I’m running Beta 4.2.0 on Brume 2. Is there GL inet support for advertising the device as an exit node for Tailscale? I can ssh into device and manually input the command ‘sudo tailscale up --advertise-exit-node’ but that change is lost if there is a reboot. Any advice is appreciated.
If this function is added in the past, the device cannot be accessed. Therefore, this function is not supported yet. The test feature is currently available and will be added in future releases.
I have found a workaround for this by scheduling the command for advertising as an exit node using crontab in Luci
I am searching to do the same. Can you please explain how did you do that ? Thanks
It’s probably not the most ideal solution but I have the following scheduled task in LUCI scheduled tasks.
*/1 * * * * sudo tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24 --snat-subnet-routes=false --accept-routes
Not sure this works for your case or not but I have AXT1800 with official 4.2.0 firmware insatlled which with Tailscale function.
Then I follow the process -
SSH to your Gl-iNet router
Change to this folder - usr/bin/gl_tailscale
Find the scripts at line #73 - /usr/sbin/tailscale up … , and added the --advertise-exit-node
Restart the router then my AXT1800 router appeared on Tailscale management console and acting as Exit Node.
Thanks @Dwagie!
However I’m a linux/shell noob, so I got somewhat confused by the instructions. But finally I figured it out.
Here are some more detailed instructions for my fellow noobs:
- SSH into the Brume 2 by running
ssh root@[ip or hostname of Brume]
(e.g.ssh root@192.168.8.1
if on the same local network with the default subnet). You can also use its tailnet IP or hostname assuming you’ve already connected it to your Tailscale account. - Enter your Brume 2 password and hit enter/return
- Edit the
gl_tailscale
config file (it’s not a folder—this tripped me up, giving me errors such as/usr/bin/gl_tailscale: Not a directory
when trying tocd
there) by runningvim /usr/bin/gl_tailscale
- Scroll down line 73 (as of
4.2.1
), which currently reads:
/usr/sbin/tailscale up --reset $param --timeout 3s
- Add in
--advertise-exit-node
aftertailscale up
. It should now read:
/usr/sbin/tailscale up --advertise-exit-node --reset $param --timeout 3s
- Save and exit by hitting your esc key, and typing
:x
and hitting your enter/return key - Restart your Brume 2 and verify that it’s available as an exit node.
These are great instructions. I was able to follow them easily. Thanks
Does Tailscale support multiple exit nodes from a tailscale advertising-exit-node client? Prolly Not looks like just wan exit and lan access. (not refering to multiple subnet nodes for tailscale non compatible clients)
Now when using “VPN policy based on VLAN” The router has two gateways where lan not-assigned to vpn and guest assigned to vpn.
Making the following mods in /usr/bin/gl_tailscale
if [ -n "$exit_node_ip" ];then
# param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
param="$param --exit-node-allow-lan-access --exit-node=192.168.9.0/24"
# /usr/sbin/tailscale up --reset $param --timeout 3s
/usr/sbin/tailscale up --advertise-exit-node --reset $param --timeout 3s
I could tailscale into the router where the vpn is only assigned to the guest network as my exit node for tailscale.
I did some rough testing only with wireguard so I’m not sure how solid it is but I did not have any conflicting results.
Just showing it works.
Tested with gl-axt1800 4.2.3
you also still have to enable exitnode on router device in “Tailscale admin console”
this mod also requires you to enable “allow remote access Wan” and enable “allow remote acces lan” in Tailscale-Gladmin on the router.
Any update on official support for providing exit node capabilities?
Any known problems with the approach described a few comments up at Brume 2 as a Tailscale exit node - #7 by asksimple (seems so simple that there must be some drawbacks/conflicts).
I’ve not had any problems with the above configuration.