Tutorial **Tailscale On Merlin**

[jksmurf]

Just an update with some tailscaled logs that I found in var/lib/tailscale, maybe these will help diagnose the issue with my and Aiadi's installs on aaarch64.

I repeated the process today as well, so there are two logs. There's a few errors like these:

Couldn't load target `ts-forward':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information"​

Couldn't load target `ts-postrouting':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\n"​

Couldn't load target `ts-input':No such file or directory\n\nTry `ip6tables -h' or 'ip6tables --help' for more information.\n"​

.​

.​

cleanup: list tables: netlink receive: invalid argument\n"​

wgengine.NewUserspaceEngine(tun \"tailscale0\") error: tstun.New(\"tailscale0\"): CreateTUN(\"tailscale0\") failed; /dev/net/tun does not exist\n"​

getLocalBackend error: createEngine: tstun.New(\"tailscale0\"): CreateTUN(\"tailscale0\") failed; /dev/net/tun does not exist\n"​

Note that as above, where I discovered I could not access the WebGUI, or SSH in via Putty or WinSCP at all, was just locked out, then switched off the Router, it came up and I could log in, but now Tailscale was not running, it seems that toggling the setting from 'Connected' to 'Disconnect' in the Tailscale on my Windows Desktop allows me log in to my Router again (after the reboot). I am not sure if this helps but it is an observation at least.

@JA93, with all due respect, do you think there's any mileage in having a look at why RandomUser777 changed the ARGS line in S06tailscaled to what he did?

Googling "/dev/net/tun does not exist" "tailscale" throws up quite a few sites, some which say 'create' the /dev/net/tun dir and others such as this one https://blog.rmtph.one/posts/Tailscale_at_home/ which is way over my head sorry.

However I found this next bit interesting, where Tailscale's own website notes "Alternatively, if you don't want to grant /dev/tun access, you can use userspace networking mode which avoids the need for any administrative access at all".

Looking at https://tailscale.com/kb/1112/userspace-networking it has a statement:

# Extra flags you might want to pass to tailscaled.
FLAGS="--tun=userspace-networking"

I might be way off base here, but it seems a (little bit) similar to what RandomUser777 used in ARGS in s06tailscaled?

 

[JA93]

Just an update with some tailscaled logs that I found in var/lib/tailscale, maybe these will help diagnose the issue with my and Aiadi's installs on aaarch64.

I repeated the process today as well, so there are two logs. There's a few errors like these:

Couldn't load target `ts-forward':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information"​

Couldn't load target `ts-postrouting':No such file or directory\n\nTry `iptables -h' or 'iptables --help' for more information.\n"​

Couldn't load target `ts-input':No such file or directory\n\nTry `ip6tables -h' or 'ip6tables --help' for more information.\n"​

.​

.​

cleanup: list tables: netlink receive: invalid argument\n"​

wgengine.NewUserspaceEngine(tun \"tailscale0\") error: tstun.New(\"tailscale0\"): CreateTUN(\"tailscale0\") failed; /dev/net/tun does not exist\n"​

getLocalBackend error: createEngine: tstun.New(\"tailscale0\"): CreateTUN(\"tailscale0\") failed; /dev/net/tun does not exist\n"​

Note that as above, where I discovered I could not access the WebGUI, or SSH in via Putty or WinSCP at all, was just locked out, then switched off the Router, it came up and I could log in, but now Tailscale was not running, it seems that toggling the setting from 'Connected' to 'Disconnect' in the Tailscale on my Windows Desktop allows me log in to my Router again (after the reboot). I am not sure if this helps but is its an observation at least.

@JA93, with all due respect, do you think there's any mileage in having a look at why RandomUser777 changed the ARGS line in S06tailscaled to what he did?

Googling "/dev/net/tun does not exist" "tailscale" throws up quite a few sites, some which say 'create' the /dev/net/tun dir and others such as this one https://blog.rmtph.one/posts/Tailscale_at_home/ which is way over my head sorry.

However I found this next bit interesting, where Tailscale's own website notes "Alternatively, if you don't want to grant /dev/tun access, you can use userspace networking mode which avoids the need for any administrative access at all".

