I wanted to use a Tailscale mesh rather than a self-hosted hub and spoke wireguard vpn for my site to site.
This is how I got it working on the Beryl (after some trial and error), it may work on some other devices.
Go to https://dl.gl-inet.com/ and download the firmware version you currently have installed - if you need to restore, you might not have internet.
Download/Backup your config. I can’t remember if you can do it through your GUI in 3.x, otherwise you can do it in the advanced Luci GUI in system → Backup/Flash Firmware
Go back to https://dl.gl-inet.com/ and download the latest 4.x firmware - we need the new Tailscale GUI on the OpenWRT 22 to support tailscale
Flash it using the GUI installer.
When my router came back up it wouldn’t get a DHCP address from my Modem even after a restart of both - I had to switch ports in the modem and maybe restart the modem.
Applications → Plugins → search tailscale
Install gl-sdk4-tailscale
I. It should auto-install the other 3 search results
I. Im not sure how allow remote access WAN is helpful - presumably it is a stand in whilst they get --advertise-exit-node working - I would disable it for now.
You will get a link to ‘bind device’, this didn’t work for me
Instead SSH into the router then run tailscale status, the binding link should appear, copy and paste it and authenticate
You should see in the Tailscale admin panel that the device is now connected. You can allow any advertised routes here.
Now at this stage, whilst SSHed into the router I could ping devices on the Tailscale network and on exposed subnets, but devices on my home network, couldn’t. I.e beryl wasn’t routing the packets, pings from devices returned “Destination unreachable”. Which rather undermined the idea of site-to site. But looks as if this may not be unique to the Beryl: Tailscale cannot reach subnets on other devices - #7 by jsr
To fix:
Log in to the advanced Luci GUI panel, go to Network → Firewall (notStatus → Firewall)
Edit: I find that every few days the routing fix breaks (I think something refreshes the routing tables or similar) disabling and then re-enabling the tailscale fixes it.
That is sad, because it is working well, it would be a shame for you not to add a feature to a product that supports is
Fixed in which version? I still lose routing to exposed subnets on other parts of my tailnet every 36 hours or so (I can still ping all nodes on the tailnet). Simply disabling and enabling fixes it though
(via SSH) I can connect to devices on remote networks (advertised as routes on other tailscale nodes) from the MT-1300 and I can ping other tailscale IPs from the MT-1300
I can’t connect to remote devices or ping tailscale IPs from any LAN devices (eth or wifi)
I tried adding routes for the subnets manually and pointing them at tailscale0 interface but that didn’t work.
Any ideas? I’m running the latest beta firmware (4.3.7 release 1, also tried upgrading to the 8/23 4.3.7 snapshot)
did you get custom exit node to work? In my case it just won’t work and either do nothing and I connect to internet normally without any routed traffic or after switch off/on Internet connection just stops working. I checked the exit node with my phone at it is working properly there.
I have the same issue as mentioned above after step 12
whilst SSHed into the router I could ping devices on the Tailscale network and on exposed subnets
So while SSH'ed into the router, all looks correct, I can ping exposed subnets or IPs from tailscale.
devices on my home network, couldn’t.
But for my devices connected through the router, they can't ping tailscale IPs or local subnets.
I tried the Luci panel edit for adding covered devices: tailscale0, but to no avail. I also tried disabling and re-enabling tailscale.
Given past experience with other firewalls, this feels like it's a routing issue maybe? Since the tailscale client is on the firewall and the firewall can use the TS correctly client, it seems the problem is that clients of the firewall cannot reuse the client installed on the firewall itself?
I was actually able to get this to work after more trial and error.
In the Luci interface, I enabled masquerading after reading the docs here from tailscale and having setup tailscale on a few dozens devices in the past: Subnet routers · Tailscale Docs
You can see the checkbox for it available here. By default it was UNchecked for me. checking it, save and apply, and reboot worked here.
PS: I also tried creating a file like this from the above document from Tailscale, but proved it isn't needed, my guess is these are set this way out of the box for the GL products given they are routers.
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf
type or paste code here