Can't bring tailscale up on OpenWRT

SUPPORT QUESTIONS
1

Tailscale version 1.32.3
Your operating system & version OpenWRT 22.03.2

I’m trying to bring Tailscale up on an OpenWRT router - it used to work, but stopped and now I can’t get it to come up at all.

I installed tailscale and iptables-nft via opkg. I have tried uninstalling and reinstalling both with no change. When I do tailscale up it returns without any message, but tailscale status says:

# Health check:
#     - router: multiple errors:
	6 add route failures; first was: network is down
	adding [-m mark --mark 0x40000/0xff0000 -j MASQUERADE] in v4/nat/ts-postrouting: running [/usr/sbin/iptables -t nat -A ts-postrouting -m mark --mark 0x40000/0xff0000 -j MASQUERADE --wait]: exit status 2: iptables v1.8.7 (nf_tables): Chain 'MASQUERADE' does not exist

Any ideas on how to fix this? I have it working fine on a different OpenWRT router, and it used to work on this one.

1 Like
2

I am having the same issue. @clydeps did you find a path forward on this?

Model
Linksys MR8300 (Dallas)

Architecture
ARMv7 Processor rev 5 (v7l)

Target Platform
ipq40xx/generic

Firmware Version
OpenWrt 22.03.0 r19685-512e76967f / LuCI openwrt-22.03 branch git-22.245.77528-487e58a

Kernel Version
5.10.138

tailscale --version
1.32.3
  go version: go1.19.5
3

I have managed to get it working by using the install procedure from here. I can now access the router via tailscale but trying to access other devices on the subnet fails.

1 Like
4

I’m having the same issue on OpenWrt 22.03.0-rc6, r19590-042d558536.

Installed via instructions here: [OpenWrt Wiki] Tailscale

root@router:~# tailscale bugreport
BUG-6bc5822ee12918e78b0874b2f7087eba831362d21601d48798d00b6152be08e8-20230210054830Z-e0a16ba1a98ee62e

root@router:~# opkg info tailscale
Package: tailscale
Version: 1.32.3-1
Depends: libc, tailscaled
Status: install user installed
Section: net
Architecture: x86_64
Size: 4004922
Filename: tailscale_1.32.3-1_x86_64.ipk
Description: It creates a secure network between your servers, computers,
 and cloud instances. Even when separated by firewalls or subnets.
Installed-Time: 1673115370

root@router:~# opkg info iptables-nft
Package: iptables-nft
Version: 1.8.7-7
Depends: libc, kmod-ipt-core, xtables-nft
Provides: iptables
Status: install user installed
Section: net
Architecture: x86_64
Size: 1078
Filename: iptables-nft_1.8.7-7_x86_64.ipk
Description: Extra iptables nftables nft binaries.
 iptables-nft
 iptables-nft-restore
 iptables-nft-save
 iptables-translate
 iptables-restore-translate
Installed-Time: 1673115101

Cannot ping other devices in the tailnet nor is the openwrt device pingable. Have confirmed via tcpdump that packets are being received.

5

This appears to be caused by tailscale using iptables instead of nftables. 22.03.0 is the first version to use nftables natively. You can also validate this by looking for a banner at the top of https://router/cgi-bin/luci/admin/status/nftables

See: Tailscale not creating tables for NFTables · Issue #4086 · tailscale/tailscale · GitHub

6

I’ve updated instructions on the OpenWrt wiki.