Unable to use tailscale exit nodes on Beryl AX

rubber_gun · August 5, 2023, 9:30am

A few days ago I had set up the router to use Tailscale exit nodes, to route all traffic under the GL.iNet router to another exit node.

If you hover your mouse over the “Custom exit nodes” button in GL.iNet Tailscale, you see the below:

If this option is enabled, the device will forward all requests to the exit node. Before enabled, you need to enable subnet routes x.x.x.x/24 of this device […] otherwise, your clients will not be able to access the Internet.

As instructed, in the corresponding “Edit route settings” in Tailscale’s admin console, I enabled the advertised route of x.x.x.x/24, enabled exit nodes in GL.iNet, and all was well. Not anymore.

Here is my GL.iNet Tailscale page. Note that “Allow WAN/LAN” are both enabled. I recall that in the past, enabling these both allowed GL.iNet to advertise two subnets to Tailscale, the LAN subnet and the WAN subnet.

Here is what my Tailscale console looks like now. As you can see, no subnet routes are exposed - LAN or WAN. Therefore, if exit nodes are enabled on GL.iNet tailscale, as said in the above tooltip, my clients can’t connect to the internet.

[I cannot insert 2nd picture as I am a new user. If you click “Edit Route Settings” in Tailscale admin console, for me, it says “This machine does not expose any routes”]

I have tried unlinking + relinking my tailscale account, plus factory resetting to troubleshoot. Nothing helps.

In my opinion, GL.iNet Tailscale was not started with the option “–advertise-routes [WAN subnet] --advertise-routes [LAN subnet]”. Therefore, subnet routes under Tailscale admin console appears blank.

How do I fix this? It was working previously before.

rubber_gun · August 5, 2023, 10:34am

OK, after a while, the routes show up. A little bit dodgy; I’ll monitor the situation.

rstoeber · August 5, 2023, 7:40pm

Were you actually able to get this working? And just to clarify, you are trying to route all traffic from LAN devices on the Beryl AX out to the internet through some remote Tailscale exit node, right?

I have also been trying to do that with no luck. My Tailscale exit node works perfectly when I run the Tailscale app directly on my MacBook. But, if I hook up the Mac to the Beryl LAN there is no internet access.

Which version of the Beryl AX firmware do you have installed?

bring.fringe18 · August 5, 2023, 10:17pm

hoerst · August 8, 2023, 12:13pm

Adding the firewall settings described in the link helped

bdrummon · August 17, 2023, 2:06am

I’m having this same problem on a brand new Slate AX. It’s annoying because this is the exact use case I purchased this router for.

aeryk · November 2, 2023, 4:23pm

Same issue here. Tailscale on Unraid isn’t advertising subnet route 192.168.8.0/24 that it’s saying needs to be enabled. Yet it works fine with the Mac+Android app. Why can’t Beryl AX connect?

fangzekun · November 3, 2023, 11:21am

hi,
Subnet route 192.168.8.0/24 should be enabled on Beryl AX for NAT is not enabled over tailscale.Tailscale exit node still unavailable for you when subnet route is advertised? What is the firmware version of your device?

aeryk · November 9, 2023, 4:09pm

The subnet isn’t being advertised… but it works for mac and windows etc. It’s the latest firmware.

Undernotic · January 5, 2024, 9:30pm

Same issue for me. When i turn exit node on gl admin panel, i lose internet on all devices connected to the gl router. I’ve tried to update tailscale on router to newest one 1.56.1 but still doesnt work after update.

S_riggi · March 1, 2024, 9:28am

Good morning,
I tried to apply the solutions explained in the forum, but it didn’t work. I access to ssh I run the command Tailscale up —advertise-exit-node with the two subnet to expose, it works for a couple of hours and bam it stops working and the exit node is not advertised anymore. I am banging my head because the reason to buy the AX/1800 was to use Tailscale. Anyone knows what to do?

chuff · March 11, 2024, 3:37pm

Just picked up a Beryl AX with the intent of going wifi->berylAX->tailscale->WAN->tailscale->exit_node

Had the same issue of exit node not being picked up after configuring the GUI. After playing with firewall zones in the advanced setting LUCI interface I had to configure a tailscale zone that permitted forwarding before the exit node worked. Image attached for reference.

TouriM · April 22, 2024, 8:00am

I found a solution. This solution is based on the tailscale documentation for subnet router. You can add the subnet in the acls and don’t have to wait for them to show up in the interface.

I added:
First I created a hostname for the gl-mt3000:

"hosts": {
		"glrouter": "100.XXX.XXX.XXX",
	}

and added the subnet to the ACLS

{
			"action": "accept",
			"src":    ["glrouter", "192.168.8.0/24"],
			"dst":    ["autogroup:internet:*", "192.168.8.0/24:*"],
		}

The “autogroup:internet:*” is a auto generated group, for all exit notes. Thus this solution should work for all exit notes.

amerlini · July 16, 2024, 4:16pm

Thanks chuff for this post!

I was a bit lost on Exit Nodes not being working on my brand new GL-MT3000.
Once added the FW zones everything works like as a charm.

rundell · July 16, 2024, 8:18pm

I have noticed if I turn off the exit node through the router software, then try to turn it back on, it won't add the subnet routes back until I do a reboot of the router.

rairoumaru · July 27, 2024, 7:23am

Just got it working by:

enable the Allow Remote Access LAN (which is visible only if Custom Exit Node is OFF)
after enabling, I started seeing the subnet routes in the Tailscale Admin Panel and enabled them
enable and select the Custom Exit Node you want from the router interface

My firware version is 4.6.2 and I haven't done any other changes to the router.

bibutikoley · August 22, 2024, 4:32pm

@rairoumaru I have the same firmware version. But it still doesn't work.

I have the subnet routes enabled on the Tailscale admin panel.

But as soon as I start Custom Exit Node my internet stops working. After I disable Exit Node, the internet starts working again.

Requesting you to kindly share the settings that you have in the router..

rairoumaru · August 23, 2024, 11:04am

Not sure how I can share those to be honest.

I've only done 2 things to the device:
1/ setup the WiFi
2/ Setup Tailscale

And the Tailscale setup boiled down to figuring out how to get it to advertise the subroutes.
Turned out it's the Allow Remote Access LAN option, which is visible only when Tailscale is enabled and Custom Exit Node is OFF

The rest is just enabling the subnet route in the Tailscale admin page:

And enabling Custom Exit Node from the router's menu and selecting my desired exit node

And that's all I did

bibutikoley · August 24, 2024, 3:00am

Apart from the steps you mentioned above. I also had to perform the below steps.

Configuring the Exit Node Using the LuCI Admin Panel

To successfully configure the exit node, follow these additional steps in the LuCI admin panel:

Access the Advanced Settings:

• Navigate to System > Advanced in the LuCI admin panel.
• Select Network > Firewall.
Edit the Firewall Zone:
• You will see three zones listed by default:
```
lan > wan
wan > **REJECT**
guest > wan
```
• Locate the second zone (wan > REJECT) and click Edit.
Modify the Advanced Settings:
• Go to the Advanced Settings tab.
• In the “Covered devices” dropdown, select tailscale0.
Save and Apply Changes:
• Click Save, then Save & Apply to finalize the configuration.