Looking at https://tailscale.com/kb/1112/userspace-networking it has a statement:

# Extra flags you might want to pass to tailscaled.
FLAGS="--tun=userspace-networking"

I might be way off base here, but it seems a (little bit) similar to what RandomUser777 used in ARGS in s06tailscaled?

Okay I'll take a look as soon as I can. I assumed that Entware package of Tailscale for aarch64 worked out of box...

 

[JA93]

I compiled nohf (no hardware floating-point) for aarch64, you can test and give feedback:

https://github.com/bobanilic/MerlinScale/releases/download/1.64.0/tailscale_nohf_1.64.0_aarch64-3.10.ipk

After installing update permissions:
chmod 755 /opt/bin/tailscale
chmod 755 /opt/bin/tailscaled

PS
To uninstall old tailscale:
opkg remove tailscale
And if you want to unisntall tailscale_nohf:
opkg remove tailscale_nohf

 

[ColinTaylor]

Can you remind me why any of this is necessary?

I've just installed tailscale for the first time using the normal Entware version and it just works out of the box.

 

[JA93]

Can you remind me why any of this is necessary?

I've just installed tailscale for the first time using the normal Entware version and it just works out of the box.

For my router arch tailscale version is 1.46 and for myself I updated to latest stable. I had good will and updated for the rest arch, however some people still have issue setting it up. This is my pure good will of sharing, not a necessity.

 

[Aiadi]

Can you remind me why any of this is necessary?

I've just installed tailscale for the first time using the normal Entware version and it just works out of the box.

Are you able to please post step by step instructions as to how you'd managed that? Is the subnet routing option working properly and is the process surviving router reboots?

 

[ColinTaylor]

Are you able to please post step by step instructions as to how you'd managed that? Is the subnet routing option working properly and is the process surviving router reboots?

That all appears to be working as far as I can tell. Most of the time is spent creating an account, using the tailscale console and installing clients on other devices (e.g. phones). The router side of things took less than a minute. If there's a particular issue you want me to test let me know as I'm new to this software.

1. Install tailscale

# opkg install tailscale
Installing tailscale (1.58.2-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/tailscale_1.58.2-1_aarch64-3.10.ipk
Installing ca-bundle (20230311-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/ca-bundle_20230311-1_all.ipk
Configuring ca-bundle.
Configuring tailscale.

UPDATE: The default tailscale kernel mode may be incompatible with certain Merlin addons and features. To avoid these problems I suggest you make the following changes in /opt/etc/init.d/S06tailscaled.

ARGS="--tun=userspace-networking --state=/opt/var/tailscaled.state"
PREARGS="nohup"

2. Start tailscale (or reboot router)

# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.

3. Configure tailscale as an exit node and subnet router (then enable those options in the console). This is a one-time task.

# tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24

To authenticate, visit:

        https://login.tailscale.com/a/29ce323012ea8

Success.

4. Updating tailscale. I strongly recommend you don't do this as it's unnecessary and may lead to problems in the future. I've already put in a request with Entware for them to update their package.

# tailscale update
This will update Tailscale from 1.58 to 1.64.0. Continue? [y/n] y
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.64.0_arm64.tgz"
Download size: 25751613
Downloaded 8720/25751613 (0.0%)
Downloaded 25751613/25751613 (100.0%)
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.64.0_arm64.tgz.sig"
Signature OK
Extracting "/root/.cache/tailscale-update/tailscale_1.64.0_arm64.tgz"
Updated /tmp/mnt/TOSHIBA1/entware/bin/tailscale
Updated /tmp/mnt/TOSHIBA1/entware/bin/tailscaled
Tailscale binaries updated successfully.
Please restart tailscaled to finish the update.

# /opt/etc/init.d/S06tailscaled restart
 Shutting down tailscaled...              done.
 Starting tailscaled...              done.

 

[ColinTaylor]

For my router arch tailscale version is 1.46 and for myself I updated to latest stable. I had good will and updated for the rest arch, however some people still have issue setting it up. This is my pure good will of sharing, not a necessity.

Ah yes, I remember now. You're running Merlin on an unsupported router.

 

[kuki68ster]

That all appears to be working as far as I can tell. Most of the time is spent creating an account, using the tailscale console and installing clients on other devices (e.g. phones). The router side of things took less than a minute. If there's a particular issue you want me to test let me know as I'm new to this software.

