MT3000 - Internet breaks when upgraded version of Tailscale Exit Node is enabled

Hello,

I just recently purchased GL-MT3000 router. The first things I did was update the firmware (4.5.16) and update Tailscale (1.66.1) to the latest versions. Then I setup and enabled the exit node. This caused the internet to break for any connected devices to the router. However, the internet worked on the router itself.

In my troubleshooting, I did all the various fixes that was mentioned here from other posts, such as adjusting the firewall and making sure the routes were accepted on Tailscale. Nothing worked.

I then decided to just reset everything back to factory which reverts the Tailscale version back to 1.58.2
As soon as I accepted the routes again on Tailscale, internet started working with the exit node on.

Not sure why this will break the internet connection on the newer Tailscale version, but for the time being I will not update Tailscale. Hope this might save someone else a few hours of troubleshooting.

1 Like

As an update to this, the last Tailscale version that will work without any issues is v1.64.0. On versions 1.66.00 and newer it implemented client-side quarantining for shared-in exit nodes, as a mitigation for a security vulnerability described in TS-2024-005

To be able to use newer versions, a flag needs to be added when enabling the exit node: --stateful-filtering=false

To be able to fix it in the current firmware, I ran the following:

sed -i ‘s@param=“–advertise-routes=$routes”@param=“–advertise-routes=$routes --stateful-filtering=false”@’ /usr/bin/gl_tailscale
/usr/bin/gl_tailscale restart

Please note: If you update the firmware this setting won’t be persistent until there is a fix from GL.iNet

Hope this is useful to the developers and others.

3 Likes

I am having the same issue with my AXT1800 too, will the command that you have posted work for me or do I have to alter it make it work on my end?

You can manually edit the /usr/bin/gl_tailscale file using vi.