Unable to use tailscale exit nodes on Beryl AX

rubber_gun · August 5, 2023, 9:30am

A few days ago I had set up the router to use Tailscale exit nodes, to route all traffic under the GL.iNet router to another exit node.

If you hover your mouse over the “Custom exit nodes” button in GL.iNet Tailscale, you see the below:

If this option is enabled, the device will forward all requests to the exit node. Before enabled, you need to enable subnet routes x.x.x.x/24 of this device […] otherwise, your clients will not be able to access the Internet.

As instructed, in the corresponding “Edit route settings” in Tailscale’s admin console, I enabled the advertised route of x.x.x.x/24, enabled exit nodes in GL.iNet, and all was well. Not anymore.

Here is my GL.iNet Tailscale page. Note that “Allow WAN/LAN” are both enabled. I recall that in the past, enabling these both allowed GL.iNet to advertise two subnets to Tailscale, the LAN subnet and the WAN subnet.

Here is what my Tailscale console looks like now. As you can see, no subnet routes are exposed - LAN or WAN. Therefore, if exit nodes are enabled on GL.iNet tailscale, as said in the above tooltip, my clients can’t connect to the internet.

[I cannot insert 2nd picture as I am a new user. If you click “Edit Route Settings” in Tailscale admin console, for me, it says “This machine does not expose any routes”]

I have tried unlinking + relinking my tailscale account, plus factory resetting to troubleshoot. Nothing helps.

In my opinion, GL.iNet Tailscale was not started with the option “–advertise-routes [WAN subnet] --advertise-routes [LAN subnet]”. Therefore, subnet routes under Tailscale admin console appears blank.

How do I fix this? It was working previously before.

rubber_gun · August 5, 2023, 10:34am

OK, after a while, the routes show up. A little bit dodgy; I’ll monitor the situation.

rstoeber · August 5, 2023, 7:40pm

Were you actually able to get this working? And just to clarify, you are trying to route all traffic from LAN devices on the Beryl AX out to the internet through some remote Tailscale exit node, right?

I have also been trying to do that with no luck. My Tailscale exit node works perfectly when I run the Tailscale app directly on my MacBook. But, if I hook up the Mac to the Beryl LAN there is no internet access.

Which version of the Beryl AX firmware do you have installed?

bring.fringe18 · August 5, 2023, 10:17pm

hoerst · August 8, 2023, 12:13pm

Adding the firewall settings described in the link helped

bdrummon · August 17, 2023, 2:06am

I’m having this same problem on a brand new Slate AX. It’s annoying because this is the exact use case I purchased this router for.

aeryk · November 2, 2023, 4:23pm

Same issue here. Tailscale on Unraid isn’t advertising subnet route 192.168.8.0/24 that it’s saying needs to be enabled. Yet it works fine with the Mac+Android app. Why can’t Beryl AX connect?

fangzekun · November 3, 2023, 11:21am

hi,
Subnet route 192.168.8.0/24 should be enabled on Beryl AX for NAT is not enabled over tailscale.Tailscale exit node still unavailable for you when subnet route is advertised? What is the firmware version of your device?

aeryk · November 9, 2023, 4:09pm

The subnet isn’t being advertised… but it works for mac and windows etc. It’s the latest firmware.

Undernotic · January 5, 2024, 9:30pm

Same issue for me. When i turn exit node on gl admin panel, i lose internet on all devices connected to the gl router. I’ve tried to update tailscale on router to newest one 1.56.1 but still doesnt work after update.

S_riggi · March 1, 2024, 9:28am

Good morning,
I tried to apply the solutions explained in the forum, but it didn’t work. I access to ssh I run the command Tailscale up —advertise-exit-node with the two subnet to expose, it works for a couple of hours and bam it stops working and the exit node is not advertised anymore. I am banging my head because the reason to buy the AX/1800 was to use Tailscale. Anyone knows what to do?

chuff · March 11, 2024, 3:37pm

Just picked up a Beryl AX with the intent of going wifi->berylAX->tailscale->WAN->tailscale->exit_node

Had the same issue of exit node not being picked up after configuring the GUI. After playing with firewall zones in the advanced setting LUCI interface I had to configure a tailscale zone that permitted forwarding before the exit node worked. Image attached for reference.

TouriM · April 22, 2024, 8:00am

I found a solution. This solution is based on the tailscale documentation for subnet router. You can add the subnet in the acls and don’t have to wait for them to show up in the interface.

I added:
First I created a hostname for the gl-mt3000:

"hosts": {
		"glrouter": "100.XXX.XXX.XXX",
	}

and added the subnet to the ACLS

{
			"action": "accept",
			"src":    ["glrouter", "192.168.8.0/24"],
			"dst":    ["autogroup:internet:*", "192.168.8.0/24:*"],
		}

The “autogroup:internet:*” is a auto generated group, for all exit notes. Thus this solution should work for all exit notes.