1. Install tailscale

# opkg install tailscale
Installing tailscale (1.58.2-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/tailscale_1.58.2-1_aarch64-3.10.ipk
Installing ca-bundle (20230311-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/ca-bundle_20230311-1_all.ipk
Configuring ca-bundle.
Configuring tailscale.

2. Start tailscale (or reboot router)

# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.

3. Configure tailscale as a subnet router (then enable subnet in console). This is a one-time task.

# tailscale up --advertise-routes=192.168.1.0/24

To authenticate, visit:

        https://login.tailscale.com/a/29ce323012ea8

Success.

4. Optionally update tailscale. I suggest you don't do this as it's unnecessary and I've already put in a request with Entware for them to update their package.

# tailscale update
This will update Tailscale from 1.58 to 1.64.0. Continue? [y/n] y
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.64.0_arm64.tgz"
Download size: 25751613
Downloaded 8720/25751613 (0.0%)
Downloaded 25751613/25751613 (100.0%)
Downloading "https://pkgs.tailscale.com/stable/tailscale_1.64.0_arm64.tgz.sig"
Signature OK
Extracting "/root/.cache/tailscale-update/tailscale_1.64.0_arm64.tgz"
Updated /tmp/mnt/TOSHIBA1/entware/bin/tailscale
Updated /tmp/mnt/TOSHIBA1/entware/bin/tailscaled
Tailscale binaries updated successfully.
Please restart tailscaled to finish the update.

# /opt/etc/init.d/S06tailscaled restart
 Shutting down tailscaled...              done.
 Starting tailscaled...              done.

Hi there,

Following your instructions, I was able to setup tailscale on my Asus router… Thank You.

Just 2 questions:

If I reboot the router, will tailscale auto — start?

How do I setup the tailscale on my router has an exit node?

Again, thanks for the instructions…

 

[ColinTaylor]

If I reboot the router, will tailscale auto — start?

It should do if Entware is installed properly.

How do I setup the tailscale on my router has an exit node?

I hadn't tried that. I've just done it now following the instructions on the tailscale website and it works OK.

tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24

As per their instructions, I then had to enable the exit node for the router in the console and also configure each client device to use it.

I've updated my previous post to include the exit node option.

 

[kuki68ster]

It should do if Entware is installed properly.


I hadn't tried that. I've just done it now following the instructions on the tailscale website and it works OK.

tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24

As per their instructions, I then had to enable the exit node for the router in the console and also configure each client device to use it.

Got it to work, just had to run this command:

tailscale up --advertise-exit-node --advertise-routes=192.168.XX.0/24

 

[jksmurf]

Can you remind me why any of this is necessary?

I've just installed tailscale for the first time using the normal Entware version and it just works out of the box.

First off a shoutout to @JA93 who has genuinely been trying to make an easy-install option for those of us who need more detailed instructions. He mentioned goodwill and I believe that is the ethos of the forum. Thank you very much @JA93 for giving it a try.

Second, the reason @ColinTaylor why 'any of this was necessary' is that until you had simply gone and done it here (and I am gobsmacked by your simplicity in doing so, thank you for that), some folks actually tried installing it using Entware as early as late 2022, but without success. I do not know what changed in Entware or Tailscale (or the way folks were trying to make it work) between Nov 2022 to make it work now, but it is great that it does (my own failed attempt aside).

That thread continued with @RandomUser777 making a successful 'install' using some cutom ARGS in S06tailscaled, so a few of us used that approach and subsequently asked for help to put it into amtm, which @thelonelycoder advised he would support if it was coded. I am hoping @Viktor Jaep or someone will do this.

So whilst I was doing my best to be the squeaky wheel, those of us who needed more detailed instructions were blissfully aware it 'works out of the box'.

So thank you very much for doing this, it is a very elegant approach from something that's already built it; I look forward to some kind person getting into amtm as a script once its been established as broadly working.

 

[jksmurf]

If there's a particular issue you want me to test let me know as I'm new to this software.

Hi Colin unfortunately my system seems to have a particular issue;
TLDR, it appears to install OK (with hiccups as below), but does not show as Connected (green dot) in the Tailscale admin (and it disconnects).
It used to stay connected.

