GL-AXT1800 - Tailscale - Remote Subnet Routing Fails

Versions:

  • Openwrt Version - OpenWrt 21.02-SNAPSHOT r16399+159-c67509efd7
  • Kernel Version - 4.4.60
  • Admin Panel - v4.2.1
  • Tailscale - 1.12.3-1

Background:
I’m on the LAN side of the GL-AXT1800 (192.168.150.0/24). Tailscale is installed, running and correctly registered with my tailnet. I have a network subnet advertised from another node on the tailnet (192.168.8.0/22) which I want to route to. This is something I can do with other tailscale clients. The traffic is being dropped. If I logon to Luci, I can see routes for tailscale0 device only covering the tailnet IP ranges (100.88.48.15 for example), it does not include advertised routes on the tailnet.

Question:
How can I fix this? Or is this a bug waiting for a patch?

Can you share more details about the setup? Such as your firewall Settings and routing Settings

The unit is brand new; the only change I have made is changing the LAN range (the defaults conflict with a network I use), as well as adding the Tailscale support through the Glinet App Library. Everything else is as configured by the device, I’ve not added any static routes or custom firewall entries.

Should I add them?

it’s because there is no way to specify --accept-routes=true option in firmware.
I’ve given up on ts on my slateax.

2 Likes

tailscale causes the admin page of the router to become inaccessible after adding this option, which we are working on fixing

1 Like

@radishman - thank you.

(1) --accept-routes=true … is this a CLI call I need to make? If this is the short term fix, I can live with the GUI being unavailable, as long as the routes are up.

(2) I have bought this device specifically for tailscale support. I appreciate bugs take time to fix. But are you looking to release a beta/prod fix in the next weeks, months … or later this year? (I’m travelling a lot at the moment)

(3) Is there a way to subscribe to get software update notifications?

Thanks

1 Like

@radishman sorry to push. But can you help with my questions above?

We’ll fix this as soon as possible.
For now, try adding the argument to line 73 of /usr/bin/gl_tailscale yourself, for example:

Man!! I went through this exact thing and each time had to de-brick my device. Thought I was doing something wrong.

@radishman will you post here when this is fixed or can we follow an issue tracker somewhere?

Thanks!

3 Likes

Just checking in @radishman … I saw the recent firmware update - but there is no Tailscale fix. Any updates on a timeline???

Hello there,
I was wondering if this rooting issue had been addressed for working “out of the box”.
I am running 4.5.0 on a brand new GL-A1300.
I can ping the subnet from the device itself, but not from the connected clients.
Cheers.

@radishman …. any news on —accept-routes Tailscale parameter support for clients on the LAN side of the GliNet router? It’s still failing for me.

has been introduced in the gui this parameter?

I’m still hanging in here for it to work.

–accept-routes has been added by default I see yet the IPs are not reachable from browser but only by pinging from ssh
After years still nothing, this is ridiculous

For anyone coming to this late, I found that there are firewall rules that are needed before the “–accept-routes” option works completely from LAN devices.

These are described in another forum post here: Tailscale cannot reach subnets on other devices - #27 by bswinnerton

Essentially, you need to go into LUCI interface (via System → Advanced Settings → CGI-BIN link) and then add a new firewall zone that allows traffic to the tailnet.

You can do this via Network → Firewall. Go to the Zones section and click the “Add” button, then change the following fields:

Name: tailscale
Input: accept
Output: accept
Forward: accept
Masquerading:
Covered networks: lan

Click the “Advanced Settings” Tab and then set:

Covered devices: Ethernet Adapter “tailscale0”

After Saving and then clicking the “Save & Apply” button, my LAN devices were able to access the subnets perfectly.

2 Likes

Thanks, this works. Must be officially documented in the wiki.