Troubleshooting Tailscale Connection Issues to Porter-Managed Databases

Last updated: September 19, 2025

If you're experiencing difficulties connecting to your Porter-managed database via Tailscale, follow these troubleshooting steps to resolve the issue:

1. Verify Your Authentication Key

Ensure that your Tailscale authentication key is up-to-date. If you've recently regenerated the key, make sure to update it in your Porter configuration.

2. Check DNS Configuration

DNS misconfiguration is a common cause of Tailscale connection problems. Follow these steps to troubleshoot:

  1. Check your local DNS configuration:

    • Run cat /etc/resolv.conf with Tailscale on and off

    • Compare the results to see if there are any differences.

  2. Test with exit node enabled and disabled to see if it affects the connection (Note: Exit node must be enabled for Porter CLI commands when public cluster access is closed)

3. Override Local DNS Settings

If your local DNS results have 192.168.0.0/16 address, consider overriding Local DNS in the Tailscale console:

  1. Log in to your Tailscale admin console

  2. Navigate to the DNS settings page

  3. Enable "Override local DNS"

  4. Disable "Magic DNS"

  5. Re-enable "Magic DNS"

  6. On your local machine, turn Tailscale off and on again to apply the changes

4. Add Public DNS Servers

To ensure reliable DNS resolution, consider adding public DNS servers to your Tailnet:

  • Cloudflare DNS (1.1.1.1)

  • Google Public DNS (8.8.8.8)

Image of the Global nameservers settings page in the Tailscale admin console. The page shows options to override the local DNS settings, with options to use Cloudflare Public DNS and Google Public DNS. The 'Override local DNS' switch is currently turned off.

You can add these in the same DNS settings page of your Tailscale admin console.

When Tailscale Integration is Required

If you've implemented SOC 2 compliance controls or closed your cluster's public access, Tailscale integration becomes mandatory for connecting to Porter-managed databases. In this configuration:

  • The porter datastore connect command will timeout without Tailscale

  • You must activate Tailscale with the exit node enabled to run Porter CLI commands

  • Standard database connections that previously worked with public access will require Tailscale

Important: Exit node activation is critical for Porter CLI functionality when public cluster access is disabled.

Still Having Issues?

If you're still unable to connect after trying these steps, contact Porter support. We may need to investigate your specific Tailscale configuration to resolve the issue.