GL.iNet Beryl AX3000 (GL-MT3000), firmware 4.8.1, using Tailscale in a travel-router + home exit-node setup doesn't work

Router
1

Hi everyone,

I’m running into a consistent issue with my GL.iNet Beryl AX3000 (GL-MT3000), firmware 4.8.1, when using Tailscale in a travel-router + home exit-node setup.

Goal / Setup

My intended setup is:

  • Travel router: GL.iNet Beryl AX3000 (MT3000)
  • Home exit node: Raspberry Pi running Tailscale (at home)
  • Multiple devices already in my Tailnet (laptop, phone, etc.)
  • The Raspberry Pi works perfectly as a Tailscale exit node for all other devices (laptop/phone directly using Tailscale)

The idea is to:

Connect to the travel router while on the go, and have all connected clients route traffic through my Raspberry Pi at home as the exit node.

What works

  • The Beryl AX connects to my Tailnet without issues
  • The Raspberry Pi works fine as an exit node for other devices (outside the router)
  • If I do NOT enable an exit node on the router, internet access for LAN clients works normally
  • Other Tailscale devices in my network can use the Pi exit node successfully

The problem

As soon as I select my Raspberry Pi as the exit node on the Beryl AX router:

  • All clients connected to the travel router immediately lose internet access
  • No browsing works (not even IP-based access like 1.1.1.1)
  • DNS also appears to break completely
  • The router itself still shows as connected to Tailscale
  • Disabling the exit node instantly restores internet access

So the failure only happens in this specific combination:

Beryl AX (LAN clients) + Raspberry Pi exit node

What I’ve already checked

  • Raspberry Pi exit node is properly configured and works for other devices
  • Subnet routes are enabled/approved in Tailscale admin console
  • Router is on firmware 4.8.1
  • Tailscale is connected and shows healthy on the router UI
  • No issues when exit node is NOT enabled on the router

I honestly am at my wits end and not sure what else to do
My issues are similar to the OP but not the same

Flint 3 - 4.8.4 - Tailscale Breaks LAN Internet Access Due to GL VPN Kill Switch Blackhole Rules
2

Hi

Could you please try the following workaround and let us know whether it works for your setup?

4

Hi
this actually solved my issue.
Thx so much.

One more question though
Is this setup now also guarded by a kill switch option just like the VPN settings?
Additionally
I noticed that unlike my other devices that use the pi as their exit node
The router has the same ipv4 as the pi but no ipv6 deteced even though ipv6 is enabled under Network

5

Yes. In v4.9.0, we introduced Kill Switch support for Tailscale.

At the moment, IPv6 over Tailscale is not yet supported on our firmware. We will discuss this with the product team to see whether it can be added in a future release.

1 Like
6

Thx for the wift response

If anybody reads this and wants to make sure the ipv6 addresses are also propagated you can do the following on the GL Router

vi /etc/rc.local
while ! ip addr show tailscale0 2>/dev/null | grep -q "inet"; do

  sleep 2

done


ip6tables -t nat -D POSTROUTING -o tailscale0 -j MASQUERADE 2>/dev/null

ip6tables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

I managed to solve the ipv6 addresses not propagating through the tailnet like this.

1 Like