I think at this stage I need a way to run the tailscale up command after tailscaled has come up. That /etc/rc.local is not working for me…
I added this to the startup script to find whats running at start:
ps -w | grep tail > /tmp/tailscale.info &
root@GL-AX1800:~# cat /tmp/tailscale.info
4750 root 1176 S /bin/sh /usr/bin/gl_tailscale restart
4752 root 1312 S /bin/sh /etc/rc.common /etc/init.d/tailscale restart
4776 root 794m S /usr/sbin/tailscaled --port 41641 --state /etc/tailscale/tailscaled.state
4777 root 1304 S /bin/sh /etc/rc.common /etc/init.d/tailscale running
4797 root 794m S /usr/sbin/tailscaled --cleanup
4879 root 1172 S /bin/sh /usr/bin/gl_tailscale set_route
5313 root 1172 S grep tail
root@GL-AX1800:~#
It looks as though its being configured via:
/bin/sh /usr/bin/gl_tailscale set_route
My Flint is running f/w 4.2.3-release5. Try adding some custom params to the launching shell script. You might not even need rc.local
:
root@GL-AX1800:~# cat /etc/init.d/tailscale
#!/bin/sh /etc/rc.common
# Copyright 2020 Google LLC.
# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
# SPDX-License-Identifier: Apache-2.0
USE_PROCD=1
START=80
start_service() {
local state_file
local port
local std_err std_out
config_load tailscale
config_get_bool std_out "settings" log_stdout 1
config_get_bool std_err "settings" log_stderr 1
config_get port "settings" port 41641
config_get state_file "settings" state_file /etc/tailscale/tailscaled.state
/usr/sbin/tailscaled --cleanup
config_get enabled "settings" enabled 0
if [ "$enabled" -eq "1" ];then
procd_open_instance
procd_set_param command /usr/sbin/tailscaled
# Set the port to listen on for incoming VPN packets.
# Remote nodes will automatically be informed about the new port number,
# but you might want to configure this in order to set external firewall
# settings.
procd_append_param command --port "$port"
procd_append_param command --state "$state_file"
# my custom params
procd_append_param command --advertise-routes "192.168.10.0/23"
# ... & so on, & so forth....
# // end my custom params
procd_set_param respawn
procd_set_param stdout "$std_out"
procd_set_param stderr "$std_err"
procd_close_instance
fi
}
That wont work unfortunately… The init.d file runs tailscaled not tailscale - there is no --advertise-routes
etc for the daemon process. The tailscale binary is the cli interface to the tailscale daemon process.
/usr/bin/gl_tailscale
must be running the tailscale up xxxx
command after it pulls config info that has been set via the UI.
Yeah I see that now after you posted that dir list. The more I look at this the more it seems all so familar:
This is untested code to enable exit nodes I never got feedback on from someone else but here:
sed '/param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"/a\ param=“$param --advertise-exit-node --allow-exit-node --allow-routes”' /usr/bin/gl_tailscale >> \
/usr/bin/gl_tailscale.new && mv /usr/bin/gl_tailscale /usr/bin/gl_tailscale.stock \
&& mv /usr/bin/gl_tailscale.new /usr/bin/gl_tailscale && chmod +x /usr/bin/gl_tailscale
It’ll add more the launch string of /usr/bin/gl_tailscale
@ this if statement/code block:
if [ -n "$exit_node_ip" ];then
param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
# new params added here by the `sed` search & replace
fi
You can add your params there or by adding more to the second half of that above sed
command.
I hadn’t realised /usr/bin/gl_tailscale
was a script! I assumed it was a binary - I’ll check out what you have posted above but this will definitely fix things for me.
This fixed it for me! I ended up just hardcoding my tailscale up command line into /usr/sbin/gl_tailscale
and it now works on reboot.
I’m glad you got it sorted… I was always curious if such a simple edit would work (I don’t use Tailscale). I look forward to you marking my post as the ‘Solution’.
There’s no --allow-routes as I see, you mean --accept-routes surely?
Damned if I know. That param was copied fr some one else. Like I said, I don’t use Tailscale.
I found a way to make the /etc/rc.local
startup script work for starting Tailscale. Figured I’d add the solution here, just because its much less tedious than logging in and editing /usr/bin/gl_tailscale/
through the terminal.
It seems like there’s a few seconds after startup that are a bit variable where tailscale can’t start if the command is run too early.
Feel free to edit it however it works for you.
Here’s everything in the file:
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
# Method to restart Tailscale. Sometimes would be running, but non-functional.
start_tailscale()
{
tailscale status &> /tmp/tailscale.before
tailscale down
tailscale up --advertise-exit-node --accept-routes --advertise-routes=xxx.xxx.xxx.0/22 &> /tmp/tailscale.info
sleep 3 ; tailscale status &> /tmp/tailscale.after
}
. /lib/functions/gl_util.sh
remount_ubifs
# Wait for 30 seconds after startup, then run the Tailscale start method
sleep 30 ; start_tailscale &
exit 0
Thank you, @ilium007. You saved a lot of my hairs.
Editing near the end of /usr/bin/gl_tailscale
works for me, on MT6000.
It was /usr/bin for me, not /usr/sbin on my device.
I almost edited the rc.Local.
I should have known that it would have a prefix gl_.
FYI: It’s better easier to edit rc.local
unless you manually add the GL script to LuCI backup inclusions/sysupgrade.conf
:
Is anyone able to find a working solution!? I tried what you sugge a but nothing has changed. The exit node works for a couple of hours then it stops advertising the node. I can only think of a script that every 30 minutes run the command Tailscale up —advertise-exit-node with the two subnets but I don’t think this is the best solution
So far, that seems to be what happened to me as well.
It’s really odd, that’s for sure.
I’ve kind of given up for now.
Hi! I figured out what you can do to make this works, first try to update the firmware to the 4.5 version, then if you go to the tailscale website you can download the tar.gz binary with the most updated version available, then using winscp you can get those files into the router (the directory should be sbin as far as I remember) and then you can add one line into the gl_tailscale script as mentioned before. I could upload a copy of my script but it wouldn’t work because it is tailored for the io ranges you have. If you need more help I’m happy to help
If you dont want to fiddle with SCP and co you can use this script instead: How-To: Update Tailscale on ARM64/ARMv7 (f.e. Flint2/AXT1800)
Thank you!! I’m also struggling with one of the routers I have in Italy (I want to use it as vpn server) it doesn’t advertise the public ip address (ddns with good cloud) but I can advertise the public address of my router in the uk.
Both routers are ax1800 flint, one is connected to an ONT (full fibre) the one in Italy is connected through a primary modem but it is DMZ to get the public ip. Unfortunately I’m trying to get a better solution for the Italian router to avoid using the isp router but I have not found anything interesting (router in Italy has finer to the cabinet then copper wires like the old adsl) any suggestions is very welcome
Worked perfectly. (so far)
Thanks!