If you use Tailscale exit node routing on a GL.iNet router for remote work or other critical IP privacy purposes, then you'll probably want to give this a read. The gl-tailscale-fix plugin closes common IP leaks on TS client routers and provides one-click functionality to use your GL router as a TS exit node.
https://remotetohome.io/blog/gl-tailscale-fix/
Latest reddit discussion on the topic: https://www.reddit.com/r/GlInet/comments/1rohrna/enhanced_tailscale_for_glinet_routers_proper_ts/
Uuuuuh, love it! 
Update for anyone using this. The current plugin (v1.0.18) is designed to remove itself if you upgrade to 4.9.x firmware. This was intentional as GL was making significant changes to the GL TS implementation in this firmware version and we didn’t want potential conflicts.
Unfortunately, initial testing with 4.9 firmware has shown that using it as a “VPN” (connected to an exit node) is just as exposed to IP leaks as the prior firmware. There was no improvements in the 4.9 implementation for a killswitch, guest routing, or the “TS Tiny” binary from @admon for increased performance and efficiency.
If you are using TS on a travel router for remote work purposes, you may want to consider downgrading to 4.8.x and re-installing the plugin. We are working on an update to close the 4.9.x firmware gaps without creating conficts with the newly added GL “exit node” or “IP masq” functions that overlap with the same functions in the plugin.
Thanks @rthco for letting us know and for your work. Looking forward to any future updates of your script.
Update.. gl-tailscale-fix v1.0.19 released that is now compatible with GL 4.9.0 firmware TS functionality (and still backward compatible for 4.8 and prior firmware).
Will try to update the blog post doc this weekend. Direct download link:
EDIT:
Blog documentation (and how-to) have been updated as well (4/25):
https://remotetohome.io/blog/gl-tailscale-fix/#update-v1019
Important IP leak testing note for 4.9.x firmware:
As of April 24, 2026 - The same prior IP leaks persist in the initial 4.9.x GL firmware series. GL attempted to add a TS killswitch, but the priority 9920 blackhole rules they added do not resolve these leaks. The plugin’s policy routing (ip rule + ip route ) killswitch method is still required.
EDIT: Further testing - this ^^ wasn't correct. It wasn't that GL's 9920 was failing, it's that prior KS attempts were reverted out of v4.9, and 4.9.0 shipped with NO killswitch protection (if not using the plugin).
These leaks can easily be user-replicated using the testing process described in the post.
https://remotetohome.io/blog/gl-tailscale-fix/#proving-it
Hi,
Many thanks for your awesome work 
I’ve a little issue after upgrading to 4.8.6 and updating gl-tailscale-fix from 1.0.18 to 1.0.19.
It still indicates that I’ve version 1.0.18 in GL.iNet ui:
(following in the next message)
(following…)
It’s properly installed in Luci:
After upgrading to 4.8.6, when I wanted to update gl-tailscale-fix, I didn’t find it in Luci software list.
Then I uploaded gl-tailscale-fix_latest_all.ipk and it appeared under Luci Ui as 1.0.19 as expected.
However, Gl.iNet UI kept version 1.0.18 as in first capture.
I tried several things:
Many thanks in advance!
Hi @Quenotte - This sounds very much like a browser cache issues. They are very persistent on these static GUI pages. Can you please try a hard-refresh the Tailscale page in your browser (Ctrl+Shift+R on Linux/Windows, Cmd+Shift+R on Mac, or open in a private/incognito window).
That clears the cached v1.0.18 JS and the badge should refresh to v1.0.19. The plugin itself appears correctly installed, it's just the version stamp baked into the JS that needs a fresh load.
If you want to confirm the file on disk is v1.0.19, SSH in and run:
zcat /usr/share/ts-fix/www/ts-fix.js.gz | grep "var VERSION"
Should return var VERSION = '1.0.19'; directly from the current installed package.
I'll try to add some cache-busting in the next version to help with this display issue.
It was a browser cache issue as expected…
Many thanks again!