I might be able to use this option but I felt that tailscale would be a more secure option due to not having to expose any ports.
fi
if [ -n "$routes" ]; then
param="--advertise-routes=$routes"
else
param=""
fi
if [ -n "$exit_node_ip" ];then
param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
fi
if [ -n "$lan_ip" ]; then
add_route_local $lan_ip "lan"
fi
if [ -n "$wan_ip" ]; then
add_route_local $wan_ip "wan"
fi
if [ -n "$secondwan_ip" ]; then
add_route_local $secondwan_ip "secondwan"
fi
if [ -n "$wwan_ip" ]; then
add_route_local $wwan_ip "wwan"
fi
guest_disable=$(uci -q get network.guest.disabled)
if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then
add_guest_policy_route
fi
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
+ ip rule add from all to 192.168.8.0/24 lookup 55 priority 1 # 192.168.8.0/24 is your xe3000 lan ip
/usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
+ while [ -n "$(ip rule show priority 1)" ]
+ do
+ ip rule del priority 1
+ done
/etc/init.d/tailscale stop
fi
Does the LAN IP on the XE3000 need to be different than the LAN IP on the MT3000?
I ask because all my GL-iNET devices have the 192.168.8.x
I appreciate the help This will be very useful for RVers.
Yes, the lan ip of both cannot be the same
How do I know if I have success? My WAN IP on the XE3000 has not changed (Checking it at https://icanhazip.com/) Also, if I go to speedtest.net it still shows me as being on my cell provider not my home cablemodem provider. I can ping 192.168.8.1 and 192.168.7.1 from the MT3000 (it is 192.168.7.0/24) but I can not ping 192.168.7.1 from the XE3000 (192.168.8.0/24)
This is from my gl_tailscale, pretty sure I got it right.:
guest_disable=$(uci -q get network.guest.disabled)
if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then
add_guest_policy_route
fi
while [ -n "$(ip rule show priority 1)" ]
do
ip rule del priority 1
done
ip rule add from all to 192.168.8.0/24 lookup 55 priority 1 # 192.168.8.0/24 is your xe3000 lan ip
/usr/sbin/tailscale up --advertise-exit-node --reset --accept-routes $param --timeout 3s > /dev/null
else
while [ -n "$(ip rule show priority 1)" ]
do
ip rule del priority 1
done
/etc/init.d/tailscale stop
fi
fi
- /usr/bin/gl_tailscale 186/187 99%
using traceroute on xe3000’s client(phone,pc or smart TV in RV)
You can see that the next hop is mt3000’s tailscale virtual ip, and next mt3000’s wan ,and next internet …
Thats not happening for mine. I have double checked all the settings on both devices and the tailscale admin panel. Wonder what’s wrong.
I see I have Goodcloud enabled. Can that be on at the same time as tailscale?
It seems as if the XE3000 is not routing its traffic through the MT3000. My speed tests have gone to nearly zero though so something is different. (Correction, speed tests are normal again now) Yours is working with the same firmware as mine? XE3000 is on the latest beta firmware and the MT3000 is on 4.4.5
I can reach the admin page for the XE3000 when using the MT3000 WiFi but I can not reach the MT3000 admin page when using the XE3000 WiFi.
mt3000 is using latest snapshot
https://dl.gl-inet.com/?model=mt3000&type=snapshot
xe3000 is using latest beta
https://dl.gl-inet.com/?model=xe3000&type=beta
Is there a log for tailscale on the MT3000 and XE3000? Maybe I can find what’s causing my problems. I assume MT3000 4.4.5 stable should work and snapshot isn’t needed?
I installed the snap shot. Added the changes to the gl_tailscale. Still not working. I even unbind both routers and did a rebind. Tailscale site seems to think everything is good but the xe3000 is not routing through the mt3000. When checking what my ip is it always shows the WAN ip from the cellular interface instead of the ip of my home network WAN. I can not ping the 192.168.7.1 of the mt3000 or the 10.0.0.1 LAN ip of my home internet router but they are listed as subnet routes for the mt3000. I’m happy to give you goodcloud access to both devices if you think you can help get this working.
I can try if you can give your goodcloud access to me
This has worked for me, thanks very much!
However, speed a quite slow, I cannot seem to get a direct connection, it only works via the Tailscale relay. Does anyone know any way to achieve a direct connection? Do I need to open specific ports?
For context, I am using a 5G sim behind CGNAT, is it even possible to achieve a direct connection?
Same, it works but is excruciatingly slow.
Maybe mine is going through relays too? How can you tell? That would explain slow speeds.
You can do a traceroute / tracert from one device to the other and check the hops
Looks like mine is direct:
traceroute to 192.168.7.1 (192.168.7.1), 64 hops max, 52 byte packets
1 192.168.8.1 (192.168.8.1) 8.138 ms 2.926 ms 2.631 ms
2 192.168.7.1 (192.168.7.1) 110.967 ms 116.206 ms 114.027 ms
Not sure what has changed but now I am getting about 2/3 of my exit nodes bandwidth. I would expect close to 100% but I will take 2/3 if it stays at that. Yesterday I was only about ti get 1/7th.
I found a solution on the Reddit forums that works for me.
First setup your tailscale remote subnet router on the Mt3000 as usual. Then…
On the MT3000 Admin Panel
Under menu item System->Advanced
Go into the LUCI admin panel then select Network → Firewall.
By default, below you will see 3 zones:
- lan > wan
- wan > REJECT
- guest > wan
Click on “EDIT” on the second one ( wan > REJECT)
Then click on the second top tab “Advanced Settings” and in the covered devices dropdown select tailscale0. Save, Save and apply.
Now you should be able to route your Mt3000 Wan traffic to the designated Tailscale exit node, and the devices on the MT3000 Lan will also be accessible to devices running on the Tailscale net
One slight bug. On the wan side you will not be able to reach the admin console of the MT3000 via tailscale even though it is included in the subnet routing address you setup And you will not be able to access the admin console of the MT3000 on the lan side unless you turn off Tailscale on your local lan device, which is fine since all traffic on the lan side is now going over the tailscale net to the exit node anyway.
4 Likes