I am using GL-MT3000 as my secondary router.
I recently change ISP, the new ISP uses CGNAT.
So I no longer have a public IPv4 like I used to.
My OpenVPN and WireGuard server no longer work.
Tailscale exit node is not supported by GL-MT3000 (yet?).
I don't know how to use ZeroTier on GL-MT3000 as a gateway...
Do you have any suggestion, please?
Thank you.
Well, CGNAT is always a big issue.
You could try GL.iNet's AstroRelay https://www.astrorelay.com/ which might work around it.
ZeroTier could be fine as well, but Gateway is tricky and may not even work: https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode
All in all: CGNAT = no VPN from home, at least not reliable.
Exit node for Tailscale can be enabled manually, there are plenty of threads here in the forum. Since I don't use Tailscale myself, I can't assist with that.
Would having a Public IPv6 resolve this issue?
Depends.
It would make it possible to connect to your IPv6 VPN server - but only if your location, where you want to connect from, is reachable via IPv6 as well. Might work, might not.
Afaik IPv6 isn't fully supported in the GL.iNet VPN yet. Not sure what kind wasn't working, but I remember something.
I see. Thank you admon for the quick response.
Thanks to @tragicshadow @ilium007 and @bring.fringe18
I manage to run the Tailscale exit node.
I edited /usr/bin/gl_tailscale to add
--advertise-exit-node
timeout 10 /usr/sbin/tailscale up --reset --advertise-exit-node --accept
-routes $param --timeout 3s --accept-dns=false > /dev/null
Is it really all you need, just to add --advertise-exit-node?
Is there any issue if you don't use exit nodes at all but still set this?
yes Adding it is just to make it persistent after reboot.
It is all i did and it worked fine.
I'm not sure.
I got this email from Technical support:
Question: "Do you plan to support Tailscalre exit node in a near future?"
Response:
"No, since it will conflict with other application like zerotier, Wireguard and Tor, we have no plan to develop the exit node function on our router.
I know some customers can run exit node by commands, but we can't guarantee there is no DNS leak if you are also using other applications."
So i guess it is yes if you use other applications.
I'm glad that you worked it out.
If you're behind CGNAT and still wanna access your router, there maybe a couple of options that I am using.
1.Cloudflared tunnel
2.frp.
I will write up some outline of how I did it with those two.
I've been there myself, so I know how you feel and trust me, I'm no expert.
I am just learning myself.
Another way is the relay your wireguard server using astrorelay.com
But we are working on astrowarp.net and it will give you same solution.