I just recently purchased GL-MT3000 router. The first things I did was update the firmware (4.5.16) and update Tailscale (1.66.1) to the latest versions. Then I setup and enabled the exit node. This caused the internet to break for any connected devices to the router. However, the internet worked on the router itself.
In my troubleshooting, I did all the various fixes that was mentioned here from other posts, such as adjusting the firewall and making sure the routes were accepted on Tailscale. Nothing worked.
I then decided to just reset everything back to factory which reverts the Tailscale version back to 1.58.2
As soon as I accepted the routes again on Tailscale, internet started working with the exit node on.
Not sure why this will break the internet connection on the newer Tailscale version, but for the time being I will not update Tailscale. Hope this might save someone else a few hours of troubleshooting.
As an update to this, the last Tailscale version that will work without any issues is v1.64.0. On versions 1.66.00 and newer it implemented client-side quarantining for shared-in exit nodes, as a mitigation for a security vulnerability described in TS-2024-005
To be able to use newer versions, a flag needs to be added when enabling the exit node: --stateful-filtering=false
To be able to fix it in the current firmware, I ran the following:
sed -i ‘s@param=“–advertise-routes=$routes”@param=“–advertise-routes=$routes --stateful-filtering=false”@’ /usr/bin/gl_tailscale
/usr/bin/gl_tailscale restart
Please note: If you update the firmware this setting won’t be persistent until there is a fix from GL.iNet
