Gl-mt3000 cannot reach internet when custom exit node is enabled

redax · May 26, 2025, 9:00am

When I enable custom exit node and set it to any exit node available, internet stop working completely

I have subnet routes configured.
I have next DNS settings

bruce · May 26, 2025, 9:36am

Hi,

Please check these on the client (Windows, CMD):

curl https://ip.gs
curl https://www.gl-inet.cn

curl https://ip.me
curl https://www.gl-inet.com

Please SSH to the router, disable the exit node and check these:

ip route
ifconfig
tailscale status
ping <exit node IP>

enable the exit node, and check:

ping 8.8.8.8
ping www.google.com

I have not reproduced this issue, Tailscale on the test MT6000 (enable exit node) and MT3000 (hosted exit node), and the client Internet works ok:

redax · May 26, 2025, 10:36am

I can confirm that MT3000 works well when connected to MT6000 as exit node.
It doesn't work when tailscale has Mulvad plugin enabled. Mulvad exit nodes are not working when selected as custom exit node

bruce · May 28, 2025, 9:23am

Hello,

What is the Mulvad plugin?

If say it is the VPN client using Mullvad, it may conflict with the Tailscale custom exit node.

redax · June 2, 2025, 6:49am

Mullvad plugin is Taiscale specific plugin that enables Mullvad VPN exit nodes. Unfortunately they are not supported and not working correctly when being used in Glinet routers.

bruce · June 5, 2025, 2:42am

Hello,

We haven't tested this tailscale feature yet.

BTW, how to enable plugin "Mullvad VPN" in tailscale center?

redax · June 30, 2025, 10:40am

Go to Settings

and enable Mullvad VPN

bruce · July 2, 2025, 9:37am

It seems that Tailscale's Mullvad does not support linking the subscribed Mullvad account, but purchases them separately.

If we have the opportunity to get this function later, we will do a test again.

Dominion7574 · September 3, 2025, 1:07am

Any update on this? I just made a new post about it. Can we use the vpn policies and run them thru this mullvad exit node feature?

bruce · September 4, 2025, 9:48am

There is no issue with the Tailscale exit node using Mullvad VPN node/server.

However, Tailscale does not support configuring VPN policies so it cannot use VPN policies.

If future Tailscale support this feature, we will submit it to the R&D for review and implement in firmware.

oorweeg · February 8, 2026, 11:40am

Just found this thread also when having problems with this.

@bruce Can you re-word the description of what the problem is with using Mulvad exit nodes? It is not clear what is required from R&D/Tailscale to support these differently from any other linux client? I would expect the GL.inet router side to. not know the difference so it is not clear to me why this doesn’t work?

bruce · February 9, 2026, 12:28pm

I never said that.

Custom Exit Node to Mullvad is fine. But the list of exit nodes only shows IP addresses in v4.8.x, so can't know the region. This will be improved in v4.9.

oorweeg · February 9, 2026, 1:16pm

Interesting, I could not get it to work at all. IT also seems like the. default setup wouldn’t work as it’s trying to route the LAN subnet and not NAT behind the tailscale IP on the device.

The Mullvad plugin is ‘user’ based so Mullvad only accept a single address. As best as I can tell this doesn’t work at all currently in 4.8.4? You see traffic go out of the tailscale0 interface without Nat and never get a response and get no internet access at all when using a Mullvad exit node.

bruce · February 10, 2026, 4:02am

Have you approved the router’s LAN & WAN subnet in the Tailscale Console?

oorweeg · February 10, 2026, 8:54am

Yes, the subnet is permitted via the console. However in normal setup the other devices would also need to set the subnets to accepted to use the routes, with Mullvad these nodes are out of our control and I believe potentially not accepting the subnet routes due to the intention of the ‘per-user’ licensing?

bruce · February 12, 2026, 3:55am

Hello,

Looks like reproduced the issue locally, but I'm not sure it's consistent.

The router under test is an MT6000 and running v4.8.3 with a fresh configuration.

In the GL GUI, enable Tailscale and sign in to the Tailscale account to add the GL router to the Tailscale network.
In the GL GUI, enable "Allow Remote Access LAN" and "Allow Remote Access WAN".
In the Tailscale console, approve all subnets for the GL router.
In the Tailscale console, add Mullvad VPN so the GL router can use it as exit nodes.
In the GL GUI, enable Custom Exit Node, refresh the list, and select any Mullvad node.
On a client (PC) of the GL router, verify that Internet is unavailable.

Bruce_2026-02-12_11-49-571401×383 33.3 KB
In the LuCI, enable Masquerading for "tailscale0 > lan&wan".
On a client (PC) of the GL router, vverify that Internet is working fine.

Bruce_2026-02-12_11-50-391218×447 38.9 KB

Please follow step 7, enable Masquerading for "tailscale0 > lan&wan" in LuCI, and test again.

oorweeg · February 12, 2026, 9:10am

Thanks will check this and confirm. I tired using the tailscale NAT options but not through the OpenWRT firewall.

Are there any plans to add a switch to the default tailscale GUI to enable SNAT option?

bruce · February 12, 2026, 10:23am

Yes, there are plans for developing masq option in GL GUI.

AmandaAcosta1911 · March 21, 2026, 9:34pm

I have the exit node enabled in Tailscale however there is not options for me in my GL INET admin panel under exit nodes when I check it off theres is no IP address Why?

bruce · March 23, 2026, 4:33am

Please first click the refresh button