Tailscale Exit Node Upload Speed Bottleneck on Flint 3 (GL-BE9300) - Firmware 4.8.4

Routers
1

I am experiencing a severe upload speed bottleneck when using my Flint 3 (GL-BE9300) as a Tailscale Exit Node. While native VPN protocols perform at high speeds, Tailscale performance is consistently capped at approximately 1.2 - 2.0 Mbps for the remote client.

Environment

  • Device: GL-BE9300 (Flint 3)

  • Firmware Version: 4.8.4

  • OpenWrt Version: OpenWrt 23.05-SNAPSHOT

  • Kernel Version: 5.4.213

  • ISP: MEO (Portugal) - Fibergateway in Bridge Mode.

Symptoms

  • When starting a Speedtest from a remote client using the Flint 3 as an Exit Node, the speed peaks briefly at 6 Mbps and immediately drops to a stable 1.2 Mbps.

  • CPU usage is negligible (~5%) during the test, so this is not a hardware bottleneck or encryption overhead issue.

  • The issue is exclusive to the Tailscale implementation on this device/firmware.

Troubleshooting Steps Taken (All yielded no improvement)

  1. Connection Path: Verified via tailscale status that the connection is Direct (P2P), not a Relay.

  2. MTU: Manually lowered tailscale0 MTU to 1200 to eliminate fragmentation/MSS issues.

  3. Network Acceleration: Disabled both Hardware and Software Flow Offloading in the GL.iNet dashboard.

  4. Interface Offloads: Used ethtool to disable rx-gro-hw, gso, and tso on the WAN interface.

  5. Kernel Queues: Increased txqueuelen to 5000 for both eth0 and tailscale0 and increased net.core.rmem_max / wmem_max.

  6. Firewall: Tested with various nftables adjustments regarding Masquerading.

The Comparison: Native WireGuard vs. Tailscale

To isolate the cause, I set up a native WireGuard Server on the same Flint 3 unit and tested from the same remote client:

  • Tailscale Exit Node Result: ~1.2 Mbps Upload.

  • Native WireGuard Result: 87.6 Mbps Upload.

This confirms that the ISP is not throttling UDP traffic and the GL-BE9300 hardware is perfectly capable of high-speed encryption. The bottleneck is strictly tied to the Tailscale package/integration within Firmware 4.8.4 on the MTK platform.

Request

Is there a specific conflict between the Tailscale user-space implementation and the network stack in this OpenWrt 23.05-SNAPSHOT build? Are there any recommended configurations to allow Tailscale to match the performance of the native WireGuard server on this SoC?

Thanks

2

UPDATE:
I tried the beta firmware V4.9.0 with the plugin from RemoteToHome gl-tailscale-fix v1.0.19 and the issue seems to be fixed.

https://remotetohome.io/blog/gl-tailscale-fix/#update-v1019

3

I’m experimenting the same : my router is acting as an exit node and I’m getting ~300kbps upload speed (instead of 50Mbps). I’m on latest stable (4.8.x), was using GitHub - admonstrator/glinet-tailscale-updater: Automated Tailscale updater for GL.iNet routers: periodically checks for new releases, downloads the correct build, and installs/updates Tailscale reliably via script (for OpenWrt/GL.iNet firmware) · GitHub to get the latest tailscale binaries. I’ve tried the gl-tailscale-fix without success. May it be related to the firmare version?