(Flint AX-1800) Tailscale connected but no route working

pinus · 2022-09-24T10:54:54.790Z

Hello,

Did someone manage to use Tailscale on a Flint AX (firmware 4.1.0 beta1) properly?
No trouble at all installing (through the package manager) and authenticating to the Tailscale network.
When I connect the router to Tailscale (tailscale up), the router is showing as connected in the Tailscale admin page, so far so good.
But when I try to ping any other device on my Tailscale network, there’s no response. I’ve tried with the local IP address of the devices (there are tailscale subnet routers in the network) and the Tailscale IP addresses (100.x.x.x). The only valid ping I can receive is with the Flint’s Tailscale IP address.

Do I need to add the Tailscale interface in OpenWRT and do some firewall rules?

Thanks for your help,

Edit : I see that the gl.inet tailscale package is a bit old (it shows version date.20210603 in the admin panel). I tried to update replacing the files tailscale and tailscaled in /usr/sbin, but I got an error message after that. Is arm64 the correct architecture for the Flint AX ?

alzhao · 2022-09-27T11:08:24.517Z

Did you test the ping in the router or your laptop?

You can try do that on the router to see if it works.

Ping add -I to indicate the interface you use for ping.

pinus · 2022-09-27T12:25:16.595Z

Ping was made from the router itself, not my computer.

Strangely, tailscale seemed to mess with some routing, as the router was not visible anymore from goodcloud (even though the logs on the router said that the connectivity to goodcloud was ok).
It also messed with the Wireguard client set on the router, either with dns resolving, either with the routes to the VPN server on the other side (cannot send logs about that for now, I’ve uninstalled tailscale).

You can try tailscale on your side if you have time, it’s free for a single user and 20 devices on the tailnet.

I figured out my needs with a Wireguard server on my remote site and the Flint as a client, so no worries. But tailscale is usually way easier to setup and creates a mesh network instead of a client-server topology.

ss4pcRFradio · 2023-01-28T11:33:55.766Z

First of all, my apologies if this it’s not the correct threat. I find a lot of threats on the forum regarding taiscale.

I’m also having issues with the routes to reach my subnets on my pfsense router with tailscale.
To add more information, I have 2 more devices (iphone and ipad) that with their tailscale’s client can reach host on the subnets that my pfsense is advertising.

Here is my configuration

router: GL-AXT1800
Firmware: latest snapshot from GL.iNet download center
OpenWRT version: OpenWrt 21.02-SNAPSHOT r16399+159-c67509efd7
Kernel: 4.4.60
Tailscale package version: 1.32.2-dev

My issues:

I have a pfsense router witgh tailscale that it’s advertising the following networks:

10.0.1.0/24
10.0.20.0/24
10.0.200.0/24

If I make an ssh connection into my GL-AXT1800 I can ping any host into those networks. But if I try to ping or reach any host from the LAN (10.0.50.0/24) of my gl-inet router I cannot ping or reach them.

I can see that the routes are populated into my gl-inet router

root@GL-AXT1800:~# ip route show table 55
10.0.1.0/24 dev tailscale0
10.0.20.0/24 dev tailscale0
10.0.200.0/24 dev tailscale0

Thanks in advance
Kind regards