TAILMON How to use EXIT Nodes?

[thanhnam1601]

I am opening this thread because I cannot comment in the original one.

I installed and run Tailscale by using TAILMON successfully on my AX88U, but I cannot use Exit Mode.
My use case:
- Exit Node is on an VPS, advertised as Exit Node. Other devices can use this exit node without issues. I tried on an Ubuntu laptop, my iPhone, my Windows.
- Now I want my AX88U running TAILMON to use this exit node as well. So that all devices after my router will be routed through the Exit Node. My AX88U is advertised as subnet router already.

What I tried:
- Connect to the router using SSH.
- Tried the command

tailscale set --exit-node=<My-Exit-Node-IP>

Right after I type the command and hit enter, I cannot connect to the router anymore. All my connection dropped, no more internet. I cannot access to SSH as well. I need to hard reset my router to default.

Can you let me know if this is possible?

Thanks!

 

[kuki68ster]

Hi friend:

From ChatGPT:

To enable your ASUS AX88U router to use your VPS as an exit node with Tailscale, there are a few factors to consider, especially since enabling an exit node may interfere with connectivity. Here are some steps and troubleshooting ideas that might help:

1. **Use the Correct Exit Node Command**:
- Double-check that you're using the correct IP address or Tailscale node name for your VPS. Try `tailscale up --exit-node=<exit-node-IP>` instead of `tailscale set --exit-node=<exit-node-IP>`, as sometimes this full `up` command may handle connection settings more effectively.

2. **Ensure Local Network is Accessible**:
- By default, the `--exit-node` setting may route all traffic through the VPS, including traffic meant for your local network, which could be why you lose access. Use the command `tailscale up --exit-node=<exit-node-IP> --exit-node-allow-lan-access` to ensure you retain access to local devices even when exit node routing is active.

3. **Confirm IPv6 Compatibility**:
- Some exit node setups may inadvertently trigger an IPv6 preference that can interfere with IPv4-only networks, depending on your ISP and router setup. If you’re using IPv4, disable IPv6 on the router or ensure your VPS and router are on compatible IP versions.

4. **Check Tailscale Version**:
- Some versions of Tailscale may have bugs related to exit node settings, especially on devices where Tailscale is not natively supported. Make sure your AX88U has the latest Tailscale version supported by TAILMON.

5. **Consider a Tailscale ACL (Access Control List)**:
- If possible, adjust your ACL to confirm that the AX88U has full permissions for the exit node routing. This is sometimes necessary to ensure connectivity when devices aren’t directly reachable after switching to exit mode.

If this still leads to the connection dropping, let me know! There are additional workarounds that could be more device-specific or require configuring your AX88U’s routing tables directly to maintain SSH access.

 

[thanhnam1601]

Thanks for your comment, I am trying your suggestions as they are very helpful!

1. I put it in Custom Mode to run with UP command. It seems work the same as "set".
2. Using "--exit-node-allow-lan-access" help me to maintain the SSH, thank you!
3. IPv6 is disabled.
4. All running latest version 1.76.6
5. Other devices connect successfully without any ACL. Now I am wondering if I need to do anything with DNS for my VPS.

Still trying.

 

[Viktor Jaep]

I am opening this thread because I cannot comment in the original one.

Sorry about that... looks like it hit the 6-month mark... I've created a new TAILMON thread here:

TAILMON - TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (Now available in AMTM!)

TAILMON v1.0.20 Released July 27, 2024 First off – Wanted to give huge thanks to @jksmurf for lighting this fire… He opened my eyes to Tailscale and its capabilities, and only became natural to want to fullfill his wishes to create a formal installer/monitor for this valuable tool for others to...

www.snbforums.com

 

[thanhnam1601]

I see new error. Following the link provided in the error, is this the command I should use for all interfaces below in my AX88U? They are too many lol

sysctl -w net.ipv4.conf.eth0.rp_filter=2

# - Exit node misconfiguration: The following issues on your machine will likely make usage of exit nodes impossible: [
interface "dpsta" has strict reverse-path filtering enabled
interface "eth0" has strict reverse-path filtering enabled
interface "br0" has strict reverse-path filtering enabled
interface "imq2" has strict reverse-path filtering enabled
interface "ip_vti0" has strict reverse-path filtering enabled
interface "ip6_vti0" has strict reverse-path filtering enabled
interface "ip6tnl0" has strict reverse-path filtering enabled
interface "bcmsw" has strict reverse-path filtering enabled
interface "spu_us_dummy" has strict reverse-path filtering enabled
interface "ifb0" has strict reverse-path filtering enabled
interface "ifb1" has strict reverse-path filtering enabled
interface "imq0" has strict reverse-path filtering enabled
interface "bcmswlpbk0" has strict reverse-path filtering enabled
interface "spu_ds_dummy" has strict reverse-path filtering enabled
interface "imq1" has strict reverse-path filtering enabled
interface "sit0" has strict reverse-path filtering enabled
interface "eth1" has strict reverse-path filtering enabled
interface "eth2" has strict reverse-path filtering enabled
interface "eth3" has strict reverse-path filtering enabled
interface "eth4" has strict reverse-path filtering enabled
interface "eth5" has strict reverse-path filtering enabled
interface "eth6" has strict reverse-path filtering enabled
interface "eth7" has strict reverse-path filtering enabled


], please set rp_filter=2 instead of rp_filter=1;

see https://github.com/tailscale/tailscale/issues/3310