Using the Beryl AX, GL-MT3000 and connected to my Tailnet. What I would like to be able to do is have any device that connects to the Beryl be able to access machines on the Tailnet using their 100.64.0.0/10 Tailscale defined IP.
For example, if I have a Plex system that is accessible on my Tailnet at 100.122.134.77, and my Beryl is also on the Tailnet, I would like to be able to have a laptop connect through the Beryl router and be able to hit the 100.122.134.77 – even when the laptop itself is not in the Tailnet, only the Beryl router is.
This might be more of a limitation with Tailscale than the Beryl, but I guess you could say what I’m looking for is a “reverse subnet router” for Tailscale. Anything connected to the Beryl network can see the machines on the Tailnet.
As of firmware v4.5.16, this looks to be working the way I wanted it to. When I connect to Tailscale, it is adding static routes automatically and now any device that connects to the router can access the 100.64.0.0/10 Tailscale machines without Tailscale installed, i.e. a laptop that doesn’t have Tailscale explicitly installed on it can access my Tailnet when connected to the router.
I wish I could say it works that well on my GL-A1300.
Do you just turn on tailscale on the router ant it routes all the clients to the subnet?
Still no luck on my end.
Same firmware.
Re-enable Tailscale and if necessary, mess around with enabling interface in OpenWRT and enabling Tailscale in UI until it works.
I think the step that I failed to describe earlier was #2 -- specifically for setting up a new tailscale0 interface and adding tailscale to the firewall zones.
Said another way, use the GL.iNet interface to install/enable/disable Tailscale, but also setup the interface and firewall changes in OpenWRT interface.
I should point out that I also followed these steps for updating the Tailscale binaries, Update Tailscale on the GL.iNet Beryl AX (GL-MT3000) - Jan-Lukas Else, and will periodically follow those again every couple months to keep Tailscale updated. Just disable in the UI, follow the guide, and re-enable in the UI again.
Hopefully that helps you get it worked out. As of this writing, I'm still on v4.15.6 and everything is still working fine and I just updated Tailscale to v1.66.4
I wanted to note that I wasn't able to 100% follow the instructions in the linked [OpenWrt Wiki] Tailscale guide. I'm sure that the above instructions are working for some people, but these are mine:
From fresh router, enable Tailscale. Leave enabled.
only follow the steps in [OpenWrt Wiki] Tailscale to "Create a new firewall zone via LuCI," ignoring the steps to "Create a new unmanaged interface via LuCI."\
Also, instead of choosing "Covered networks: tailscale," (since I skipped creating this interface) go into Advanced Settings and choose tailscale0 for "Covered devices"
After that, pcmike's step 3 is not required, because Tailscale is still enabled, and there is no "messing around with the interface" because we skipped creating it.
It would be great if this could be done automatically as a part of toggling Tailscale in the GL.iNet Admin page, but short of that this is working for me.