What's new

TAILMON TAILMON v1.0.20 -July 27, 2024- WireGuard-based Tailscale Installer, Configurator and Monitor (THREAD #1 CLOSED)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

hi everyone, I am new to this forum and I actually would like to find a solution of a three routers access problem I had with VPN access(OpenVPN client and PPTP client). And i read about Tailmon and not sure if this will help me. (Asus AC87U router does not have wireguard, but TP Link AX55 has wireguard server)

Here is my situaion: I have three routers in my home network, TP Link AX 55 connected to cable modem and internet with an USB drive 1, TP Link AX23 connected as a mesh node of TP Link AX 55, Asus AC87U lan port to lan port connected to TP Link AX 55 and disabled NAT DHCP DNS etc. Asus AC87U attached an USB Drive 2

I have TP link enabled with pptp and openvpn server. When I am on home network (either on wifi or wire of TP Link or Asus), I can access Asus USB drive and AX 55 usb drive. But when I am outside the network, I used VPN (either PPTP and OpenVPN client) back to TP Link, I cannot access Asus USB drive but can access TP Link AX 55 USB drive) Is there a way to config the routers to make it work. I researched a lot about this, some say using port forwarding and lan route, but I have no luck with any of these. Please advise, thanks in advance.
 
I have three routers in my home network, TP Link AX 55 connected to cable modem and internet with an USB drive 1, TP Link AX23 connected as a mesh node of TP Link AX 55, Asus AC87U
Hi and welcome to the forums.

Given your routers are a combination of ASUS and non-ASUS Routers I think your question might find more results in the Other LAN and WAN forum, maybe @Viktor Jaep or a moderator can move it there.

As regards TAILMON, it needs to be on an ASUS Router supported by ASUS Merlin. Your ASUS AC87U Router was previously supported, but is no longer. The last Merlin FW was 384.13_10. If it runs amtm then I believe TAILMON could still be installed on it.

I am not familiar enough with networks to answer your question directly, but I am not sure if putting TAILMON on the ASUS, (which appears to just be acting as an AP?) is really a solution for you. I believe you don’t really need Tailscale on all devices on your network as long as you can access your LAN from outside and as you are using OpenVPN to connect to the TPLink, you seem to be able to do this. Tailscale and OpenVPN are different VPNs in any case.

If your only issue is that you cannot access the USB on the ASUS externally (but OK internally if I understand it correctly), it may be that it is a Shares or Permissions issue? If it is in AP mode you will not be able to access a USB attached to the AP according to this thread.

Maybe have a look at these links below, there’s some suggestions under OpenVPN you access it by it’s IP address not by the share name.

Sorry I cannot be more help, it’s not really an issue I know anything about. I’m pretty sure you don’t need TAILMON to fix your issue.

HTH




 
Last edited:
Wow, that's pretty crazy... what are your thoughts on this FAQ? Are you seeing any issues?

Can I use headscale and tailscale on the same machine?

Running headscale on a machine that is also in the tailnet can cause problems with subnet routers, traffic relay nodes, and MagicDNS. It might work, but it is not supported.

Didnt notice any issues so far. Both my deployment variants have headscale running on a host thats also a member of the tailnet. I dont really use magicdns and exit nodes that much, but from my limited testing it all seemd to work as intended. Basic routing definitely works without problems, as I have a lot of traffic flowing through the tailnet constantly.
 
Tailscale users, maybe you can help me with this?

It occurred to me that I maybe should change my ufw firewall rules on my Raspberry Pi machines to include Tailscale IP addresses? (100.64.x.y)

However, I noticed something strange when logging into several devices from my MacBook Air outside my house to devices inside my house. When logged in via SSH, I use this command to check the IP address:

Code:
echo $SSH_CLIENT

These are the results:
  • MacBook Air -> router: 100.64.x.y
  • MacBook Air -> (any) Pi: 192.168.1.1 (my router's IP address on the local network)
Why does the router report a Tailscale address, but the Pi a local address? (And not of the MBA, but of the router?)

And (a bit unrelated): I'm still allowing external SSH into my devices. Is using Tailscale (only) instead safer?

(SSH with public/private keys, not passwords)
 
This is maybe a dumb question but is there any advantage for me to run TailMon on my Router, if I already have a Mac mini and a synology running Tailscale Subnet? all Im seeing for Me is downsides of higher CPU load on my router, another device to make sure is updated, and potential crashes that could take my router down, and therefore most of my Tailscale network. I certainly see in some instances where this would be perfect, but am I missing something?
 
This is maybe a dumb question but is there any advantage for me to run TailMon on my Router, if I already have a Mac mini and a synology running Tailscale Subnet? all Im seeing for Me is downsides of higher CPU load on my router, another device to make sure is updated, and potential crashes that could take my router down, and therefore most of my Tailscale network. I certainly see in some instances where this would be perfect, but am I missing something?
The great advantage is that all the devices connected to your subnet router will effectively be on your Tailscale network (and not only your mac mini and synology). I use it to remotely access my firestick, my modem router, my WiFi access points, my security camera my TV tuner and alll other clients that cannot have Tailscale installed on them or do not have cloud access otherwise.
 
