Tailscale /usr/bin/gl_tailscale file changed?

AdamK · July 12, 2024, 3:15pm

Hello,

I'm helping someone setup their GL.iNet Brume 2 with a Tailscale exit node. Previously (as of firmware version 4.2.1), I would simply replace the following line:

/usr/sbin/tailscale up --reset $param --timeout 3s

with

/usr/sbin/tailscale up --advertise-exit-node --reset $param --timeout 3s

But I'm not seeing this line in the file anymore when looking at the below file contents:

root@GL-MT2500:/# cat /usr/bin/gl_tailscale

#!/bin/sh


action="$1"

TS_POLICY_ROUTE=/tmp/ts_policy_route

TS_FIREWALL_SECTION=gltailscale

TAILSCALE_ROUTE_TABLE=52

TAILSCALE_DNS_SERVER="100.100.100.100"


if [ "$action" == "set_route" ];then

sleep 5

ip route add 100.64.0.0/10 dev tailscale0

fi


add_policy_route()

{

target=$1

if [ -n "$target" ]; then

route_param="to $target table main"

/sbin/ip rule add $route_param

echo $route_param >> $TS_POLICY_ROUTE

fi

}


del_policy_route()

{

/sbin/ip rule del to $TAILSCALE_DNS_SERVER lookup $TAILSCALE_ROUTE_TABLE pri 50

if [ -f $TS_POLICY_ROUTE ]; then

while read line; do

if [ -n "$line" ]; then

/sbin/ip rule del $line

fi

done < $TS_POLICY_ROUTE

rm $TS_POLICY_ROUTE

fi

}


add_guest_policy_route()

{

guest_disable=$(uci -q get network.guest.disabled)

exit_node_ip=$(uci -q get tailscale.settings.exit_node_ip)

if [ -n "$exit_node_ip" ] && [ "$guest_disable" == "0" ]; then

guestip=$(ubus call network.interface.guest status|jsonfilter -e '@["ipv4-address"][0].address')

guestmask=$(ubus call network.interface.guest status|jsonfilter -e '@["ipv4-address"][0].mask')

if [ -n "$guestip" ] && [ -n "$guestmask" ] ;then

guest_network=$(ipcalc.sh $guestip $guestmask | awk -F= '/NETWORK/{print $2}')

guest_mask=$(ipcalc.sh $guestip $guestmask | awk -F= '/PREFIX/{print $2}')

fi


if [ -n "$guest_network" ] && [ -n "$guest_mask" ]; then

guest_ip="$guest_network/$guest_mask"

policy_route_param="from $guest_ip table main"

/sbin/ip rule add $policy_route_param

echo $policy_route_param >> $TS_POLICY_ROUTE

fi

fi

}


add_exit_node_rule()

{

count=0

while [ $count -le 5 ]

do

rule_exist=$(ip rule | grep "from all fwmark 0x80000/0x80000 lookup")

ts_prio=$(ip rule | grep "from all lookup 52" |  awk -F':' '{print $1}' | head -n 1)

if [ "$rule_exist" == "" ]; then

if [ -n "$ts_prio" ]; then

pre_prio=$(($ts_prio-1))

policy_route_param="from all fwmark 0x80000/0x80000 lookup main prio $pre_prio"

/sbin/ip rule add $policy_route_param

echo $policy_route_param >> $TS_POLICY_ROUTE

fi

else

break

fi

count=$(($count+1))

sleep 1

done

}


add_ts_fw_rule()

{

if [ -f /etc/firewall.tailscale.sh ]; then

/etc/firewall.tailscale.sh &

fi

}


modify_dns_resolv()

{

dns_suffix=$(tailscale status -json | jsonfilter -e '@.MagicDNSSuffix')

rule_exist=$(grep "ts.net/100.100.100.100" /etc/dnsmasq.conf)

domain_orig=$(uci get dhcp.@dnsmasq[0].domain)

domain_orig_clean=$(echo "$domain_orig" | sed "s/.*ts.net //g")


if [ "$1" == "1" ]; then

if [ "$rule_exist" == "" ]; then

[ "$dns_suffix" == "" ] && dns_suffix="ts.net"

echo "server=/$dns_suffix/100.100.100.100" >> /etc/dnsmasq.conf

uci set dhcp.@dnsmasq[0].domain="$dns_suffix $domain_orig_clean"

uci commit dhcp

/etc/init.d/dnsmasq restart

fi

else

uci set dhcp.@dnsmasq[0].domain="$domain_orig_clean"

