Tailscale: No internet after enabling custom exit node

Routers VPN, DNS, Leaks
6

Yeah I ended up pasting the wrong info, only showing you that I’m able to ping google :sweat_smile::sweat_smile:… here’s the whole ordeal…

My setup:
Exit Node (Exit1): Linux machine set up as the exit node for my Tailscale VPN.
WSL2 on Windows Laptop: Configured to use Tailscale with Exit1 as its custom exit node, connecting through the AXT1800 travel router.

Issue: When connected via Tailscale to the exit node (Exit1), accessing Netflix results in SSL/TLS handshake failures from my WSL2 environment, while other connections, like Google, are successful.

Observations:

  • Direct from Exit1: SSL/TLS connections to both Google and Netflix are successful, completing without issue.
  • From WSL2 via Exit1: SSL/TLS connections to Google complete successfully; however, connections to Netflix hang at the SSL handshake phase.

With custom exit node enabled this command hangs on my machine.
From wsl2 w/ exit1 custom exit nod enabled.

 openssl s_client -connect netflix.com:443 -servername netflix.com
CONNECTED(00000003)
^C
raz@Ubuntu-WSL2:~$ openssl s_client -connect google.com:443 -servername google.com
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1

This curl command hangs right at SSL / TLS handshake, also from wsl2 (behind router w/ exit1 exit node enabled)

curl -vL --http1.1 https://netflix.com
*   Trying 54.160.93.182:443...
* TCP_NODELAY set
* Connected to netflix.com (54.160.93.182) port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):

Now if we run the commands directly on exit1, it’s able to complete the handshake.

raz@exit1:~$ openssl s_client -connect google.com:443 -servername google.com
CONNECTED(00000003)
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN = *.google.com
verify return:1

raz@exit1:~$ openssl s_client -connect netflix.com:443 -servername netflix.com
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Secure Site ECC CA-1
verify return:1
depth=0 C = US, ST = California, L = Los Gatos, O = "Netflix, Inc.", CN = www.netflix.com
verify return:1

So really this causes issues w/ accessing some sites and also my bandwidth and jitter/latency is bad when I enable the custom exit node on the router.