I have my own TAILSCALE network and on several devices (windows, android, ios) running the client with the USE_EXIT_NODE option I can get all my internet traffic routed through the exit node I selected, it's useful and working fine
Since I need to use the same system also on other devices which don't have TS client I'd like to use a OpenWRT device to do this.
I managed to install OpenWRT 22.03 on a GL-MT300N-V2 portable router and also have tailscale running on it. I can see the router connected into my TS network and I can ping to/from it other devices of my network
My problem is how to configure everything in OpenWRT to route all inbound/outbound traffic of all connected devices (by cable or wifi) to that interface. I guess more or less I need to do the following:
- Create an Interface with the TS client local IP and DHCP service
- Connect that interface to the router LAN and WIFI
- Adjust accordingly the routes/firewall rules
PS: An alternative version to using exit-node is to configure the router to use a proxy server on the tailscale network (10.). In windows for example I can just set up the system proxy to my remote node which is running a proxy server, and I can get all my traffic routed through that node. This is also working fine on windows*
my competence with networking and openwrt is not good enough, please help
Create a new
tailscale firewall zone.
Make the zone forwardings look like this:
tailscale advertising the lan subnet, e.g
tailscale up --advertise-routes=192.168.2.0/24 --advertise-exit-node
Go to tailscale Admin console->Machine->Edit route settings
That should do it.
Thank you so much pavelgl,
I made some steps forward following your advices, I was able to ping a remote TS client from my local client and by locally enabling the proxy to that node I was also able to navigate. But then I noticed that wifi wasn't connecting well, something wrong maybe related to my previous attempts so I tried to clear up the configuration and now I cannot reinstall and have tailscale running on openwrt....
I've tried both with and the script <openwrt-tailscale-enabler-v1.32.0-89418f5-autoupdate> but in both cases I end up with problems and errors before being able to authenticate my new TS node and move on....
what is the official/right procedure to install tailscale on latest openwrt 22.03?
opkg worked for me on 22.03.2.
opkg update; opkg install kmod-tun tailscaled tailscale
Ok pavegl, I also needed to install iptables-nft but now seems to be finally working fine. Thanks again
Another two points please:
the installed version of TS is quite old 1.24.2-3 (OpenWrt)
is it possible (and how) to update it to the most recent 1.32.2 ?
about proxy/gateway setting
now when I connect a windows10 client either by LAN or WIFI and I set the proxy of the system to another remote TS client running as exit node I can have my internet traffic routed through that client (see script below)
How can I have the same function done in my OpenWRT router natively, I mean without having to do anything on any LAN/WIFI connected client? I suppose I need to assign the default gateway and dns server to my remote TS address or set it as proxy server but I don't know how to do this in OpenWRT
RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer"
objShell.RegWrite RegLocate,"100.(my address)","REG_SZ"
RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride"
RegLocate = "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable"
Sorry, no idea.
I'm not sure what's the use of connecting the router to another "exit node", but you can try the following (no guarantee it will work).
Set up a public upstream DNS provider in
Set a metric for the wan interface.
When the tailscale service is up, run:
ip route add default via $exit_node_IP dev tailscale0 onlink
If it works, you could use a
hotplug script to dynamically create/delete the default route.
Well, the meaning of all of this project is to be able to connecting some "dumb" devices to a free internet for updates, fixes, etc.
I live in a country where internet is severely restricted so basically I need a router which is able to provide open&unrestricted internet connection to any device connected to it either by cable or wifi.
I'm using a Gli-net M300 Mango router and before I was able to do this by having a server-client wireguard connection set into it but this system has been blocked recently so I need something else. I have different TS remote nodes configured as exit_node and so far this solution is working on all devices I can run TS on but not on dumb/embedded devices
About your instructions my competence level is too low... please explain a bit more in detail what I should do to in Luci/SSH to test your solution pls
uci set network.wan.metric='100'
uci add_list dhcp.@dnsmasq.server='188.8.131.52'
uci add_list dhcp.@dnsmasq.server='184.108.40.206'
/etc/init.d/network restart; /etc/init.d/dnsmasq restart; /etc/init.d/tailscale restart
ip route add default via $exit_node_IP dev tailscale0 onlink
$exit_node_IP with the IP address of the
exit node (note that the route is not persistent).
If it works save the changes -
Otherwise, just reboot the device.
I tried 3 times,
the first time the router kinda of shutdown after the first 4 commands
the second time I was able to issue all 4+1 commands, I still had communication with the router but no internet at all
the third time I didn't get the IP address by DHCP so coudn't even connect to SSH
after reboot if I set my windows client to use the TS exit node as a proxy everything's working well. is there a way to have this automatically done by OpenWrt ?
Actually today I found the router was basically reset to initial OpenWRT status.. no more ext4 storage configured to USB no more tailscale or anything else..
So I reinstalled everything and I'm planning to see some tutorial on how routes work in general
Hey, any updates on how this is going? I'd like to do something similar. Thanks!
unfortunately not yet..
I'm stuck in redirecting the traffic from connected clients to my remote TS node providing internet access (acting as an exit-node in TS terminology)
tailscale is running in OpenWRT router, I can ping my TS nodes in all clients so I only need to have the router telling all connected clients to use the right address as Gateway to the internet
Hello, any news? I would also be interested, if there is a solution.
I've recently updated the Tailscale page on the wiki with details on how to use Tailscale as (what their documentation refers to) a "subnet router".
Maybe this is of use to you: @laktibrada, @randomodbuild, @StefanoA70 ?
Hi @joshenders, thanks for the update, I have already found a solution to my problem, which was a problem at synology tailscale, since I wanted to use synology as exit node and not problem of openWRT. As Tailscale on Synology currently can do --advertise-routes but not --accept-routes, the synology as an exit-node did not work with with subnet router, After installing tailscale at raspberryPi everything works as expected.