Tailscale and Asus Merlin Router

[Aidancov1]

Hi,

Im running Tailscale and Adguard on a RPi and am also using an Asus router. Everything is working with DDNS and gets updated correctly with my dynamic IP. When outside network I cannot connect to any devices using tailscale addresses, I have to use internal IP addresses from my Asus router. I dont have any ports forwarded as Tailscale says you shouldn't need to. I've setup a subnet on Tailscale for my RPi and made an exit node so all looks good. Am I missing something simple. Any help would be much appreciated.

Thanks

 

[ColinTaylor]

When outside network I cannot connect to any devices using tailscale addresses, I have to use internal IP addresses from my Asus router.

I don't understand what you mean by this. Your RPi has a tailscale address so what are the other tailscale addresses you're talking about?

 

[eibgrad]

If you want to access something w/ a Tailscale IP, that device has to be running Tailscale itself. But more typically, you only enable Tailscale on the router, then use it as a gateway to your other devices based on their local IPs.

 

[Aidancov1]

I don't understand what you mean by this. Your RPi has a tailscale address so what are the other tailscale addresses you're talking about?

Tailscale gives clients addresses in range starting 100.XXX.XXX.XXX. I have tailscale running on my Rpi, desktop and mobile. Apparently I should be able to use the 100 range addresses to connect to another device but it always says connection refused.

 

[ColinTaylor]

Works fine for me. How are you testing this connectivity?

 

[Aidancov1]

Works fine for me. How are you testing this connectivity?

Just to be clear. I havent installed Tailscale on my router. Im using my RPi as dns for network. I turn off wifi on mobile then connect to tailscale on my mobile 4G. Then try to connect to RPi with tailscales provided 100.xxx.xxx.xxx address or raspberrypi.tailXXXXts.net address and it doesnt connect.

 

[ColinTaylor]

Just to be clear. I havent installed Tailscale on my router. Im using my RPi as dns for network. I turn off wifi on mobile then connect to tailscale on my mobile 4G. Then try to connect to RPi with tailscales provided 100.xxx.xxx.xxx address or raspberrypi.tailXXXXts.net address and it doesnt connect.

That makes no sense because you said in post #1 "When outside network I cannot connect to any devices using tailscale addresses, I have to use internal IP addresses from my Asus router".

So if you "have to use internal IP addresses" that implies you are already connected to your LAN, either directly or via another VPN.

 

[Aidancov1]

I turn on Tailscale on my mobile so i am connected to tailscale network, then if I use 192.168.0.17 etc I can access devices, but not via any of the tailscale addresses.

 

[ColinTaylor]

This conversation appears to be going in circles.

How are you testing this connectivity?

 

[Aidancov1]

This conversation appears to be going in circles.

How are you testing this connectivity?

On my mobile using 4g I turn on Tailscale and input the internal ip of router or RPi and can access them. When I try to use Tailscale provided addresses it refuses to connect.

 

[ColinTaylor]

Can you ping the tailscale addresses of the RPi and Windows machines?

Your Asus router isn't running tailscale therefore it doesn't have a tailscale address!

 

[Aidancov1]

Can you ping the tailscale addresses of the RPi and Windows machines?

Your Asus router isn't running tailscale therefore it doesn't have a tailscale address!

Yes I can ping the Tailscale addresses just can’t connect to them.

 

[eibgrad]

Yes I can ping the Tailscale addresses just can’t connect to them.

Perhaps those device/apps are NOT listening on the Tailscale networtk interface, and/or there are personal firewall issues. We know the connectivity and routing works since ping works.

 

[ColinTaylor]

Perhaps those device/apps are NOT listening on the Tailscale networtk interface, and/or there are personal firewall issues. We know the connectivity and routing works since ping works.

This.

Other than the RPi what other tailscale devices have you tried to connect to? As far as I can see you only have one other device (in addition to your mobile), the Windows PC.

 

[Aidancov1]

This.

Other than the RPi what other tailscale devices have you tried to connect to? As far as I can see you only have one other device (in addition to your mobile), the Windows PC.

Yes I haven't connected any others as I wanted to gradually add more as I got it working correctly. As you said it may be due to ports not listening or firewall issues.

 

[Rajjco]

Tailscale gives clients addresses in range starting 100.XXX.XXX.XXX. I have tailscale running on my Rpi, desktop and mobile. Apparently I should be able to use the 100 range addresses to connect to another device but it always says connection refused.

You need to use Tailscale Serve to connect to other clients on your Tailnet network.
Here is the documentation on how to set it up:

Tailscale Serve · Tailscale Docs

Learn about the Tailscale Serve service.

tailscale.com

To connect from outside Tailnet you can use Funnel:

Tailscale Funnel · Tailscale Docs

Learn about the Tailscale Funnel service.

tailscale.com