Tailscale and ZeroTier for GL-AX1800 Flint

Tailscale is missing from the GL-AX1800 Flint repositories. ZeroTier is in the repository, but very “ancient”. The ipq60xx architecture is currently not supported by the OpenWrt community, which does not allow router users to use advanced technologies and applications. I desperately need the functionality of Tailscale and ZeroTier. Do the developers generally plan to provide normal user support in terms of timely filling the repositories with the latest packages of demanded applications for the router? Someone was able to compile the Tailscale and ZeroTier packages from source for the GL-AX1800 Flint (ipq60xx)?

Hi XJIbIH, Tailscale has dependency on golang that we need more time to make it supported.

Okay, I’ll wait for Tailescale to appear in the repos as soon as possible. How about the current versions of ZeroTier in the repositories?

Hi, Tailescale has been added to the repo. As for ZeroTier, it has dependency on toolchain and has to been sticked to older version unless we upgrade the openwrt version at later stage.



I have OpenWrt on FLINT - 4.1 - and I just went here to get Tailscale - [OpenWrt Wiki] Tailscale

Everything LOOKS ok - in UCI on FLINT - I can key in “tailscale status” and it has a list of my various device in the tailscale network… including my S22 ULTRA phone - which it states is IDLE - with RX and TX figures - but if I go to Chrome on my phone - and key in the AX1800 Tailscale IP - nothing. I’d expect to see the GLiNet panel. Any thoughts? The GL-iNET sits behind a 4G router - but then so does my Raspberry Pi and that can be accessed on the phone.

Most likely FLINT’s firewall blocks the traffic accessing GLiNet panel. You should add open port 80 on GLiNet panel or setting firewall rules in LuCi.

Thanks Hansome - but I just tried that now - no difference - still nothing - any other thoughts?

It is difficult to advise you because of the lack of information. We need the parameters of your Tailscale network (server and client). Go to Tailscale and check the “Edit route settings of flint” settings for your Flint. There should be an allowed route to your FLint’s local subnet.
Also check the Tailscale settings on your Flint… If you are not sure if they are correct, start Tailscale in the SSH console with the command: tailscale up —advertise-routes= --accept-routes
( must be replaced with your local subnet).
After that, check the “Edit route settings of flint” settings for your Flint again in the admin console.
If everything is configured correctly, but there is still no access to the local subnet, then the problem definitely lies in the firewall settings on your Flint. To help with this, you need to see its settings.

So, I opened port 80 on th FLINT firewall - then did what you suggested… changing the address range to as that’s what I use… ADMIN CONSOLE of FLINT - whereabouts would I find “edit route settings of flint”? I’m in the GLiNET admin console? Elsewhere? Well, the above did not let me get to the router from my phone which is connected into Tailscale - also just before this I did ask GL-iNET support - they coudl not help as they are just experimenting now with TailScale… So, I have a phone, a NAS, NODE-REd on an RPi4 all of which can access from the phone using TailScale… but not the FLINT… anything? And what about that route settings? Not seeing it in GL-iNET admin panel.??

If it helps, I loaded tailscale using UCI… I’m not seeing it at all in GL-iNET’s admin panel unless I’m missing something - but in SSH I can clearly see TailScale - and the UP command seems to work, my phone TAILSCALE can see my devices including FLINT - in UCI - tailscale status shows the phonerand the router itself… so it would appear to be running but the phone in Chrome, despite being able to connect to ww.xx.yy.xx:1880 hence my Node-Red on my local RPI, gets no-where when given ww.xx.yy.zz - the Tailscale IP of FLINT… happy to try anything, never had a problem with Tailscale before (mind you I’ve never put it on a router either)… (sorry about spelling errors here - just fixed)…

Oh I see what you mean - in the web interface for Tailscale…

Ah, no idea what that means but…
Its the only device in the Tailscale network that says has unapproved routes…
I tried enabling in that menu - and disabling it - made no difference - still cannot connect to the GL_iNet front panel (port 80 default) - progress bar on my phone only goes in about 20%… no further

You need to approve this route to access the router’s local subnet. Without this, it is impossible to get into the web interface of the router!

Ok, so I’ve now gone in and approved it… no difference… and no I cant seem to access the admin panel locally (… something very wrong here - if I go and disable that subnet setting - I can once again access my GL-iNET control panel locally as - if I enable it, I lose local browser access to the control panel - but not it seems, the Internet… any thoughts?

I did that one liner
tailscale up —advertise-routes= --accept-routes
nothing else - and it WORKS (WORKED) - I had the router coming up on a browser on my phone on mobile data.

Erm, not so fast… so it worked - then to ensure it stayed that way I rebooted the router and gave it time to reboot and now I can’t get it to connect…

I tried:

tailscale down
tailscale up —advertise-routes= --accept-routes

(8 replace by my subnet)… nothing… any thoughts - it definitely worked as I ensured my mobile WiFi was off before testing.

I also checked on TailScale -

and tried turning that subnet setting on and off again, either way the EXIT node stayed grey.

How could this apparently work then stop after a reboot??

(I made no other changes).


Probably bugs within the router software. You need a university computing degree to understand half of this stuff

Any ideas, GL-iNET? I don’t seem to be getting anywhere with this…

I can help to test tomorrow.

My hero. Usually, having reviewed may GL-iNET routers - I manage without help but this one has me completely lost… I have several devices around my office in Spain running on TailScale - no problems - generally PC or Android devices - this is the first time I’ve tried to access a router using TailScale.

Chat tomorrow… GL-iNET has my email address if that helps or I’ll check in here.


Flint 4.1 firmware has some component making route rule conflict with tailscale, to disable them:

# disable network setting for ip route table 52
uci delete network.policy_bypass_vpn
uci delete network.policy_via_vpn
uci delete network.policy_dns
uci commit network

# disable mwan3 to avodi copy route rule to ip route table 52
uci set mwan3.globals.enabled=0
uci commit mwan3

# disable gl-sdk4-vpn-policy vpnpolicy rule
/etc/init.d/vpnpolicy disable
/etc/init.d/vpnpolicy-apply disable

# reboot system

These steps can be done after setup tailscale
Firmware 4.2 snapshot has tailscale builtin, you can also have a try.

Good morning Hansome - and thanks for your response… however…

I entered the code you sent for FLINT using an SSH session as usual (remember that FLINT controls my network and gets it’s broadband from a TP-Link 4G router (I use 4g - no decent broadband here). Flint has it’s own address range 192.168.1.x

I then rebooted FLINT as your notes, no difference - my internal IP hostnames are still working fine… and I can type “tailscale up” then “tailscale status” and all looks ok, FLINT is on the list as is my phone.

With the phone on mobile data only - it sees one of teh items in my network - my raspberry pi - as it has always done as the RPI has the tailscale setup… SO putting the tailscale IP for the RPI into my phone gets me through to the RPI - but as before. putting the FLINT tailscale address into the phone browser - still nothing.The browser statis line goes in a few mm and no further as before.

If I upgrade to 4.2 will I lost all my settings? And if I do - do I need to do anything special to get Tailscale to work?