[Solved] Android App only can't use exit nodes

Hello, and sorry for my bad english, but i’m sure everybody can understand me, what i mean … :smile:

My problem is, when i use the option “exit node” (with or without the additional LAN option), i can’t open any website in the internet. When i use the Tailscaile App without an exit node, i can connect my local network over my private IP4 Address and can see my Pihole-, Nextcloud-, ect. pp. Webinterfaces without any Problems. I can use the shown Tailscaile IP’s on the Tailscale admin area too, without any problems. Only when i switch the option “Exit node” on, i can’t use any services, which need an connection to the internet.

My used setup:
As first i’ve installed Tailscale on a linux cumputer behind my cable modem AVM Fritzbox, also in within the loacal Network and have them configured as subnet-node. As next i’ve installed Tailscale on my Raspi PiHole maschine. Both maschines are showing up in the Talescale webinterface. The i’vve placed as Gloabl DNS the lokal ip address of my PiHole (192.168.100.2) an push the button to global overide DNS on. As next i’ve installed Tailscale on my other maschines (Nextcloud, Cups-Printer-Server, ect.pp.) too. Works all great and perfect.

As next i’vve three Debian vservers in the internet and so i’ve install Tailscale on them too. Connections are perfect, they used my Pihole DNS too (i can see them in the PiHole Query log with sucessefull response entry from the PiHole). As next i’ve setup them as exit nodes with “sudo tailscale up --advertise-exit-node”. On my local linux Desktop maschine use the “sudo tailscale up --exit-node=100.XXX.XXX.XXX” … and i can open all websites. I’ve tested my open IP address on pages such like as “Where is my IP” and the shown me the IPV4 & IPV6 address from the used vserver.

On my smartphone i can’t use the exit nodes, It doesn’t matter whether I try it in the local WLAN network or with a LTE connection. I can ping my Smartphone from the Desktop over the 100.xxx.xxx.xxx IP too …

Used Tailscale Versions are 1.20.2 on all devices …

Have any one an idea where the problem is?

So i relpy myself while i found out the solution myself.

I’ve started the external Debian 11 vserver outside my local network with:

sudo tailscale up --advertise-exit-node

I’ve read in any Github post’s, that in this case the exit node loose the contact to the subnet and in this case the PiHole DNS-Server was not avaiable with his lokal IPV4/IPV6 address.

On a blog post (found over Google) i read, that a user add an additional option for routing by startup the Tailscale client:

sudo tailscale up --accept-routes --advertise-exit-node

So i’ve reset my exit node with:

sudo tailscale up --reset
sudo tailscale down
sudo tailscale up --accept-routes --advertise-exit-node

and now i can use the exit node on Android to route my traffic to the internet and the local PiHole can used.

Hmm, i hope, anyone understand, what i mean and wrote … :rofl: