I know it’s possible to route the traffic of remote clients connected on to a GL Wireguard server through a Wireguard client on the same router, but this will not work in countries where user routers are behind a double NAT.
In this case, users can still remotely connect to the router using Tailscale and also route all traffic through the router, by selecting it as an exit node. However, it’s not currently possible to route this Tailscale remote traffic further on through a VPN client on the router.
My suggestion for the GL web admin on routers with Tailscale enabled would be to add “Tailscale Remote” clients as a new “specified connection type” on the VPN dashboard in firmware 4.8+. The same place where Wireguard and OpenVPN servers appear if they are enabled, to facilitate GL’s VPN cascading function.
Thank you for the detailed suggestion. We will share this with our product team and evaluate whether it can be considered for a future firmware release.
At present, routing Tailscale exit-node traffic through a VPN client is only achievable through manual configuration in LuCI. Please note that this approach is not officially supported, may become unstable after reboot or firmware changes, and typically requires custom scripts to maintain persistence.
You can review the community discussion and example configuration here:
I am glad to hear you think it is a feature worth considering. The GUI integration with the other advanced routing parameters by IP/Domain and MAC address would be a much more powerful solution than this LuCi workaround, not to mention easier to set up and make persistent as you say.