GL-MT3000 stops working when connecting to Tailscale Exit Node

Hi All,

I am facing the exact sane issue wirh MT3000

So I have a Brume VPN Server at home which is being used as an exit node.

I can succesfully connect to it with my phone via tailscale app and connect to brume 2

But whenever connect to brume2 exit node inside the MT3000 router setting, the internet stops working.

I can see in my computer under Control Panel Network Connections that Internet is there besides IPV4 BUT I am not able to access internet.

As soon as I disable exit node connectivity in MT3000, the internet starts working.

It would be of great help if someone can provide me SSL commands which I need to use in MT3000 as it seems to be some network related issue here.

Hi Greensnowman,

Do we need to run this command in MT3000 or the machine which is acting as Exit Node?

I tried running it on MT3000 and now I am getting an option on Tailscale Admin Page that now I can also run MT3000 as an exit node if I want.

An Update on the FIX shared above.

THAT IS NOT A FIX.

Here is why -

Once you run the command

sudo tailscale up --reset --accept-routes --advertise-exit-node

on MT3000, you will remove this router advertising as subnet router.

And even though, on the router admin console page, it will show it is connected to the exit node and internet will ALSO work, but the data is NOT being transferred to exit node.

The IP will be showed up from your MT3000 Internet, instead of your Exit Node Machine ISP

I said you had to run it on the raspberry pi aka the exit node not the MT3000 :slight_smile:

Worked for me.

Hey Green,

Ill try to run that command on my exit node (GlInet Brume2) and see if it works or not. Will keep everyone posted here about the results :slight_smile:

Im still having the same issue.

After using the provided command in my exit node machine, it was not a subnet router anymore.

In the tailscale admin console, the subnet tag got removed from my exit node.

Other machines were able to connect still with my exit node but

Whenever I connected MT3000 to my exit node, the internet stopped working in MT3000 still.

:frowning:

Hi Fan, could you help me with the above issue? As the above resolution highlighted above didnt work for me.

Hi,
I am not so clear about the topology in your case. Is it looks like shown below?

As per the image, I have used PC, Brume both as an exit node, and connected beryl with my phone.
Exit Node is using my ISP Public IP (House Network) and I tried to use my Android Mobile Data Internet over Beryl.
Aim was to get Home Public IP on my Android, but whenever I connected Beryl to the Exit Node (PC or Brume) the internet stopped working on Beryl. As soon as I disabled exit node connectivity on Beryl, the internet started working again on Beryl (from my Android)

hi,
What is the firmware version of your Berly? Running as Exit Node is not supported on glinet product, so how did you run brume as Exit Node?Could you run the following commands on Beryl and PM me the results when the PC is set as Exit Node on Beryl? And please make sure subnet routes of Beryl has been enabled on Tailscale Admin Panel.Thanks!

Hey @fangzekun similar question here. here’s a topology of my setup. Should this be working? I have the tailscale exit node option enabled in the ax3000 settings, and my internet doesnt work. When I turn it off, it works.

also, @fangzekun

Also, here is my subnet routes enabled:

hi,
There has no problem with the topology, it should work.Could you help to make sure you have run tailscale up with option "--accept-routes" on AWS Server and the subnet routes of mt3000 have been accepted by AWS Server?Please run the following commands on mt3000 and PM me the results.Thanks!

 ifconfig
 tailscale status
 ip rule
 ip route show table 55
 ip route

Has this been sufficiently resolved? It may not have, considering further comments. I’m also having the same issue in my environment. The Tailcale Exit Nodes (Both Linux and Windows) are working as usual, being used directly. But when either is used through the GL-MT3000 (on Firmware 4.4.6), the connection drops.

I found a solution on the Reddit forums that works for me.

First setup your tailscale remote subnet router on the Mt3000 as usual. Then…

On the MT3000 Admin Panel
Under menu item System->Advanced
Go into the LUCI admin panel then select Network → Firewall.
By default, below you will see 3 zones:

  • lan > wan
  • wan > REJECT
  • guest > wan
    Click on “EDIT” on the second one ( wan > REJECT)
    Then click on the second top tab “Advanced Settings” and in the covered devices dropdown select tailscale0. Save, Save and apply.

Now you should be able to route your Mt3000 Wan traffic to the designated Tailscale exit node, and the devices on the MT3000 Lan will also be accessible to devices running on the Tailscale net

One slight bug. On the wan side you will not be able to reach the admin console of the MT3000 via tailscale even though it is included in the subnet routing address you setup And you will not be able to access the admin console of the MT3000 on the lan side unless you turn off Tailscale on the local lan device, which is fine since all traffic on the lan side is now going over the tailscale net to the exit node anyway.

4 Likes

Ah - thank you @Cfm765. This solved it for me as well.

It solved it! Thank you very much!

I am having the same issue but cannot get it to work. I updated to firmware 4.5 but downgraded back to 4.4.6.
When I do step 3. --advertise-routes=192.168.0.0/24,192.168.1.0/24 I do not get both to show up on the raspberry pi and the gl.inet router. On the gl.inet router I get the wan Ip it uses and the lan ip address of192.168.8.0/24 which is not the same as 192.168.1.0/24. Should I see 192.168.1.0/24 on both the raspberry pi and the gl.inet router when I accept the subnets? Also my phone works fine using tailscale.

Never mind I followed Cfm765 latest post and it worked. Does this work for firmware 4.5? I would rather not upgrade if it does not work.

Has any one tried firmware 4.5 with Tailscale?