From what I’ve garnered, the “Block Non-VPN Traffic” does not work with Tailscale, is this correct? When I enable the option I lose all connectivity, so I presume this is the case. So, is there currently a way to create a kill switch for Tailscale either through shell or LuCi? Or is there an expected upcoming release that will have this feature? I’m running the latest snapshot 4.3.2 on a Slate Plus and also had the same behavior on stable 4.2.1. Thank you.
Yes, this option is not available for Tailscale.
We are no plans for this feature yet, and Tailscale has many higher priority issues to resolve.
After solving those issues, we will consider it.
Thank you. Do you know of any way to manually set this up via LuCi or the shell? It’s absolutely critical for me that the VPN not leak and buying this router which was Tailscale compatible, I assumed it capable of doing so out of the box.
I am not an expert on Tailscale but isn’t Tailscale designed to transcend all things like VPNs and other NAT and security layers to connect your devices together? Why would anyone want to block Tailscale from doing what it was created to do? I am just curious.
For reference only as a temporary solution.
This script detects the tailscale running status and disables internet when it is disconnected.
#!/bin/sh
ip=`ifconfig tailscale0 | awk '/inet /{print $2}' | awk -F : '{print $2}'`
offline=`tailscale status | grep $ip | grep offline`
if [ -n "status" ]; then
ubus call network.interface.wan down > /dev/null
fi
After tailscale is restored, you can restart the network by executing ubus call network.interface.wan up or at LuCI.
You can upload this script to your router and call it from LuCI’s crontab page as schedule.
Or add a loop to keep it running
#!/bin/sh
while true
do
sleep 10
ip=`ifconfig tailscale0 | awk '/inet /{print $2}' | awk -F : '{print $2}'`
offline=`tailscale status | grep $ip | grep offline`
if [ -n "status" ]; then
ubus call network.interface.wan down > /dev/null
fi
done
1 Like