Feedback on Tailscale implementation, v4.2 firmware

Last one, I managed to get MagicDns on my clients working as well.

Trick is to set DNS forwarding for your tailscale domain to the tailscale DNS server (

In Luci: Network → DHCP and DNS → Add a forwarding record like '/'

Honestly, this is pretty great. I can access my entire tailnet just by having the router connected. There are some security implications of using the router as gateway into the tailnet (ACL, etc.) but still very cool. Makes me wish the UniFi UDM I’m using as my primary router had similar functionality

1 Like

what sort of magic is in the included 1.32.2-dev version of tailscale that is not in the mainline tailscale repo?

I am able to get the 1.32.2-dev version to work with using an exit node on a new beryl AX but if I pop in 1.36.x nothing can get out of the router. tailscale stops connecting and no traffic passes through.

I am familiar with the mwan3 and firewall rule 52 type stuff, not finding the current issue that just makes tailscale work fine other than when using an exit node.

It changes the tailscale ip route table to 55 and chunks an extra 0 on the bypassmark/marknum.

You could probably look at the patch in the repo and alter it based on any changes to linux_router.go.


with above setting,
client(subnet: did not connect to tailscale device(subnet:,
and tailscale device did not also connect to
but finally resolved problem with cli command like below.

sudo tailscale up  --advertise-routes= --accept-routes


do you have any news for an “advanced panel” for choosing another controler server ?
i’am on an AXT1800 model

and i thanks FountainHospital for the mini guide :slight_smile:

but finally resolved problem with cli command like below.

sudo tailscale up  --advertise-routes= --accept-routes

I found that this cli command must be needed if IPv6 with NAT setting.
With IPv6 Native or Passthrough or Disabled IPv6, above GUI setting may work properly.

Hi @FountainHospital thanks for this tutorial. This is exactly what I’m looking to do instead of setting up tailscale on each client.

I am struggling with your setup though. Do you think you could help me? I followed the interface and firewall setup exactly like you described, but here’s what I get when everything is done:

ping /t

Pinging with 32 bytes of data (ping from a client connected to the router with tailscale):
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from bytes=32 time=210ms TTL=63
Reply from bytes=32 time=38ms TTL=63
Reply from bytes=32 time=40ms TTL=63
Request timed out.
Request timed out.

My tailscale SSH sessions connect and on the first keypress they disconnect. Looks like some settings fight with each other. Also, I cannot access advertised routes from other nodes.
I can provide logs/screenshots if necessary.
P.S. I am using Beryl AX MT-3000 FW v4.2.1

Did some more testing. Enabled one of tailscale exit nodes. The router itself reports exit node IP, but a client connected to the router reports router’s WAN IP. Before setting up these firewall rules, when I enabled exit node - all traffic stopped and clients did not get internet. Not good…

Tried to disable mwan3 - no changes. Reverting back.

My main goal is not to access the router via WAN or LAN, but to access my tailnet via the router from devices connected to it

Sorry I’m not fully sure. I just checked my setup and it’s mostly what I wrote in my previous 2 posts, of course with Tailscale turned on in the normal gl-inet router settings. Then added DNS forwarding for my tailscale domain

DNS forwarding is a bit wonky and sometimes my domain works, sometimes it doesn’t. But direct IP so far has been working for me

I’m not using the exit-node stuff currently but I’ll see if I have some time later to poke around with it

Disabling mwan3 is pretty key here, in my experience.

@jdub I tried disabling mwan3 - this lead me to no changes…
I read on on one of the threads here that tailscale process keeps restarting and this is what I experience as well. Even going back to GL.Inet GUI I can see Tailscale Connecting (yellow) … Connected (green) … Connecting … Connected.
I think when the next firmware arrives I’ll try to wipe all tailscale leftovers and try again,

When trying to manually add firewall rules via a Tailscale interface, something causes a tailscale down/tailscale up loop

This is my experience now. I like the idea of not touching GL.Inet UI (until they work on it) and doing it all in luci/SSH. I will try it in the next few days.
From what I’ve gathered so far --advertise-routes is necessary not only for inbound (from tailnet to router) but also for outbound: Clients → Router with TS → tailnet.
Disabling mwan3 is critical for the exit node functionality, which I am currently not too concerned but nice to have working

Oh… Yeah, I also edited the service file to delete the line they added that does the service start/restart based on the gui. Essentially it “works” if you remove all the Gl.iNet stuff

do you know how to change control server ?

In CLI: tailscale up --login-server URL

Hi, I was just wondering if anybody is having this issue… I got connected to my Tail-scale network with an AXT-1800 (I have used all the current stable and beta software)… I would be downloading a file and all of a sudden after 5 or 6 minutes the file stops downloading (or receiving anything) also at this point all my access to the internet is dead and also connections to my other devices on the network is not accessible after this incident, although I was able to access everything before the sudden stoppage of the download…any help be great…thanks

Does the system reboot when this happened?

No… the system never rebooted itself…but the internet does come back when i shut down Tailscale on the web GUI …Also, FYI…I was able in the beginning after I updated the firmware to stream video also with Tailscale running (this is to one of my Tailscale subnet sites) in addition to my file uploading and downloading…then this issue came about…like I mentioned I tried with all the different versions of the firmware with Tailscale enabled but all end up with the same issue

Hi there,
I have the Brume GL-MT2500 router and I have issues connecting to Tailscale.
I followed all the instruction here, but still not working

things I done:

  1. setup tailscale using GL inet GUI
  2. Added the tailscale0 interface, firewall and NAT rules in LUCI UI
  3. tried to launch the sudo tailscale up --advertise-routes= --accept-routes command from ssh, but I still can’t reach any tailscale device with its IP

Firmware: 4.2.1 updated today
Any idea?

1 Like

Hi, I’ve manage to get Tailscale somewhat function after tinkering with many setting, but the service seems to constantly disconnect and reconnect on my A1300. Is there something I can do to fix this. I bought the router specifically to use with Tailscale.

My case:

  • Router: GL-AXT1800
  • OpenWRT version: OpenWrt 21.02-SNAPSHOT r16399+159-c67509efd7
  • Kernel Version: 4.4.60

Tailscale installed, added tailscale0 interface, firewall and NAT rules in LUCI
I have the same issue that has @lextar but I solved using this CLI command

tailscale set --advertise-routes=xx.xx.xx.xx/24
tailscale set --accept-routes
tailscale up

Then I can reach any other tailscale device.
But, If I reboot the router I loss the config and I need to make again the sames changes.

On my non-standard install of tailscale on the MT1300 beryl How to get Tailscale working on the Beryl MT-1300! I cant get much more than about 1-2 MB/s aka 8-16Mbs. CPU usage on the beryl jumps around at about 40-60% during those speeds. On wireguard I got much faster speeds

4.3.6 RC 1
iperf3 -s Test 1 is direct tailscale connections, test 2 is direct wireguard

Currently glinet is running version tailscale version 1.32.3-1 (OpenWrt)
However in version 1.40 tailscale claim to be faster than native wireguard.

Edit: I manually upgraded to tailscale 1.44 and unfortunately throughput was only slightly faster. 20Mbs or so.