To reach the internet via the exit node, enabling certain Subnet routes in the Tailscale Console is necessary.
Turning on masquerading on the tailsacle firewall zone also works, but it's not recommended since it'll introduce risk - the guest/wan network may use the Tailscale exit node.
