Tailscale on Beryl AX (GL-MT3000)

I have firmware version 4.2.2 installed.

Before trying Tailscale on the router I made sure everything is working properly. I have 2 different exit nodes (one is a Raspberry Pi at home and the other is at Amazon AWS). I’ve been using Tailscale and both exit nodes on my computer when I travel and that’s all worked perfectly.

Now I want to configure the Beryl AX router with Tailscale and always route everything from the LAN out through the Tailscale exit node. The built in Tailscale options worked properly - I configured and authenticated and see the node is active on my Tailscale admin panel.

The problem is when I turn on the exit node switch on the router my LAN devices can’t connect to anything. I can ping the router itself, but that’s all.

The router is set to be used as an exit node in the Tailscale admin panel, just like the other exit nodes.

When I saw the nice user interface for the router Tailscale app I was impressed and happy. It looked like it was going to be as easy as using Tailscale itself. But, I can’t get it to work.

Is there anything I need to manually edit? The router does say that Tailscale support is beta, so is the exit node option even supposed to work?

Any advice appreciated. I live in the US and I’m going to Europe in a couple of weeks and was hoping this router would simplify some things for me.

hey there,
I’m only new to using Tailscale myself, so limited experience. However my understanding, and I may be wrong (love to be advised otherwise) is that to use an exit node, each device also needs Tailscale installed. You can’t route traffic from clients in the LAN through an exit node, unless they have Tailscale themselves. Did you see this article? Exit Nodes (route all traffic) · Tailscale

The reason I believe this to be the case, is that I have had a somewhat related problem recently where I use my Brume 2 (the wireless-less version of a Beryl AX) as the DNS server on my Tailscale network so I get adblocking on my devices when away from home. I wanted my adguardhome instance to be able to query the Tailscale magic DNS ip ( for reverse dns lookups so I could see each of my devices queries of adguardhome individually. But for whatever reason, the only devices which get a response from the DNS server are the ones on Tailscale. Anything else LAN side, even adguardgome itself (!) gets NXdomain response. So I’ve come to conclusion this may be by design.

Yes, I’ve read all of that as well as the help provided in the router. What would be the point of these Tailscale configuration options in the router if every device had to run Tailscale anyway?

See this information where it says “If this option is enabled, the device will forward all requests to the exit node”:

That’s exactly what I’m trying to do - forward all lan requests to the exit node. I have devices where I can’t install the Tailscale app directly, so the router could be a perfect solution.

Yeh you’re right. It certainly reads that way. I’m assuming you have visited the Tailscale admin console and enabled the subnet route for Beryls LAN subnet. So maybe it is an issue with the beta as you’d suggested - maybe worth contacting glinet support.

1 Like

Yes, I’ve enabled the LAN subnet on the Tailscale admin console. Still looking around and don’t see anything else that I’m missing, unless there are manual edits required to the ACL list or something like that. But, that wouldn’t make sense since all of the configuration seems to be covered with a nice, handy GUI.

Agree with you here- and I’m in the same boat. I purchased the Beryl literally for this feature, haha!

I have seen other threads that essentially seemed to conclude there is a bug on the latest stable firmware…

I am yet to try out the latest Beta. Maybe it is fixed there. I’ve been slim on availability lately but as soon as I have time I’ll try to keep updating here as I see more…

Max2, you should contact GL.inet support for advice. I have the most recent beta software (4.2.3 release 1) and that did not solve the problem.

Support people, in China I think, have reached out to me for more information. They could probably use feedback from others as well.

I am on a trip to Scotland right now and hoped to use the Beryl for connecting a few devices to my Tailscale network. Doesn’t work, but In the meantime, I have been using the Tailscale app on my MacBook. Interestingly, I have confirmed that the Tailscale app using an exit node in Oregon works great even when a couple of other VPNs did not work at all.

Is there any follow up on this? I am running into the same issue as the original poster. I’ve tried using firmware version 4.4.6 as suggested elsewhere, but that didn’t change anythin.g

I’m able to connect to the internet on client devices until I turn on the custom exit node option.
I am not able to ping my tailscale devices even when the exit node option is turned off.

I’m also facing this issue and posted a thread here - GL-MT3000 stops working when connecting to Tailscale Exit Node - Technical Support for Routers - GL.iNet (gl-inet.com)