What's new

TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Running into a few kinks and I can’t quite figure out why.

Prior to having Tailscale on my AX86U via TAILMON, I ran subnet routes through one of my Tailscale-enabled Raspberry Pis, primarily for the purpose of accessing my router and a few RPi-based servers when outside my home. Everything seemed to work great.

But now that I’m running the subnet routes directly from the Tailscale-enabled AX86U, I can’t seem to access the RPis at their local IP addresses when outside the home. I’m using the same flags I’ve always used on the Raspberry Pi (--accept-dns=false --advertise-routes=192.168.50.0/24), and the subnet routes have been approved in the Tailscale console.

Not sure what the issue is.
try adding --advertise-exit-node
 
Not really my field, but have you tried adding the --snat-subnet-routes=false option to both your subnet routers; although it did not seem to help the OP in that thread, sorry.

Thanks for info but it was not working either.

t3.jpg
 
@darkj2k In your first screenshot --accept-routes=true was not set, presumably because you tried to add it after having already installed tailscale. I suggest you set it manually from the command line of each router:
Code:
tailscale set --accept-routes=true

Did you read the information I linked to regarding stateful filtering? If you're using version 1.66 or later and want LAN clients to connect to the other network you need to set --stateful-filtering=false.

If it still doesn't work I suggest you uninstall tailscale from both routers and then reinstall it afresh. This time do not update the version of tailscale. See if that makes a difference.
 
Last edited:
A) Did you approve the subnet routes within the tailscale console web page?

B) How are you trying to access your devices, via IP or hostnames or FQDN?

Yes, subnet routes are approved in the console.

I’m attempting accces via SSH and local IP addresses, which I’ve never had an issue with when using the RPi as the subnet router.

try adding --advertise-exit-node

I first wanted to try to replicate exactly the settings I had with my RPi, per the description in my post.

I’ve since tried adding an exit node flag in the router, but still having the same issue as described.

Interestingly, when I revert to using the RPi advertised routes and turn off the router-advertised routes, I can still connect to the router’s Tailnet IP from inside the home network using a device that is at that moment not connected to the Tailnet.

I cannot do that same thing using the RPis’ Tailnet IP addresses.
 
Last edited:
Yes, subnet routes are approved in the console.

I’m attempting accces via SSH and local IP addresses, which I’ve never had an issue with when using the RPi as the subnet router.



I first wanted to try to replicate exactly the settings I had with my RPi, per the description in my post.

I’ve since tried adding an exit node flag in the router, but still having the same issue as described.

Interestingly, when I revert to using the RPi advertised routes and turn off the router-advertised routes, I can still connect to the router’s Tailnet IP from inside the home network using a device that is at that moment not connected to the Tailnet.

I cannot do that same thing using the RPis’ Tailnet IP addresses.
Have you checked your firewall rules on the RPi devices?

sudo ufw status numbered
 
Interestingly, when I revert to using the RPi advertised routes and turn off the router-advertised routes, I can still connect to the router’s Tailnet IP from inside the home network using a device that is at that moment not connected to the Tailnet.
This is to be expected. Tailscale is still running on the router. Devices on your LAN are using the router as their default gateway therefore they can reach its Tailnet IP address.

I cannot do that same thing using the RPis’ Tailnet IP addresses.
Again, expected behaviour. Your Pi is not acting as a router for your LAN.
 
I’ve now switched to Userspace Mode using the subnet and exit node options and everything works as expected.
For some reason I've always have had better luck with userspace mode myself... glad you got it working!
 
I’ve now switched to Userspace Mode using the subnet and exit node options and everything works as expected.
Good pickup. So if you keep everything the same and just switch one thing, Userspace mode to to Kernel mode (only), it fails (and is repeatable) to produce the connectivity you were after? Interesting catch!
 
I’ve now switched to Userspace Mode using the subnet and exit node options and everything works as expected.
Good find indeed. Must admit have only configured I. userspace mode and my ask is similar to your own, and therefore I didn't recognise this failure

Good job on finding a solution
 
So if you keep everything the same and just switch one thing, Userspace mode to to Kernel mode (only), it fails (and is repeatable) to produce the connectivity you were after?
I'd also be interested in the answer to this @phneeley. Are you using QoS or AiProtection?
 
I don’t have enough technical know-how to explain why things seem to be working fine in Userspace mode vs Custom mode. Apart from advertising routes and the exit node (both used in both modes), the only additional flag I was attempting to run in Custom mode was --accept-dns=false.

I have QoS and AiProtection both enabled.
 
Last edited:
Jeez... I feel bad for those who have to manage a large Tailscale network with thousands of devices... wonder if they have any auto update functionality, or ways to push updates. These updates seem to be coming fast one after another... Yeah, me on my little 5 device tailnet is COMPLAINING. LOL

1715817373729.png
 
I don’t have enough technical know-how to explain why things seem to be working fine in Userspace mode vs Custom mode. Apart from advertising routes and the exit node (both used in both modes), the only additional flag I was attempting to run in Custom mode was --accept-dns=false.

I have QoS and AiProtection both enabled.
No problem there with technical nous, was just seeing if you could, with ALL your current settings under userspace mode, make the change to kernel mode and see if it fails, thus confirming it is a mode change that makes it go TU. Thanks 🙏
 

Auto updates … recommended … :)
Read further:

Auto-updates

Tailscale can automatically apply client updates as they are released. To apply the update, the same mechanism is used during the initial client installation. For example, if the client was installed using a Linux package manager, that package manager will be used to upgrade the installed package.
In other words - Entware package updates. Except in reality using tailscale update bypasses this method. Go figure.
 
Read further:

In other words - Entware package updates. Except in reality using tailscale update bypasses this method. Go figure.
Yeah, that's basically what I had to do... ;) Ubuntu went automatically. Windows was automatic. The routers require manual intervention. No biggie. I'm just a big complainer. ;)
 
No biggie. I'm just a big complainer.
Haha maybe you or @ColinTaylor can raise a ticket on Tailscales GitHub. Maybe other Arch Linux users (GLiNET, Openwrt?) have a similar issue and it’ll gain traction (unless someone already complained..)
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top