Question to GL.iNet staff.
When the Tailscale 'Exit Node' option will be implemented in GL.iNet Routers? Particularly interested in Brume2.
Thanks!
3 Likes
With GL iNet new focus on what looks like a competing product AstroWarp which it looks like they will start charging for next year, and probably use as a product lock-in for their routers, I wondering if they will even care about future support of Tailscale.
2 Likes
Imho it's fine that they will focus on own technologies. Right now there are to much built-in features without updates - so a good set of preconfigured stuff directly from GL should be better.
And, like always: You can modify the whole OS by yourself, if you like to.
1 Like
AstroWarp is Router-to-Router solution, so can't use it on mobile device while not at home. Tailscale can be installed on any device, and with 'Exit Node' option on the router side it would be perfect for my purpose.
Afaik a client solution is planned for next year.
1 Like
I managed to enable the 'Exit Node' option on my GL.iNet router. It actually turned out to be very simple, just had to send the following command via SSH, and that was it. No additional tweaks, firewall rules, etc.
tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.15.0/24,192.168.8.0/24 --accept-dns=false
192.168.15.0/24 - WAN Subnet
192.168.8.0/24 - LAN Subnet
Router details
Model: Brume2
Firmware: 4.7.0 (beta)
Tailscale version: 1.66.4.-1 (default on this firmware)
Rebooting or powering off the router doesn’t terminate the 'Exit Node' option.
However, if Tailscale is manually stopped in the web interface and started again, the 'Exit Node' option disappears, and the SSH command needs to be sent again.
If anyone knows how to automate this - sending the SSH command every time Tailscale is started - it would be very helpful.
5 Likes
Answering my own question.
To automate enabling the Exit Node, the following command can be scheduled in Luci. It will check the 'Tailscale status' every minute and apply the Exit Node command only if Tailscale is running but the Exit Node is inactive on this router.
100.xxx.xxx.xxx - To be changed to actual Tailscale Router's IP address
192.168.1.0/24 - WLAN Subnet
192.168.8.0/24 - LAN Subnet
* * * * * /etc/init.d/tailscale status | grep -q "running" && ! tailscale status | grep -q "100.xxx.xxx.xxx.*offers exit node" && tailscale up --accept-routes --advertise-exit-node --advertise-routes=192.168.1.0/24,192.168.8.0/24 --accept-dns=false
5 Likes
An alternative way of enabling the exit node mode without editing the start script or running frequent cron commands.
- Go to Lucy then System->Startup->Local startup
- Enter above the
exit 0line:
( sleep 60; tailscale set --advertise-exit-node ) &
This will allow the router to start all processes, including Tailscale connection and, after 60s, will set the flag --advertise-exit-node.
This solution persists after the router updates.
5 Likes
i found out where the router directly modifies the tailscale settings
- ssh into the router and edit the following file "/usr/bin/gl_tailscale"
- find "tailscale up"
- change the command to desired, like adding "--advertise-exit-node"
personally im commenting the original command and putting the following instead
timeout 10 /usr/sbin/tailscale up --accept-dns=false --accept-routes=false --advertise-exit-node --exit-node= --advertise-routes= > /dev/null
though likely, you would need to edit the file again when you update the router
Thank you so much ngtimofeev very straightforward and clear set of instructions discussing one use case which many of us want addressed. This was very easy to thru a WireGuard Server running on the router, but with Tail Scale setting the router as an Exit Node was so much confusing before reading this arctile.
Also danpeig very good add on instructions to advertise as an exit node after reboot, without logging into the router via ssh.
1 Like
Or you can just edit /usr/bin/gl_tailscale
timeout 10 /usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s --accept-dns=false > /dev/null
It works, but I'm getting less than 10 mbps down and 70 mbps up, maybe Tailscale on gl-inet it's not optimized to be used as exit node. 
Oh my god it actually worked!, Thank you so mucho!!!!!
on the Beryl AX with version of TailScale 1.66.4 the above solution works well.
However, the exit node only works when VPN is disabled on the private network. Maybe I did not catch the info.