uci commit dhcp

if [ -n "$rule_exist" ]; then

sed -i '/ts\.net\/100\.100\.100\.100/d' /etc/dnsmasq.conf

/etc/init.d/dnsmasq restart

fi

fi

}


if [ "$action" == "restart" ];then

/etc/init.d/tailscale restart


del_policy_route

add_ts_fw_rule


sys_mode=$(uci -q get glconfig.general.mode)

if [ "$sys_mode" != "router" ]; then

/etc/init.d/tailscale stop

modify_dns_resolv 0

exit 0

fi


enabled=$(uci -q get tailscale.settings.enabled)

if [ "$enabled" == "1" ]; then

/sbin/ip rule add to $TAILSCALE_DNS_SERVER lookup $TAILSCALE_ROUTE_TABLE pri 50


wanip=$(ubus call network.interface.wan status|jsonfilter -e '@["ipv4-address"][0].address')

wanmask=$(ubus call network.interface.wan status|jsonfilter -e '@["ipv4-address"][0].mask')

if [ -n "$wanip" ] && [ -n "$wanmask" ] ;then

wan_network=$(ipcalc.sh $wanip $wanmask | awk -F= '/NETWORK/{print $2}')

wan_mask=$(ipcalc.sh $wanip $wanmask | awk -F= '/PREFIX/{print $2}')

fi

[ -n "$wan_network" -a -n "$wan_mask" ] && wan_ip="$wan_network/$wan_mask"


secondwanip=$(ubus call network.interface.secondwan status|jsonfilter -e '@["ipv4-address"][0].address')

secondwanmask=$(ubus call network.interface.secondwan status|jsonfilter -e '@["ipv4-addr

admon · July 13, 2024, 12:13pm

You will need to edit /etc/init.d/tailscale

AdamK · July 13, 2024, 2:54pm

I'm still not seeing a relevant "tailscale up" command in this file either.

root@GL-MT2500:~# cat /etc/init.d/tailscale

#!/bin/sh /etc/rc.common


# Copyright 2020 Google LLC.

# Copyright (C) 2021 CZ.NIC z.s.p.o. (https://www.nic.cz/)

# SPDX-License-Identifier: Apache-2.0


USE_PROCD=1

START=80


start_service() {

  local state_file

  local port

  local std_err std_out


  config_load tailscale

  config_get_bool std_out "settings" log_stdout 1

  config_get_bool std_err "settings" log_stderr 1

  config_get port "settings" port 41641

  config_get state_file "settings" state_file /etc/tailscale/tailscaled.state


  /usr/sbin/tailscaled --cleanup


  config_get enabled "settings" enabled 0

  if [ "$enabled" -eq "1" ];then

  procd_open_instance

  procd_set_param command /usr/sbin/tailscaled


  # starting with v1.48.1 ENV variable is required to enable autodetection of iptables / nftables

  procd_set_param env TS_DEBUG_FIREWALL_MODE=auto


  # Set the port to listen on for incoming VPN packets.

  # Remote nodes will automatically be informed about the new port number,

  # but you might want to configure this in order to set external firewall

  # settings.

  procd_append_param command --port "$port"

  procd_append_param command --state "$state_file"


  procd_set_param respawn

  procd_set_param stdout "$std_out"

  procd_set_param stderr "$std_err"


  procd_close_instance

  fi

}


stop_service() {

  /usr/sbin/tailscaled --cleanup

}

root@GL-MT2500:~#

How would you advise editing this file to achieve the same effect?

admon · July 13, 2024, 4:13pm

There is no tailscale up because it is a service.

You need to modify the param= line.
I would recommend to run GitHub - Admonstrator/glinet-tailscale-updater: This script updates the Tailscale installation on GL.iNet routers. which mostly take care about it.

AdamK · July 13, 2024, 5:10pm

Could you please elaborate how running the Tailscale update script would address what I'm trying to do, which is to enable the exit node function?

admon · July 13, 2024, 5:14pm

Ah, yeah, guess I was wrong. The exit node functionality seems to be enabled via GL GUI.

AdamK · July 13, 2024, 6:42pm

Huh? GL.iNet routers don't currently have a functionality to run the device as an exit node. The GUI setting for Tailscale is only for connecting to an existing exit node.

admon · July 13, 2024, 6:45pm

I don't use tailscale, so my information can be wrong, I am sorry for that.

I just checked it on my Flint2 (4.6.2, op-24) and found the necessary lines within
/usr/bin/gl_tailscale

So not sure what is going on, but you seem to be right: There are different versions of gl_tailscale