Tailscale VPN install: why must I stop and remove the mwan3 package? GL-MT1300

Is there a way I can configure the network or firewall settings on my Gl.inet device (GL-MT1300) so that Tailscale will work gracefully with mwan3?

I’ve successfully enabled Tailscale (1.18.2) on my gl.inet device by installing the Tailscale package on an SD card (loosely following the guide here: Running Tailscale on a Mango* Router - 🄱🄸🅃🅂🄽🄱🄾🄱🅂 Blog).

One thing bugs me, however. I’ve had to stop and remove the mwan3 package in order to be able to ping other Tailscale hosts or to route to remote subnets via the Tailscale interface.

Why must I remove mwan3? I would prefer to keep that package (if possible) so the gl.inet device can gracefully failover from one WAN connection to another (e.g. from WAN to tethering to wifi, etc).

Besides the details in the guide (linked above) I’ve added the following lines to /etc/config/network:

config interface ‘tailscale’
option proto ‘none’
option ifname ‘tailscale0’

I’ve added the following lines to /etc/config/firewall:

config zone ‘vpn_zone’
option name ‘tailscale’
option input ‘ACCEPT’
option forward ‘REJECT’
option output ‘ACCEPT’
option device ‘tailscale0’
option masq ‘1’
option mtu_fix ‘1’

config forwarding
option dest ‘tailscale’
option src ‘lan’

config forwarding
option dest ‘lan’
option src ‘tailscale’

And finally I had to remove mwan3: mwan3 stop && opkg remove mwan3 --force-depends
To re-iterate: Is there a way I can configure the network or firewall settings on my Gl.inet device (GL-MT1300) so that Tailscale will work gracefully with mwan3? Any ideas are appreciated.

If you do not remove mwan3, Tailscale cannot connect or you do not have Internet?

Can you give more details?

Internet always works.
Setup tailscale without disabling and removing mwan3: no ping to tailscale host or network.
Remove mwan3: can ping tailscale host and network.
See the following:

root@GL-MT1300:~# ping google
PING google.com (142.250.113.139): 56 data bytes
64 bytes from 142.250.113.139: seq=0 ttl=105 time=42.625 ms
64 bytes from 142.250.113.139: seq=1 ttl=105 time=41.989 ms
64 bytes from 142.250.113.139: seq=2 ttl=105 time=27.670 ms
^C
google.com ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 27.670/37.428/42.625 ms

root@GL-MT1300:~# tailscale version
1.18.2
tailscale commit: cc23fba40ac7ec4b60fe2210999a2f20101e0c7c
other commit: e21a681f4a9ffdef994234e4c3d857e8dc3bbb19
go version: go1.17.2-ts7037d3ea51

root@GL-MT1300:~# tailscale ping 100.125.5.11
pong from (100.125.5.11) via :41641 in 169ms

root@GL-MT1300:~# ping 100.125.5.11
PING 100.125.5.11 (100.125.5.11): 56 data bytes
^C
— 100.125.5.11 ping statistics —
24 packets transmitted, 0 packets received, 100% packet loss

root@GL-MT1300:~# ping 192.168.10.200
PING 192.168.10.200 (192.168.10.200): 56 data bytes
^C
— 192.168.10.200 ping statistics —
29 packets transmitted, 0 packets received, 100% packet loss

root@GL-MT1300:~# mwan3 stop && opkg remove mwan3 --force-depends
Removing package mwan3 from root…

reboot here

root@GL-MT1300:~# ping 100.125.5.11
PING 100.125.5.11 (100.125.5.11): 56 data bytes
64 bytes from 100.125.5.11: seq=0 ttl=128 time=761.909 ms
64 bytes from 100.125.5.11: seq=1 ttl=128 time=81.799 ms
64 bytes from 100.125.5.11: seq=2 ttl=128 time=90.931 ms
64 bytes from 100.125.5.11: seq=3 ttl=128 time=81.920 ms
^C
— 100.125.5.11 ping statistics —
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 81.799/254.139/761.909 ms

root@GL-MT1300:~# ping 192.168.10.200
PING 192.168.10.200 (192.168.10.200): 56 data bytes
64 bytes from 192.168.10.200: seq=0 ttl=63 time=224.051 ms
64 bytes from 192.168.10.200: seq=1 ttl=63 time=288.800 ms
64 bytes from 192.168.10.200: seq=2 ttl=63 time=258.725 ms
64 bytes from 192.168.10.200: seq=3 ttl=63 time=308.566 ms
64 bytes from 192.168.10.200: seq=4 ttl=63 time=251.003 ms
^C
— 192.168.10.200 ping statistics —
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 224.051/266.229/308.566 ms

There’s a conflict in the policy routing rules.

