Hi I have installed this version https://github.com/adyanth/openwrt-tailscale-enabler (Tailscale to low powered OpenWRT devices) in my Archer C7 V5 and this work perfect when I want to comunnnicate to remote LAN and Vice versa. When I execute this command attached bellow you can see that there is no any problem.
Well When I want to add the same command with an extra option to go out to internet with the remote router I got nothing. I don't get the link to attach this router to Tailscale network. The Command line is freeze
tailscale up --netfilter-mode=off --advertise-routes=192.168.30.0/24 --accept-routes --exit-node=100.99.114.128
Could someone help to fix this??
As I stated I the hosts involved in each site could ping each other . I just follow this tutorial
B <---------->A <-------------> Internet
The problem as I stated when I set the router (B) to go out the internet traffic with the its remote IP Public Address (A). The Router B is not accesible anymore from its own LAN, but I can reach to Router B from any device located in the LAN A.
Did you enable the subnet in tailscale admin
Hi Thanks for your answer
Yes I enabled this. Should I enable this also (0.0.0.0/0 and ::/0)??
A should only have a route to B's LAN. The default route at A remains the local ISP.
Internet usage from B (the default route at B) will be routed into the VPN tunnel to A and then out to the A ISP.
It goes without saying that the A and B LANs must be different subnets. They can't overlap.
In the router B (ISP B) I have configured this command
tailscale up --accept-routes --advertise-routes=192.168.30.0/24 --netfilter-mode=off --exit-node=100.121.170.29
In the Router A (ISP)
tailscale up --accept-routes --advertise-routes=192.168.20.0/24 --netfilter-mode=off --advertise-exit-node
FIREWALL ROUTER A
FIREWALL ROUTER B
As I stated we can reach both network each other
ROUTER A (Asus RT-AC68U (BCM4708))
ROUTER B (TP-Link Archer C7 v5) - in this device I just could install this version (https://github.com/adyanth/openwrt-tailscale-enabler)
Should I configure anything else?
I followed this to letter and sprite. Which OpenWrt version you are using?
Thanks for your answer
In both routers the last one OpenWrt 22.03.5
But maybe the fail could be that I'm using in the archer C7 V5 a "tiny version" about tailscale
ROUTER A (Asus RT-AC68U (BCM4708)) - I could install Tailscale without any problem following this. https://openwrt.org/docs/guide-user/services/vpn/tailscale/start
ROUTER B (TP-Link Archer C7 v5) - instead in this device I just could install this version (https://github.com/adyanth/openwrt-tailscale-enabler)
Look these details in the admin console version tailscale detils.
It appears that routing between the LANs works but you also want site B's Internet use to tunnel to A, and that does not work.
If that's the case look at the routing table in B. The default route should be to A's tunnel IP with at least one hole punched /32 route for encrypted packets to reach A and/or the Tailscale servers via B's raw Internet connection.
I think you need an exit node for internet use.
After executed the command again I lost my connection to the router
But I can access to the router from the a devices located in the LAN A (192.168.20.1)
In the manager web is everything configured as we expected:
I think that problem is the tailscale version in my ArcherC7 V5. To low memory and too low space
Look I do a traceroute from the Router B to google.com.ar aand the internet traffic is going out via Router A. Look the screen.
But I can't do a ping to 192.168.30.1 Router B from the PC 192.168.30.113
Any comment or update ?? Thanks
I'm trying to figure out using my OpenWrt router as a Tailscale client myself and am still trying to get it to work properly, but for the memory issue I can help you here. I had this same problem on my router but you can fix this by getting a USB drive and installing xroot on your OpenWrt router. Make sure you use a reliable brand like SanDisk or something. This is the video that helped me do this: https://www.youtube.com/watch?v=5UjCT99udm0
Also make sure before you run the install part that the thumb drive is actually plugged in as stupid as that sounds I made the mistake of thinking you had to do the install before hand and that made me need to restore my OpenWrt to defaults lol.
I could expand the flash memory. Now I'm going to test and will be back with the updates
Try to run this command on each of the router
tailscale up --advertise-exit-node --netfilter-mode=off
Then, enable exit node on each of the router on tailscale admin menu.
Continue with install Tailscale client on the PC. Then, You can access all 100.x.x.x ip in your tailscale network including router B.
The PC also can be setup to use any exit node available.
If you already mention exit node IP on Router B, (AFAIK) it can only be accessed from the 100.x.x.x network.
Try use --exit-node-allow-lan-access=true on router B command. So it can connect to local lan.
If you want Router B role as exit node, you can delete "--exit-node" on the router B command.
Well I could do a video about this but it is not working properly, just one page can be routed out via ROUTER A. See the videos for details
I think that Tailscale must improve this or give clear support to deploy it. As all you know with ZeroTier We can deploy it without any problem
Any comment or suggestion to route internet traffic from network attached to Router B via Router A?
I was recently able to get my OpenWrt subnet router to route all the traffic of the non-Tailscale devices through an exit node. Here is the command I'm running on the client OpenWrt machine:
tailscale up --advertise-routes=192.168.1.0/24 --netfilter-mode=off --exit-node=100.xxx.xxx.xxx --exit-node-allow-lan-access=true --snat-subnet-routes=false
Just as a note, I needed to disable IPv6 to get it to work properly. Not 100% sure of the exit node location supports IPv6, it's not my home network.
I just got it running today and did run into one big problem: it crashed for no reason and I didn't lose internet after it crashed. This is not good because I don't want to risk leaking my real IP.
Does anyone know if there is a way that I can set my TailScale to have a killswitch to kill all internet access if the application crashes and isn't running?
Where should I disable IPv6? On the routers involved in this example?? Or on the network devices attached to both routers??