I don’t know if this have been addressed.(it might have but could not locate any help with this issue) I have a AXT 1800 Slate, updated it with latest firmware and tried using the configuring the firewall setting as recommended from above,currently, I am having a problem where I have no problem accessing my Tailscale server (this is a PfSense firewall setup) and the network on the other end, but when I try to use the Custom Exit Node it works for about 3 minutes then I lose all internet access to and from that network. When I deactivate the Custom exit node function, everything goes back to normal. I am able to connect to this same server using Android or windows devices with the Tailslace app with no issues with the Exit Node function on those devices, I am just having issues with the Slate router…just wondering if anyone has come across this issue and if there is a solution for this…thanks
you did on exit node right? --accept-route?
I struggled with this issue for a while. Eventually I solved it by giving the router's subnet autogroup:internet, which allows use of exit nodes and the forwarding of traffic to WAN IPs:
{"action": "accept", "src": ["192.168.8.0/24"], "dst": ["autogroup:internet:*"]},
(Setting dst
to *.*
worked as a first test, but is less restrictive than the above).
This appears to be necessary even with the default ACL. I believe Tailscale is dropping traffic from the advertised subnet route when it doesn't have a valid destination for it. I don't know why the default ACL rule of {"action": "accept", "src": ["*"], "dst": ["*:*"]},
is not sufficient - the external subnet doesn't appear to be covered by src: * even when it is trusted through the admin control panel, though the docs indicate it should be.
Sorry I'm not familiar with what you just did, how do you implement your ACL rule?