Brume 2 as a Tailscale exit node

I’m running Beta 4.2.0 on Brume 2. Is there GL inet support for advertising the device as an exit node for Tailscale? I can ssh into device and manually input the command ‘sudo tailscale up --advertise-exit-node’ but that change is lost if there is a reboot. Any advice is appreciated.

If this function is added in the past, the device cannot be accessed. Therefore, this function is not supported yet. The test feature is currently available and will be added in future releases.


I have found a workaround for this by scheduling the command for advertising as an exit node using crontab in Luci

1 Like

I am searching to do the same. Can you please explain how did you do that ? Thanks

It’s probably not the most ideal solution but I have the following scheduled task in LUCI scheduled tasks.
*/1 * * * * sudo tailscale up --advertise-exit-node --advertise-routes= --snat-subnet-routes=false --accept-routes

Not sure this works for your case or not but I have AXT1800 with official 4.2.0 firmware insatlled which with Tailscale function.
Then I follow the process -

SSH to your Gl-iNet router
Change to this folder - usr/bin/gl_tailscale
Find the scripts at line #73 - /usr/sbin/tailscale up … , and added the --advertise-exit-node

Restart the router then my AXT1800 router appeared on Tailscale management console and acting as Exit Node.


Thanks @Dwagie!

However I’m a linux/shell noob, so I got somewhat confused by the instructions. But finally I figured it out.

Here are some more detailed instructions for my fellow noobs:

  1. SSH into the Brume 2 by running ssh root@[ip or hostname of Brume] (e.g. ssh root@ if on the same local network with the default subnet). You can also use its tailnet IP or hostname assuming you’ve already connected it to your Tailscale account.
  2. Enter your Brume 2 password and hit enter/return
  3. Edit the gl_tailscale config file (it’s not a folder—this tripped me up, giving me errors such as /usr/bin/gl_tailscale: Not a directory when trying to cd there) by running vim /usr/bin/gl_tailscale
  4. Scroll down line 73 (as of 4.2.1), which currently reads:
                /usr/sbin/tailscale up --reset $param --timeout 3s
  1. Add in --advertise-exit-node after tailscale up. It should now read:
                /usr/sbin/tailscale up --advertise-exit-node --reset $param --timeout 3s
  1. Save and exit by hitting your esc key, and typing :x and hitting your enter/return key
  2. Restart your Brume 2 and verify that it’s available as an exit node.

These are great instructions. I was able to follow them easily. Thanks

Does Tailscale support multiple exit nodes from a tailscale advertising-exit-node client? Prolly Not looks like just wan exit and lan access. (not refering to multiple subnet nodes for tailscale non compatible clients)
Now when using “VPN policy based on VLAN” The router has two gateways where lan not-assigned to vpn and guest assigned to vpn.
Making the following mods in /usr/bin/gl_tailscale

                if [ -n "$exit_node_ip" ];then
#                       param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
                        param="$param --exit-node-allow-lan-access --exit-node="

#           /usr/sbin/tailscale up --reset $param --timeout 3s
            /usr/sbin/tailscale up --advertise-exit-node --reset $param --timeout 3s

I could tailscale into the router where the vpn is only assigned to the guest network as my exit node for tailscale.
I did some rough testing only with wireguard so I’m not sure how solid it is but I did not have any conflicting results.
Just showing it works.
Tested with gl-axt1800 4.2.3
you also still have to enable exitnode on router device in “Tailscale admin console”
this mod also requires you to enable “allow remote access Wan” and enable “allow remote acces lan” in Tailscale-Gladmin on the router.

Any update on official support for providing exit node capabilities?

Any known problems with the approach described a few comments up at Brume 2 as a Tailscale exit node - #7 by asksimple (seems so simple that there must be some drawbacks/conflicts).

I’ve not had any problems with the above configuration.

1 Like

Thanks @dstnmrgn. I’ve made this change and it’s working great for me too. Fingers crossed!

@dstnmrgn is this configuration still working with you? I applied it and so far no issues

I’ve not had any issues other than having to reapply when I did a firmware update.

1 Like

This mod had been working fine for me for a while, until a new update came out with most likely has overridden that file, while I can do it again, it’s not ideal so is there any update into adding that feature officially?

I’ve been using a Brume2 as an exit node for months, but would really like a standard, clean OpenWRT 23.05 release to play with.


Is this coming to the official firmware at some point? It’s getting a bit tiring having to edit the file over and over after each update.

No idea. I’ve stayed at 4.45 because of that very thing.

@polemarxos , @dstnmrgn

You can add addn’l files to be backed up. See below, Section Tips.

Worth nothing that IP forwarding should be enabled by default on the GL iNet router. Otherwise you’d have to run these commands: