It seems everyone who uses a Slate AX as a client router with Tailscale needs to edit their Firewall settings as such:
But on my Beryl AX I just left all these settings at default and it connects via the custom exit node fine. Just wondering why the difference?
Default settings:
My best guess is that the difference in chipset and kernel have something to do with it.
@hansome maybe you know this one?
I tested slate ax tailscale, it also works without extra firewall confi in luci.
What’s the firmware version?
Could you please print the iptables:
iptables-save
And please check if there are subnet conflicts for Slate ax and Beryl ax.
Perhaps it’s only for when the router is being used as an exit node?
Do you use slate ax as an exit node? Are you using firmware 4.4.6 or 4.5?
I’m actually not using the Slate AX, but just noticed from others who have asked for my help in setting theirs up. I believe they were just using it as a client. Firmware probably 4.4.6 because nothing ever works on 4.5 so far.
I suggest upgrading to firmware 4.5, if it still needs extra firewall rule, please export system log.
I am still having this issue with my MT-3000. I'm on firmware version 4.6.9 and the MT-3000 cannot connect to the exit node, but my other clients can.
I created my own issue here with all the information:
Cannot connect MT-3000 to Tailscale exit node - Technical Support for Routers - GL.iNet
Sorry for the delay, we'll update the firmware to include a tailscale zone by default.
It's the MSS clamping the crucial point to get passed to some MTU-limited network.
It is a great inconvenience for normal users.
GL.iNet GL-MT3000, Firmware 4.8.1
This is still an issue! I've spent HOURS trying to figure out why I can't connect to my home LAN after enabling Tailscale on the MT3000. The simple solution was to enable the firewall rules in the images in the first post of this thread. Why? Why is this necessary?! This should be handled automatically in the background, or at very least - make this a toggle in the main GUI so that I don't need to go into the LuCI settings!
To reach the internet via the exit node, enabling certain Subnet routes in the Tailscale Console is necessary.
Turning on masquerading on the tailsacle firewall zone also works, but it's not recommended since it'll introduce risk - the guest/wan network may use the Tailscale exit node.
