(yet another) tailscale ask for help

Technical Support for Routers
1

Hi. Just bought a Beryl MT-3000, mainly for its built-in tailscale support.

Tl;Dr: although I managed to get it registered as authorized machine in my tailnet, I cannot access any other machine on my tailnet from devices connected to it.

I know tailscale integration in beta, but I struggle to get it running at all – to my surprise, since I got tailscale working now for >20 devices and several tailnets. Now I feel like an idiot. Heres what Ive tried:

  • factory-reset the router + update firmware to 4.7.0
  • setup tailscale through router GUI incl. the binding link flow > tailscale admin console
  • tried all variations with LAN/WAN access enabled/disabled
  • approved subnet routing
  • checked LuCI for updates
  • checked tailscale CLI output through SSH, no errors

Now I ended up here

  • no tailscale = everything works fine
  • with tailscale on, I can access public internet sites, but nothing on my tailnet
  • with tailscale on + my LAN router as exit node, I cannot even access internet sites

I tested the same tailnet with other devices and both ways with and without my LAN router as exit node work just fine.

Can someone help me troubleshoot?

:slight_smile:

2

Could you elaborate more on what you're trying to achieve?

Can you not ping the other devices using their Tailscale IP?

3

Thank you and apologies, if the topology wasn`t clear.

In a nutshell: I want to connect from a client (e.g. a laptop) inside a remote WiFi LAN made by the GL-MT3000 to a service (e.g. password manager) in my Home LAN through my tailnet.

Since I cannot install tailscale directly on that laptop I would like to use the tailnet integration on the GL-MT3000.

I hope that simplified sketch helps:

Screenshot 2025-02-13 at 10.24.53
Screenshot 2025-02-13 at 10.24.532004×1232 421 KB

Ping to the service or the OPNsense router (both WAN IP and LAN 10.12.22.1) time out.
Traceroute starts and ends with the router:

traceroute to 10.12.22.1 (10.12.22.1), 64 hops max, 40 byte packets
 1  console.gl-inet.com (192.168.8.1)  6.312 ms  7.145 ms  7.305 ms
 2  * * *

Remote devices outside the GL-MT3000 network running tailscale client directly can connect to all tailnet machines as expected. So I assume the error must be on the GL-MT3000 end.

4

Hello,

You can have a look at that post.

tldr:

First, you need to go into LUCI and goto the firewall and edit the "wan" zone.. goto "advanced settings" and add "tailscale0" to the "covered devices" then save & apply. This will instantly make Tailscale function as intended.

1 Like
5

Thanks a ton! That indeed did the trick.
I hope this get`s ironed out during the beta.