Configure tailscale on the GL.iNet router to route all traffic from a local network through the tailscale server Exit Node

Technical Support for Routers
1

The goal is to use the remote server with a tailscale exit node as an output point to the public internet for all devices connected to the GL.iNet router, similar to this using a VPN client on the router configured as Global Proxy.

1. How to make accessible from the local network the other hosts from my virtual tailscale network?

I have enabled and configured tailscale on the router.
In tailscale router config enabled - Allow Remote Access for WAN and LAN.
Router Virtual IP in tailscale network in 100.65.197.nn.

In my tailscale virtual network there are other hosts, including the server which I want to use as an exit node, the IP of it is 100.95.177.nn.

When ssh to the GL.iNet router I’m able to ping the other hosts in the tailscale network, e.g. 100.95.177.nn.

To the GL.iNet router is connected laptop, the private/local IP on laptop is 192.168.8.185.
From the 192.168.8.185 I’m able to ping and connect to the router Virtual IP in the tailscale network in (100.65.197.nn).
But from 192.168.8.185 to accessible other hosts in virtual tailscale network, including 100.95.177.nn.

Screenshot 2025-01-22 at 17.53.01
Screenshot 2025-01-22 at 17.53.011838×1490 310 KB

2. How to route all traffic of the local network to the public internet through the tailscale server Exit Node.

The tailscale server Exit Node is configured properly.

To verify I can connect to the tailscale network using a tailscale proprietary application e.g. from the phone and terminate to public internet through my tailscale server Exit Node.

Then in GL.iNet router tailscale config applied Custom Exit Node, selected my through tailscale server Exit Node.

In the tailscale Admin console for the GL.iNet router (100.65.197.nn) I have approved/checked route settings for subnetworks:
192.168.8.0/24 - LAN
192.168.0.0/24 - WAN

Screenshot 2025-01-22 at 18.20.47
Screenshot 2025-01-22 at 18.20.471016×1030 65.9 KB

After plying Custom Exit Node in the GL.iNet router.
When SSH to the GL.iNet router, it still has access to the public internet and terminates in public internet through my tailscale server Exit Node.

But all devices in the GL.iNet router local network lost access to the public internet.

I suspect that issue is related to the first question here.
That from the local network not available virtual IP of tailscale server Exit Node - 100.95.177.nn.
So not able to route traffic through it.

Screenshot 2025-01-22 at 18.20.35
Screenshot 2025-01-22 at 18.20.351014×908 56.9 KB

Screenshot 2025-01-22 at 17.54.29
Screenshot 2025-01-22 at 17.54.292306×1070 236 KB

Please help to properly configure tailscale on the GL.iNet router to route all traffic from a local network through the tailscale server Exit Node.

2

Hello,

I saw you have contacted the support team via the email, and my colleague is following your ticket, please continue to discuss via the email.

If have any update or resolution, please let us know. Thanks.

5

Hello again Bruce,

As I said in my earlier post about bricking my Beryl-AX with an OpenWrt firmware upgrade, what I was actually wanting to do was exactly this ^. Get all LAN traffic to go through Tailscale and thence to remote exit node. As with Aleksandr here, my Tailscale network is fine. But choosing a "custom exit node" in the tailscale instance on the Beryl causes loss of internet access from the Beryl. I have tried pretty much all of what has been suggested here without success.

6

Beryl AX loses Internet access is since there is no correct route to exit node after enabling and selecting the exit node3. .

  1. Can this exit node be used normally on other tailscale clients (for example, Android, iOS)?
  2. After Beryl AX selects exit node, please approval the subnet route in the Tailscale center for Beryl AX
    .
7
  1. Yes. The tailscale vpn is functioning correctly. e.g. I can SSH from laptop to a remote PC, use taildrop, select the remote PC as exit node and the laptop has the ip address of the PC. Same from android ‘phone to PC.
  2. Tailscale installed on Beryl and shows on the Tailscale “machines” web interface as being up, connected to tailnet.

At this point, LAN traffic on the Beryl has internet access, but the ip address of wifi-connected devices is the local one. If I then approve the advertised sub nets at the tailnet interface, then on the Beryl select “custom exit node” and select either subnet, LAN traffic on the Beryl loses internet access.

I have tried setting up a tailscale0 interface and altering the firewall as per the threads. I can’t get it to work. I have not tried altering the ACLS code.

Regards.

8

Hi,

Thanks for your updates.

On the client devices under the router, can ping 8.8.8.8?
If it can, try changing the DNS address manually.

No need to modify the code.
Please try unbind this router from Tailscale, and reset the firmware of router, and re-bind one more time.