I'm going to give that a try. I found the updated tailscale package for OnHub here:
Thanks to all. I started another thread in the For Developers category because I still want to learn how to compile the source code to accomplish my original goal.
1 Like
I solved the issue. I want you to be nicer online. I did mention my devices in the discussions and they are all in my profile too:
OpenWrt user since: 2013
Devices in use with OpenWrt: Raspberry Pi 4, ASUS (OnHub) SRT-AC1900, TP-LINK (OnHub) TGR 1900
And yes... The Tailscale package 1.80.2-1 works on my custom kernel. Yay!!! Success. The package from 24.10 does not have a kernel dependency so it can be installed on 23.05.05 for any users still on that firmware iteration.
I think I have similar use case as yours. Tailscale Exit Node is set on a remote linux server, and there are devices in another place under an OpenWrt LAN. I used to set the router with 23.05 as subnet router to connect the Exit Node, all clients in the LAN can connect the Exit Node. I didn't take note for the firewall setting. Right now I upgraded OpenWrt from 23.05 to 24.10, clients in the LAN can ping Exit Node but none can access the Internet thru Exit Node...something should be wrong with my firewall, but I am not an expert. Thinking of rolling back to 23.05
Running OpenWrt v24.10.0 with Tailscale v1.80.2 configured as a local Subnet Router I successfully connected to the Internet via the Remote Exit Node Running Tailscale v1.80.2.
You may want to start a separate topic as this topic has moved around a fair bit.
1 Like
The configuration is tricky because of how tailscale is initiated from the command line. The initiation sequence doesn't survive reboots reliably either.
To get it to work, make sure "bring up on boot" is unchecked on Network, Interfaces, tailscale. In the Network, Interfaces, Firewall settings select the wan. From that point on follow the wiki to force lan traffic through the tailscale interface:
Force LAN traffic to route through an external Exit Node
You also have to use tailscale's "magicdns" for it to work.
uci set network.lan.dns='100.100.100.100' # Tailscale MagicDNS
uci commit
/etc/init.d/network restart
You can setup a configuration file to attempt to make your settings survive a reboot. Save your desired settings in /etc/config/tailscale - obviously, substitute your desired exit node IP address:
config tailscale 'settings'
option args '--exit-node=100.x.y.z --exit-node-allow-lan-access'
option enabled '1'
Turning things off and on is no easy task with tailscale either because you have to go through a lot of effort to prevent traffic going directly to the wan and only go through tailscale to get through to the wan. When it's not working, you have no wan access from the router at all until you reconfigure.
2 Likes
Would you mind sharing a little bit more detail of how you configured? I received warning message about iptables and ip6tables during installing, is there anything related to the software compatibility with 24.10? Also I followed this doc [https://openwrt.org/docs/guide-user/services/vpn/tailscale/start] (https://openwrt.org/docs/guide-user/services/vpn/tailscale/start) to initialize, I can see my router was assigned an ipv4 address by tailscale status, however with the ip address show tailscale0 command, I didn't get any ipv4 nor ipv6 address. Not sure besides my firewall setting problem, anything wrong with pkg installation
It would be a very good idea if you would start you own Topic and state the model number of your Router.
It looks like you are not able to get a basic Tailscale configuration running on your Router.
I would suggest a clean install of OpenWrt v24.10.0 which automatically gives you access to Tailscale v1.80.2. This way the iptables-nftables issue and the Tailscale v1.58.2 security issue are both resolved without having to perform any special workarounds.
The OpenWrt Tailscale Wiki is very useful, however ignore the section on "iptables-nft issue" and "OpenWrt ssh access".
I would go as far as the " How to setup a Subnet Router/Exit Node" and test your configuration. After you are satisfied everything is working correctly then move to "Force LAN traffic to route through Exit Node" section as this is what allows the Subnet Route on the local OpenWrt Router to connect to a remote Router's Exit Node. At that point I can share my CLI syntax I used to make that possible. I am just doing some more testing at my end.
1 Like
Good advice. It's quite complex to set it up correctly and when it is setup correctly you have to use tailscale exclusively for Internet which isn't always ideal. Even with all the experimentation I've done I'm not even sure I'm going to stick with it. OpenVPN is so simple to turn off and on from Luci and configure that as long as I can open a port on the server side, OpenVPN is my preferred VPN. The speed difference is tiny and you are always limited by the upload speed on the server side anyway.
I don't use WireGuard anymore in OpenWrt because of the complexity of setup and difficulty turning it on and off easily. Tailscale is a zero configuration version of WIreGuard and in future it will be the standard, but not yet in the OpenWrt world.
The information here is very useful. Wanted to give my 2c.
I did not want to use Tailscale as exit node so this is what I did after realizing the 23.05 tailscale package is too old to rely on.
- Unpacked the
24.10package as mentioned here. - Copied (recursively) the resulting
usr,etcandlibinto my/ - Followed all the steps up to " iptables-nft issue" (including the "OpenWrt ssh access")
- Installed
iptables-nftbut no other package from the main docs - [EDIT] Added
tailscale up --advertise-routes=192.X.Y.Z/24 --accept-routesto/etc/rc.local
That gave me access to both my router and local network from my tailnet.
Thank you all for their contributions, I suspect the main docs will have to change now that 24.10 and its 1.80.X is out.