MT3000 Tailscale (Shared in) Exit node is not working breaking internet

I have GL-MT3000 router. I have updated to latest stable firmware + and I have loaded Latest Tailscale into the router.

Following the guidelines provided in the GL Net documentation, I have successfully added the GL-MT3000 to my account machine list in the Tailscale control panel. I have two exit nodes set up - one on a Windows machine(Owns) and the other on an Umbrel Linux machine(Shared to Me)

In Router Dashboard.-> Tailscale setup
While the Windows exit node functions correctly, allowing internet access and providing the Windows machine's IP address to clients, I encounter connectivity issues when switching to the shared Umbrel Linux machine as the exit node. Clients connected to the GL Net router lose internet connection.

Attempts to ping the shared Linux machine are unsuccessful even without Exit node enabled.

Note: If I install tailscale client application to my client devices, and connect both windows/linux machines by selecting exit nodes. both are able to access the internet.

Hi,

I have reproduced this situation which you met.

The 'Share in Exit node' which share with other device of other account, it can not access to Internet when GL router selected 'Share in Exit node'.
But the 'Exit node' which is my device of my account, it can access when GL router selected 'Exit node'.

We are analyzing this issue, please allow giving us times.

1 Like

Base on your topology:
the share in exit node belongs to TS (Tailscale) User 1, NOT is User 2, and MT3000 login User 2.

As we learn to TS (Tailscale) official docs, and find that said:

  1. the TS does not advertise route between User 1 and 2

    In the users/client which below the MT3000, share in exit node cannot work?
    Cause TS does not share the subnet of the MT3000 between account user 2 and user 1, subnet also said the LAN of MT3000, so Umberla does not know the LAN of MT3000, but Umberla know the MT3000 TS interface, so only MT3000 can access the Internet with Share in Exit node via MT3000 TS interface -> (TS User2 Cloud -> TS User1 Cloud) Umbrel TS interface -> Internet (tested by ssh of MT3000 at my side), but the lower user/client which below the MT3000, these devices are in subnet (LAN) of MT3000, as the TS User 2 and 1 does not advertise route, means Umbrel does not know routing table, so these subnet devices link have problems, cannot link to the Umbrel of User 2.

  2. Why can the user/client (terminal devices) access the Internet via the Umbrel? Cause they are installed TS client applications and create the TS interface self, and there is not subnet, all data pass by the TS interface directly, as well as the MT3000 (not subnet/LAN, only MT3000 itself) can work via Umbrel.

About why the Tailscale cannot advertise subnet on different account, GL is not the software owner, please ask to Tailscale.

If you want to the lower devices of the MT3000 use Umbrel for exit node, please bind it to User(account) 2, not share in/out.

1 Like

Thank you for your clarification. The Tailscale implementation guide on GL.iNet is comprehensive tailscale. It would be helpful to mention that sharing in the exit node is not possible somewhere in the document for clarity.

2 Likes