Tailscale on a dumb access point, controlled by the main router

Hello

Despite all the tentative, I could not manage the routing for the packages when Tailscale is installed on the main openwrt router together with Wireguard VPN.

As workaround I tried to use a secondary router to create a dumb access point and install there Tailscale, however, even if Tailscale is connected, I browse always with the network of the main router.

My idea would be to create the below networks, and use PBR on the main router to direct the traffic:

  • Main router:
    -- 192.168.1.1/24: ISP
    -- 192.168.2.1/24: VPN1
    -- 192.168.3.1/24: VPN2
    -- 192.168.99.1/24: Tailscale (when tailscale is needed, sending the traffic on the dumb ap).

  • Dumb AP:
    -- 192.168.99.1/24: Tailscale

Before testing any connection via the main router, I plugged in to the dumb ap, but I can browse only via the ISP, not via Tailscale.

Is my idea feasible or the dumb AP being directed by the main router will never be able to use the Tailscale service?

I have no experience with tailscale but I have with OpenVPN and WireGuard.

As tailscale is in the same ball park some things to take a look at:

Your LAN clients will only use tailscale if you point the gateway of the LAN clients to the IP of the dumb access point (you can set gateway or alternative gateway with DNSMasq or use iptables with prerotuing rules or just static routing as alternatives).

You probably need to set a static route on the main router to route the tailscales subnet 192.168.99.0/24 to the IP of the dumb access point (alternatively enable Masquerading on the LAN zone of the dumb access point (assuming the tailscale interface is added to the LAN zone).

Those are the things you have to do with WireGuard/OpenVPN so perhaps you also have to do those when using tailscale?

1 Like

can you provide more detail about your tailscale setup?

you plugged into the dumb AP and then said you can't browse via tailscale. How is tailscale setup? Do you have an exit node you are trying to use? What command did you use when running tailscale?
What traffic are you trying to route via tailscale? Only to other nodes or all traffic from certain devices?

Thank you for the reply, I used the AP in another configuration, as soon as I will have time I will try again.