Use case: I have a work computer that I can’t install Tailscale directly on but want to use Tailscale at the OpenWrt router level to route all traffic of non-Tailscale devices on this router on the client side to a Linux exit node server that I have located at another location.
The problem: When I use the exit node using a device that has Tailscale installed directly, it works flawlessly. The real problem that I’m running into is on the client side trying to get the IP of devices that are not running Tailscale but connected to the OpenWrt router to work properly. I have Tailscale installed on my OpenWrt router and have it configured as a subnet router. I am running this command:
tailscale up --advertise-routes=192.168.1.0/24 --netfilter-mode=off --exit-node=100.xxx.xxx.xxx --exit-node-allow-lan-access=true
For context for the Netfilter, according to this OpenWrt documentation you have to do this with Tailscale and OpenWrt.
When I check my IP of a non-Tailscale device that is connected to the OpenWrt router, when I check the what is my IP address website on the exit node vs. on the client non-Tailscale device, it seems to show the IPv4 as matching the IPv4 of the exit node, but the IPv6 is different and it show the client side ISP and location and not the exit node ISP and location. I enabled IPv4 and IPv6. What is it that I’m doing wrong here? I have a feeling that it’s something OpenWrt firewall related that I’m not doing correctly, I am a novice and am trying to teach myself this stuff as I go. I added the interface and the firewall zone in Luci as mentioned here: [OpenWrt Wiki] Tailscale
I don’t know if I have to add any exit node IP here or not, I haven’t added any IPs to these.
For context of documentation I’ve used, I have used:
The above OpenWrt link for the OpenWrt intstall and
Tailscale exit nodes +
Tailscale subnet routers from Tailscale.
(It will only let me post two links as a new user)
I just recently found the site to site link but have not followed anything there, if I’m being stupid and missed a step let me know.
UPDATE
The issue is definitely IPv6, changing the title.
When I connect to the what is my IP site it will successfully show my location as the location of my exit node, but only sees an IPv4 IP address but not an IPv6. When I do this on a non-Tailscale device connected to the subnet router, it will show my IPv4 address as matching my exit node IPv4, but it will show my location as my actual client side location which I assume it gets from my IPv6, and it does show an IPv6 and the IPv6 is different from that of the exit node.
I found this post on here Ipv6 does not work with exit node but this didn’t seem to answer the question, but I am a newbie to this stuff so maybe I’m just not getting it. I have run --sysctl -n net.ipv4.ip_forward net.ipv6.conf.all.forwarding over SSH on the exit node and got 1 and 1, so it looks like I do have both IPv4 and IPv6 enabled.
Has anyone else had a similar problem? What do I need to do to fix this?