IPv6 Not Working on Exit Node

Use case: I have a work computer that I can’t install Tailscale directly on but want to use Tailscale at the OpenWrt router level to route all traffic of non-Tailscale devices on this router on the client side to a Linux exit node server that I have located at another location.

The problem: When I use the exit node using a device that has Tailscale installed directly, it works flawlessly. The real problem that I’m running into is on the client side trying to get the IP of devices that are not running Tailscale but connected to the OpenWrt router to work properly. I have Tailscale installed on my OpenWrt router and have it configured as a subnet router. I am running this command:
tailscale up --advertise-routes= --netfilter-mode=off --exit-node=100.xxx.xxx.xxx --exit-node-allow-lan-access=true

For context for the Netfilter, according to this OpenWrt documentation you have to do this with Tailscale and OpenWrt.

When I check my IP of a non-Tailscale device that is connected to the OpenWrt router, when I check the what is my IP address website on the exit node vs. on the client non-Tailscale device, it seems to show the IPv4 as matching the IPv4 of the exit node, but the IPv6 is different and it show the client side ISP and location and not the exit node ISP and location. I enabled IPv4 and IPv6. What is it that I’m doing wrong here? I have a feeling that it’s something OpenWrt firewall related that I’m not doing correctly, I am a novice and am trying to teach myself this stuff as I go. I added the interface and the firewall zone in Luci as mentioned here: [OpenWrt Wiki] Tailscale
I don’t know if I have to add any exit node IP here or not, I haven’t added any IPs to these.

For context of documentation I’ve used, I have used:
The above OpenWrt link for the OpenWrt intstall and
Tailscale exit nodes +
Tailscale subnet routers from Tailscale.
(It will only let me post two links as a new user)

I just recently found the site to site link but have not followed anything there, if I’m being stupid and missed a step let me know.

The issue is definitely IPv6, changing the title.

When I connect to the what is my IP site it will successfully show my location as the location of my exit node, but only sees an IPv4 IP address but not an IPv6. When I do this on a non-Tailscale device connected to the subnet router, it will show my IPv4 address as matching my exit node IPv4, but it will show my location as my actual client side location which I assume it gets from my IPv6, and it does show an IPv6 and the IPv6 is different from that of the exit node.

I found this post on here Ipv6 does not work with exit node but this didn’t seem to answer the question, but I am a newbie to this stuff so maybe I’m just not getting it. I have run --sysctl -n net.ipv4.ip_forward net.ipv6.conf.all.forwarding over SSH on the exit node and got 1 and 1, so it looks like I do have both IPv4 and IPv6 enabled.

Has anyone else had a similar problem? What do I need to do to fix this?

The following, from step #2 in the Site-to-site networking how-to guide appears relevant:

  • --snat-subnet-routes=false: Disables source NAT. In normal operations, a subnet device will see the traffic originating from the subnet router. This simplifies routing, but does not allow traversing multiple networks. By disabling source NAT, the end machine sees the LAN IP address of the originating machine as the source.

Thanks for the suggestion. I just tried this, and it doesn’t seem to be changing the IP or the IP location, but it looks like I can SSH into the exit node on a device that doesn’t have Tailscale actively running, so I am able to connect but it doesn’t seem to be changing my IP address or location.

I was just looking, I think I may have found the issue? When I run --ip route on my exit node, the default route at that location is the same as my OpenWrt default route on the client side. I noticed on that link this note: " This scenario will not work on subnets with overlapping CIDR ranges, nor with 4via6 subnet routing."

Could this be what my issue is? Do I just need to change my default route in OpenWrt on the client side?