Tailscale settings lost on reboot

I think at this stage I need a way to run the tailscale up command after tailscaled has come up. That /etc/rc.local is not working for me…

I added this to the startup script to find whats running at start:

ps -w | grep tail > /tmp/tailscale.info &

root@GL-AX1800:~# cat /tmp/tailscale.info
 4750 root      1176 S    /bin/sh /usr/bin/gl_tailscale restart
 4752 root      1312 S    /bin/sh /etc/rc.common /etc/init.d/tailscale restart
 4776 root      794m S    /usr/sbin/tailscaled --port 41641 --state /etc/tailscale/tailscaled.state
 4777 root      1304 S    /bin/sh /etc/rc.common /etc/init.d/tailscale running
 4797 root      794m S    /usr/sbin/tailscaled --cleanup
 4879 root      1172 S    /bin/sh /usr/bin/gl_tailscale set_route
 5313 root      1172 S    grep tail
root@GL-AX1800:~#

It looks as though its being configured via:

/bin/sh /usr/bin/gl_tailscale set_route

My Flint is running f/w 4.2.3-release5. Try adding some custom params to the launching shell script. You might not even need rc.local:

root@GL-AX1800:~# cat /etc/init.d/tailscale
#!/bin/sh /etc/rc.common

# Copyright 2020 Google LLC.
# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)
# SPDX-License-Identifier: Apache-2.0

USE_PROCD=1
START=80

start_service() {
  local state_file
  local port
  local std_err std_out

  config_load tailscale
  config_get_bool std_out "settings" log_stdout 1
  config_get_bool std_err "settings" log_stderr 1
  config_get port "settings" port 41641
  config_get state_file "settings" state_file /etc/tailscale/tailscaled.state

  /usr/sbin/tailscaled --cleanup
  config_get enabled "settings" enabled 0
  if [ "$enabled" -eq "1" ];then
        procd_open_instance
        procd_set_param command /usr/sbin/tailscaled

        # Set the port to listen on for incoming VPN packets.
        # Remote nodes will automatically be informed about the new port number,
        # but you might want to configure this in order to set external firewall
        # settings.
        procd_append_param command --port "$port"
        procd_append_param command --state "$state_file"

        # my custom params
        procd_append_param command --advertise-routes "192.168.10.0/23"
        # ... & so on, & so forth....
        # // end my custom params

        procd_set_param respawn
        procd_set_param stdout "$std_out"
        procd_set_param stderr "$std_err"

        procd_close_instance
  fi
}

That wont work unfortunately… The init.d file runs tailscaled not tailscale - there is no --advertise-routes etc for the daemon process. The tailscale binary is the cli interface to the tailscale daemon process.

/usr/bin/gl_tailscale must be running the tailscale up xxxx command after it pulls config info that has been set via the UI.

Yeah I see that now after you posted that dir list. The more I look at this the more it seems all so familar:

This is untested code to enable exit nodes I never got feedback on from someone else but here:

sed '/param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"/a\                        param=“$param --advertise-exit-node --allow-exit-node --allow-routes”' /usr/bin/gl_tailscale >> \
 /usr/bin/gl_tailscale.new && mv /usr/bin/gl_tailscale /usr/bin/gl_tailscale.stock \
&& mv /usr/bin/gl_tailscale.new /usr/bin/gl_tailscale && chmod +x /usr/bin/gl_tailscale

It’ll add more the launch string of /usr/bin/gl_tailscale @ this if statement/code block:

                if [ -n "$exit_node_ip" ];then
                        param="$param --exit-node-allow-lan-access --exit-node=$exit_node_ip"
                        # new params added here by the `sed` search & replace
                fi

You can add your params there or by adding more to the second half of that above sed command.

I hadn’t realised /usr/bin/gl_tailscale was a script! I assumed it was a binary - I’ll check out what you have posted above but this will definitely fix things for me.

This fixed it for me! I ended up just hardcoding my tailscale up command line into /usr/sbin/gl_tailscale and it now works on reboot.

I’m glad you got it sorted… I was always curious if such a simple edit would work (I don’t use Tailscale). I look forward to you marking my post as the ‘Solution’.

There’s no --allow-routes as I see, you mean --accept-routes surely?

Damned if I know. That param was copied fr some one else. Like I said, I don’t use Tailscale.

I found a way to make the /etc/rc.local startup script work for starting Tailscale. Figured I’d add the solution here, just because its much less tedious than logging in and editing /usr/bin/gl_tailscale/ through the terminal.

It seems like there’s a few seconds after startup that are a bit variable where tailscale can’t start if the command is run too early.

Feel free to edit it however it works for you.

Here’s everything in the file:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# Method to restart Tailscale. Sometimes would be running, but non-functional.
start_tailscale()
{
        tailscale status &> /tmp/tailscale.before
        tailscale down
        tailscale up --advertise-exit-node --accept-routes --advertise-routes=xxx.xxx.xxx.0/22 &> /tmp/tailscale.info
        sleep 3 ; tailscale status &> /tmp/tailscale.after
}

. /lib/functions/gl_util.sh
remount_ubifs

# Wait for 30 seconds after startup, then run the Tailscale start method
sleep 30 ; start_tailscale &

exit 0

Thank you, @ilium007. You saved a lot of my hairs.
Editing near the end of /usr/bin/gl_tailscale works for me, on MT6000.
It was /usr/bin for me, not /usr/sbin on my device.
I almost edited the rc.Local.
I should have known that it would have a prefix gl_.

image1207×172 8.13 KB

FYI: It’s better easier to edit rc.local unless you manually add the GL script to LuCI backup inclusions/sysupgrade.conf:

Is anyone able to find a working solution!? I tried what you sugge a but nothing has changed. The exit node works for a couple of hours then it stops advertising the node. I can only think of a script that every 30 minutes run the command Tailscale up —advertise-exit-node with the two subnets but I don’t think this is the best solution

So far, that seems to be what happened to me as well.

It’s really odd, that’s for sure.

I’ve kind of given up for now.

Hi! I figured out what you can do to make this works, first try to update the firmware to the 4.5 version, then if you go to the tailscale website you can download the tar.gz binary with the most updated version available, then using winscp you can get those files into the router (the directory should be sbin as far as I remember) and then you can add one line into the gl_tailscale script as mentioned before. I could upload a copy of my script but it wouldn’t work because it is tailored for the io ranges you have. If you need more help I’m happy to help

If you dont want to fiddle with SCP and co you can use this script instead: How-To: Update Tailscale on ARM64/ARMv7 (f.e. Flint2/AXT1800)

Thank you!! I’m also struggling with one of the routers I have in Italy (I want to use it as vpn server) it doesn’t advertise the public ip address (ddns with good cloud) but I can advertise the public address of my router in the uk.
Both routers are ax1800 flint, one is connected to an ONT (full fibre) the one in Italy is connected through a primary modem but it is DMZ to get the public ip. Unfortunately I’m trying to get a better solution for the Italian router to avoid using the isp router but I have not found anything interesting (router in Italy has finer to the cabinet then copper wires like the old adsl) any suggestions is very welcome

Worked perfectly. (so far)

Thanks!