The great advantage is that all the devices connected to your subnet router will effectively be on your Tailscale network (and not only your mac mini and synology). I use it to remotely access my firestick, my modem router, my WiFi access points, my security camera my TV tuner and alll other clients that cannot have Tailscale installed on them or do not have cloud access otherwise.
I think the OP, who has asked an excellent question, already has his Synology device set up as a subnet router, so AFAIK, that device could act as the means to access other devices (and to bypass CGNAT). This is what I did in my first foray into Tailscale (TS), setting up an RPi. It runs Tailscale natively, so ostensibly fewer performance issues.

You can also designate the Synology as an exit node.

For me putting it on the Asus Router was for reasons of simplicity, an all in one device (that does all the routing) and for those with TS on a travel router (like my GLiNET Beryl AX), absolutely it makes sense; but ASUS does not really make travel routers.

So as I said, it’s actually a good question, that was asked on a Reddit post some time ago. I am no expert but do not believe any of the answers there nail down definitely what advantages it has. I am hoping @ColinTaylor or @Viktor Jaep can throw some light on it.

I have used Tailscale SSH and the Taildrop features of Tailscale and they are pretty cool directly on the Router.

k.
 
Last edited:
Sorry missed the Synology as a subnet. Not wishing to stray off here but how can a NAS drive act as a subnet router (when it is in fact not a router)? Your learn something new everyday.
 
I think the OP, who has asked an excellent question, already has his Synology device set up as a subnet router, so AFAIK, that device could act as the means to access other devices (and to bypass CGNAT)? This is what I did in my first foray into Tailscale (TS), setting up an RPi. It runs Tailscale natively, so ostensibly fewer performance issues.

You can also designate the Synology as an exit node.

For me putting it on the Asus Router was for reasons of simplicity, an all in one device (that does all the routing) and for those with TS on a travel router (like my GLiNET Beryl AX), absolutely it makes sense; but ASUS does not really make travel routers.

So as I said, it’s actually a good question, that was asked on a Reddit post some time ago. I am no expert but do not believe any of the answers there nail down definitely what advantages it has. I am hoping @ColinTaylor or @Viktor Jaep can throw some light on it.

I have used Tailscale SSH and the Taildrop features of Tailscale and they are pretty cool directly on the Router.

k.
I would say, it would probably also add for some redundancy... if the synology went down for some reason, being able to access other devices through your router would be the way to go, or to try to remotely troubleshoot the synology.
 
Sorry missed the Synology as a subnet. Not wishing to stray off here but how can a NAS drive act as a subnet router (when it is in fact not a router)? Your learn something new everyday.
I believe Synology has it's own OS based on Linux, so I’m guessing it uses a similar approach to an RPi or other Linux device.

Here’s the thing that I find very neat though, is that you can configure an Apple TV (IOS17 up) running the Tailscale App, as a subnet router. I use this as a backup and just enable the subnet router capability if I need it (if fhe Router is down).

I’m not sure how it performs speed wise compared to a native kernel but I’m sure it’s enough.

Doesn’t answer the OPs question though :).
 
I switched both to kernel mode to no avail. I also deactivated the exit node (I only use it on demand, each network should use its own local internet and I only want the devices to have interconnectivity). Could it be that tailmon is blocking me from changing the setting with tailscale set command? When I tried to deactivate exit node with set --advertise-exit-node=false didn’t change the connection command line in tailmon until I set the option for exit node inside tailmon to no.

View attachment 59099
An update to my issue. I gave up since our last conversation and I had a try again today. I had a regular wireguard server setting on my local router and client setting on the remote router. I tried this time and deactivated both and now Tailscale is working as it should be.
 
I think the OP, who has asked an excellent question, already has his Synology device set up as a subnet router, so AFAIK, that device could act as the means to access other devices (and to bypass CGNAT). This is what I did in my first foray into Tailscale (TS), setting up an RPi. It runs Tailscale natively, so ostensibly fewer performance issues.

You can also designate the Synology as an exit node.

For me putting it on the Asus Router was for reasons of simplicity, an all in one device (that does all the routing) and for those with TS on a travel router (like my GLiNET Beryl AX), absolutely it makes sense; but ASUS does not really make travel routers.

So as I said, it’s actually a good question, that was asked on a Reddit post some time ago. I am no expert but do not believe any of the answers there nail down definitely what advantages it has. I am hoping @ColinTaylor or @Viktor Jaep can throw some light on it.

I have used Tailscale SSH and the Taildrop features of Tailscale and they are pretty cool directly on the Router.

k.
Correct, I already have TS running a subnet and exit node on both Synology NAS and Mac mini, so redundancy also covered, as are all my cameras and devices I need to access from within the LAN. which is why I was wondering, other than adding additional work load to my router CPU, is there any Killer app to this that Im missing. Doesnt sound like it. I understand for people without spare desktops or NAS, allowing a Subnet /access to the LAN from the router is a huge win.
 

Similar threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top