It seems everyone who uses a Slate AX as a client router with Tailscale needs to edit their Firewall settings as such:
But on my Beryl AX I just left all these settings at default and it connects via the custom exit node fine. Just wondering why the difference?
Default settings:
My best guess is that the difference in chipset and kernel have something to do with it.
@hansome maybe you know this one?
I tested slate ax tailscale, it also works without extra firewall confi in luci.
What’s the firmware version?
Could you please print the iptables:
iptables-save
And please check if there are subnet conflicts for Slate ax and Beryl ax.
Perhaps it’s only for when the router is being used as an exit node?
Do you use slate ax as an exit node? Are you using firmware 4.4.6 or 4.5?
I’m actually not using the Slate AX, but just noticed from others who have asked for my help in setting theirs up. I believe they were just using it as a client. Firmware probably 4.4.6 because nothing ever works on 4.5 so far.
I suggest upgrading to firmware 4.5, if it still needs extra firewall rule, please export system log.
I am still having this issue with my MT-3000. I'm on firmware version 4.6.9 and the MT-3000 cannot connect to the exit node, but my other clients can.
I created my own issue here with all the information:
Cannot connect MT-3000 to Tailscale exit node - Technical Support for Routers - GL.iNet
Sorry for the delay, we'll update the firmware to include a tailscale zone by default.
It's the MSS clamping the crucial point to get passed to some MTU-limited network.
It is a great inconvenience for normal users.