I uninstalled and reinstalled entware to make sure I was starting from the same point as you.
It installed OK, started initially, then hiccuped at the 'advertise routes' line until I restarted /opt/etc/init.d/S06tailscaled start.

xxxxxxx@RT-AX86U:/tmp/home/root# opkg install tailscale
Installing tailscale (1.58.2-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/tailscale_1.58.2-1_aarch64-3.10.ipk
Installing ca-bundle (20230311-1) to root...
Downloading https://bin.entware.net/aarch64-k3.10/ca-bundle_20230311-1_all.ipk
Configuring ca-bundle.
Configuring tailscale.

xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.

xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up --advertise-routes=192.168.9.0/24
failed to connect to local tailscaled; it doesn't appear to be running
xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up --advertise-routes=192.168.9.0/24
failed to connect to local tailscaled; it doesn't appear to be running

Here I had to run /opt/etc/init.d/S06tailscaled start again to get the advertise routes line to work and give me the one-off authentication line

xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.

xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up --advertise-routes=192.168.9.0/24

To authenticate, visit:

        https://login.tailscale.com/a/xxxxxxxxxxx

So per the pic I have added the Node to my subnet (I removed the old one to be sure I was starting from scratch) but it does not seem to be connected and it actually stops running?

xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up

failed to connect to local tailscaled; it doesn't appear to be running

xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled restart
 Starting tailscaled...              done.

This was after reboot (did not restart it until I issued /opt/etc/init.d/S06tailscaled start)

ASUSWRT-Merlin RT-AX86U 3004.388.7_alpha2-g90b483050e Sat Apr 13 16:05:49 UTC 2024
xxxxxxx@RT-AX86U:/tmp/home/root#  /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              dead.
xxxxxxx@RT-AX86U:/tmp/home/root#
xxxxxxx@RT-AX86U:/tmp/home/root#  /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.
xxxxxxx@RT-AX86U:/tmp/home/root#  /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              alive.
xxxxxxx@RT-AX86U:/tmp/home/root#

I also tried it with accept routes (which is what I did in previous installs, it just adds the subnet I believe)

tailscale up --accept-routes --advertise-routes=192.168.9.0/24

but no dice there either.

I have not tried to update it to 1.64.0 as you noted this was optional in any case and 1.58.2.--1 should work for this trial.

Wondering if this is particular to the RT-AX86U or just my system.

I looked in tailscaled.log1.txt and tailscaled.log2.txt in /tmp/home/root/.cache/Tailscale but they are empty.

[EDIT] Tried just tailscale up, made me authenticate yet again
xxxxxxx

@RT-AX86U:/tmp/home/root# tailscale up

To authenticate, visit:

        https://login.tailscale.com/a/xxxxxxxxxxxx

Success.

And this time the green connected dot appears; then disappears again.

@RT-AX86U:/tmp/home/root#  /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              dead.

 

[ColinTaylor]

Looking back at that post from 2022 it looks like he got it working out of the box just like me. The only issue he said he had was with DNS which is not surprising and something I was about to test.

I guess something broke after 2022. Some of the subsequent instructions appear to be targeted at other platforms, like Ubuntu or OpenWRT. At the moment I've only tried some simple tests with my phone connecting over 5G to my router's LAN. I'm sure there are more complex scenarios that people are maybe using.

 

[ColinTaylor]

I looked in tailscaled.log1.txt and tailscaled.log2.txt in /tmp/home/root/.cache/Tailscale but they are empty.

I don't have that directory at all. My log files are in /opt/var/lib/tailscale. I did find some older files of the same name in /var/lib/tailscale which I suspect are from when I was running the updated version. I doubt the version it downloaded from tailscale's website is 100% compatible with asuswrt which is why I recommended not updating to it.

My guess is that you've still got some remanets of an old install somewhere. When you uninstalled Entware did you delete the entire entware directory on the USB drive? What about modifications to jffs files?

I suggest you delete these directories if you have them:

/var/run/tailscale
/var/lib/tailscale

 

[jksmurf]

I don't have that directory at all. My log files are in /opt/var/lib/tailscale. I did find some older files of the same name in /var/lib/tailscale which I suspect are from when I was running the updated version. I doubt the version it downloaded from tailscale's website is 100% compatible with asuswrt which is why I recommended not updating to it.