Here’s a script to build the latest version on Linux (requires git and go to be installed):

#!/bin/bash
set -uo pipefail
trap 's=$?; echo ": Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
IFS=$'\n\t'


function build_dist {
    echo Build: tailscale-${VERSION}_$1
    env GOOS=linux GOARCH=$1 ./build_dist.sh tailscale.com/cmd/tailscale  && mv tailscale{,-${VERSION}_$1}
    echo Build: tailscaled-${VERSION}_$1
    env GOOS=linux GOARCH=$1 ./build_dist.sh tailscale.com/cmd/tailscaled && mv tailscaled{,-${VERSION}_$1}
}

cd ~/code/tailscale
CURRENT_TAG="$(git describe --tags)"
git fetch --tags || true
REV="$(git rev-list --tags --max-count=1)"
LATEST_TAG="$(git describe --tags $REV)"
if [ "$CURRENT_TAG" != "$LATEST_TAG" ]; then
    git reset --hard
    git checkout "$LATEST_TAG"
    # patch policy routing rule priorities
    grep -lrP '\b52[1357]0\b' . \
        | xargs -n1 sed -Ei 's/\b52([1357])0\b/13\10/g'
fi
export VERSION=$(cat VERSION.txt)
build_dist amd64
build_dist arm
build_dist arm64
export GOMIPS=softfloat
build_dist mips

For the GL-MT1300, I believe you’ll want the mips version.

Here’s a patched one I compiled:

Hmmmmm ask and you shall receive - h/t ryanc!
My architecture is mipsle but it was an easy edit.
Here’s my compiled version for DL for mipsle architecture: tailscale-1.18.2_mipsle_gl.inet.zip - Google Drive
Ping is high (300ms compared to 80ms) but it now works with mwan3 enabled.
Can you share what the specific issue was? Have you submitted an issue to the Tailscale project?

For those who wish to compile themselves:
apt install git
snap install go --classic
mkdir /root/code
cd /root/code
git clone https://github.com/tailscale/tailscale
./mipsle.sh (script as follows):

#!/bin/bash
set -uo pipefail
trap 's=$?; echo ": Error on line "$LINENO": $BASH_COMMAND"; exit $s' ERR
IFS=$'\n\t'

function build_dist {
    echo Build: tailscale-${VERSION}_$1
    env GOOS=linux GOARCH=$1 ./build_dist.sh tailscale.com/cmd/tailscale  && mv tailscale{,-${VERSION}_$1}
    echo Build: tailscaled-${VERSION}_$1
    env GOOS=linux GOARCH=$1 ./build_dist.sh tailscale.com/cmd/tailscaled && mv tailscaled{,-${VERSION}_$1}
}

cd ~/code/tailscale
CURRENT_TAG="$(git describe --tags)"
git fetch --tags || true
REV="$(git rev-list --tags --max-count=1)"
LATEST_TAG="$(git describe --tags $REV)"
if [ "$CURRENT_TAG" != "$LATEST_TAG" ]; then
    git reset --hard
    git checkout "$LATEST_TAG"
    # patch policy routing rule priorities
    grep -lrP '\b52[1357]0\b' . \
        | xargs -n1 sed -Ei 's/\b52([1357])0\b/13\10/g'
fi
export VERSION=$(cat VERSION.txt)
build_dist amd64
build_dist arm
build_dist arm64
export GOMIPS=softfloat
build_dist mipsle
1 Like

2021.01.04 update: Ping is back down to normal and things work perfectly with above patched binaries.
@ryanc submitted a github issue with the tailscale project here: https://github.com/tailscale/tailscale/issues/3659

1 Like