Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Key expiration question

    Scheduled Pinned Locked Moved Tailscale
    4 Posts 2 Posters 379 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC
      chudak
      last edited by

      Hello
      I was under the impression that the "Expire disabled" option in my TaleScale settings (via the website) would mean that I don't need to update anything.
      However, it seems that my PFS setup wants a new key every 90 days.

      Is there a way to avoid this?

      Someone knowledgeable please clarify.
      TIA

      patient0P 1 Reply Last reply Reply Quote 0
      • patient0P
        patient0 @chudak
        last edited by

        @chudak said in Key expiration question:

        However, it seems that my PFS setup wants a new key every 90 days.

        Does Tailscale send you a reminder that the key is expiring? I don't use Tailscale with pfSense daily (sometimes disabled), "Expire disabled" does work for all the devices I set it (OpenWrt, Gl.inet/OpenWrt, pfSense, Android).

        Does the 'Expire disabled' work for other devices?

        I just enabled Tailscale on pfSense again, after many moons, all good:
        Screenshot 2025-03-22 at 21.34.10.jpeg

        chudakC 1 Reply Last reply Reply Quote 0
        • chudakC
          chudak @patient0
          last edited by

          @patient0 said in Key expiration question:

          @chudak said in Key expiration question:

          However, it seems that my PFS setup wants a new key every 90 days.

          Does Tailscale send you a reminder that the key is expiring? I don't use Tailscale with pfSense daily (sometimes disabled), "Expire disabled" does work for all the devices I set it (OpenWrt, Gl.inet/OpenWrt, pfSense, Android).

          Does the 'Expire disabled' work for other devices?

          I just enabled Tailscale on pfSense again, after many moons, all good:
          Screenshot 2025-03-22 at 21.34.10.jpeg

          I don’t recall getting any emails from TS
          My PFS stopped connecting and that’s it 🤷🏼‍♂️

          1 Reply Last reply Reply Quote 0
          • chudakC
            chudak
            last edited by

            From TS support

            "I’m Kelly from the Tailscale support team. Thanks for reaching out! This is a common point of confusion- Even with the “Key Expiry: Disabled” option selected in the Tailscale web UI, that only applies to machines authenticated via the web login.

            You need to generate a Reusable, Ephemeral = false, Pre-Auth Key via the Tailscale admin panel, and use that on the pfsense."

            1 Reply Last reply Reply Quote 1
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.