Tailscale Exit Node on OpenWRT

Hello,

Tailscale works great i can reach all my nodes + subnets.
But when i try to connect on my android phone through exit node which is advertised via “–advertise-exit-node” on my OpenWRT router it cant reach the internet and (!) no nodes on the tailscale network. I set Output,Input and forwarded to accept via firewall rules in OpenWRT from and to the wan interface and the local bridge ( wan/br-lan <-> tailscale0 ). On my first attempts to connect via Exit node on OpenWRT it connected successfully to the internet via wan interface from the router but than it began to have no connectivity very strange.
Do you have any ideas to have connectivity from my android phone its a samsung m30s ?
Thanks for any help and sorry for the bad english!

If you have modified the ACLs, note that anything not specifically allowed is blocked. You have to allow access to public IP addresses, for example:

{ "Action": "accept", "Users": ["*"], "Ports": ["autogroup:internet:*"] },

Make sure the exit node is still approved in Tailscale in the “Edit route settings” menu selection. If you removed and re-added the OpenWRT node, it might no longer be approved to be an exit node.


Finally, as OpenWRT makes relatively complex use of iptables, it is possible that some other OpenWRT feature ends up blocking access to tailscale.

acls i didnt touched. i really think its openwrt specific problem something is blocking it. hard to tell what.
thank you anyways !!!

One question i have left: Should i explitcitly advertise routes like 0.0.0.0/0 for an exit node or is this done via the --advertise-exit-node option ?

You should not advertise 0.0.0.0/0. --advertise-exit-node will handle all of the routes it needs.

1 Like