OK. They seem to be logging there though.
I did not update (although it had run well in my previous install).

My guess is that you've still got some remanets of an old install somewhere. When you uninstalled Entware did you delete the entire entware directory on the USB drive?

I used amtm's ep script to remove entware. I was assuming it would kill it off completely. I then reinstalled it via amtm.
I will try the whole thing over but delete that dir as well.

What about modifications to jffs files?

Sorry, I am not sure about these. I have not actively modified these as far as I know. amtm, Diversion and MerlinAU show under jffs/addons.
Under jffs/scripts I had previously only edited services-start and firewall-start but services-start now has just

#!/bin/sh
/jffs/addons/amtm/shellhistory # Added by amtm
[ -f /jffs/scripts/MerlinAU.sh ] && sh /jffs/scripts/MerlinAU.sh addCronJob &  #Added by MerlinAU#

and firewall-start is empty

#!/bin/sh

I suggest you delete these directories if you have them:

/var/run/tailscale
/var/lib/tailscale

I do not have this dir:

/var/run/tailscale

I do not have this dir:

/var/lib/tailscale

 

[JA93]

Here's tutorial

 

[jksmurf]

I will try the whole thing over but delete that dir as well.

Tried this and deleted everything Tailscale related I could find, rebooted a couple of times in between but same result on the install.

Installs, (but takes a couple of attempts to get the login), runs with green connected dot, then as soon as I exit the Putty screen, it stops.

Can restart and get the connected dot back if I do this:

ASUSWRT-Merlin RT-AX86U 3004.388.7_alpha2-g90b483050e Sat Apr 13 16:05:49 UTC 20     24
xxxxxxx@RT-AX86U:/tmp/home/root# tailscale status
failed to connect to local tailscaled; it doesn't appear to be running
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              dead.
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.
xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              alive.
xxxxxxx@RT-AX86U:/tmp/home/root#

Seems like it has a flaky connection that just won't stay connected.

I still have /tmp/home/root/.cache/Tailscale coming up, so must be something amiss if your Dir is where the logs should be.

When installing again, I get prompted to install entware here /tmp/mnt/DIVEXT4/entware do you think this legacy install of entware is the issue with dirs?

I guess I will have to go brute force on a total Router Reset and a USB Disk Format and try again.
Needs some time as family is complaining a wee bit ... ;-)

 

[kuki68ster]

Tried this and deleted everything Tailscale related I could find, rebooted a couple of times in between but same result on the install.
Installs, (but takes a couple of attempts to get the login), runs with green connected dot, then as soon as I exit the Putty screen, it stops.

Can restart and get the connected dot back if I do this:

ASUSWRT-Merlin RT-AX86U 3004.388.7_alpha2-g90b483050e Sat Apr 13 16:05:49 UTC 20     24
xxxxxxx@RT-AX86U:/tmp/home/root# tailscale status
failed to connect to local tailscaled; it doesn't appear to be running
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              dead.
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled start
 Starting tailscaled...              done.
xxxxxxx@RT-AX86U:/tmp/home/root# tailscale up
xxxxxxx@RT-AX86U:/tmp/home/root# /opt/etc/init.d/S06tailscaled check
 Checking tailscaled...              alive.
xxxxxxx@RT-AX86U:/tmp/home/root#

Seems like it has a flaky connection that just won't stay connected.

I still have /tmp/home/root/.cache/Tailscale coming up, so must be something amiss if your Dir is where the logs should be.

When installing again, I get prompted to install entware here /tmp/mnt/DIVEXT4/entware do you think this legacy install of entware is the issue with dirs?

I gyess I I will have to go brute force on a total Router Reset and a USB Disk Format and try again.
Needs some time as family is complaining a wee bit ... ;-)

I can report the same issue…

Installed as per instruction, but in a few minutes the connected dot goes gray…

 

[JA93]

I can report the same issue…

Installed as per instruction, but in a few minutes the connected dot goes gray…

Did you try nohf? I compiled that yday just for you bois.

https://github.com/bobanilic/MerlinScale/releases/download/1.64.0/tailscale_nohf_1.64.0_aarch64-3.10.ipk