'm using both tailscale and cronicle in containers and not in a host install.

[Skyfay]

Yes, then it gets complicated. I think then I'll wait for the v2 maybe it will work then :)
Thanks for the support.