Tailscale¶
Tailscale feature available since V4.2
Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. For more information about Tailscale, please access their website.
The Tailscale feature in GL.iNet router allow the router to join the Tailscale virtual network, then you can access it remotely, even to its WAN or LAN resources.
Note: Because Tailscale is based on WireGuard, it is not recommended to use the Tailscale feature with the OpenVPN Client or WireGuard Client at the same time, as there may be bugs.
Note: This feature is currently in beta, and may have some bugs.
Supported models¶
Router Model | Support |
---|---|
GL-B3000 (Marble) | √ |
GL-MT6000 (Flint 2) | √ |
GL-X3000 (Spitz AX) | √ |
GL-MT3000 (Beryl AX) | √ |
GL-AXT1800 (Slate AX) | √ |
GL-A1300 (Slate Plus) | √ |
GL-MT2500/GL-MT2500A (Brume 2) | √ |
GL-SFT1200 (Opal) | - |
GL-S1300 (Convexa-S) | - |
GL-MT1300 (Beryl) | - |
GL-AX1800 (Flint) | √ |
GL-AR750S (Slate) | - |
GL-XE300 (Puli) | - |
GL-X750/GL-X750V2 (Spitz) | - |
GL-B1300 (Convexa-B) | - |
GL-AP1300 (Cirrus) | - |
GL-X300B (Collie) | - |
GL-MV1000/GL-MV1000W (Brume) | √ |
Setup¶
The following is an example of the GL-MT2500.
Binding¶
Please register a Tailscale account first. For testing purposes, first bind one or two devices to your Tailscale account. After binding, you will be able to see your devices and their status in the Tailscale Admin console.
On the left side -> APPLICATIONS -> Tailscale
Toggle to enable Tailscale, then click Apply.
It will show a Device Bind Link. Click the Device Bind Link.
It will pop up and show a tailscale link, click it.
The link will open in your browser and ask you to log in to your Tailscale account.
Once logged in, you will be asked to confirm the device you want to connect to. Click Connect.
When the connection is successful, you will automatically be redirected to the admin console. You can see here that the IP of the GL-MT2500 is 100.88.54.21
, and you can use this IP to access the router.
Test connectivity¶
Now that the GL-MT2500 is connected to the Tailscale virtual network, you can test it on other devices as fellows three ways.
-
Use ping command
-
SSH to the router
-
Access web Admin Panel
Allow Remote Access WAN¶
If this option is enabled, the resources on the WAN side of the device will be allowed to be accessed via the Tailscale virtual network.
For example, as shown below, if this function is enabled, you can access GL-AXT1800
by its IP(192.168.29.1
) from leo-phone
, because GL-AX1800
is connected to the WAN port of GL-MT2500
, which is the upper layer device of GL-MT2500
.
The operation steps are as follows.
-
Enable Allow Remote Access WAN.
-
Go to admin console of Tailscale, it will display an alert that GL-MT2500 has subnets. Click on the GL-MT2500 menu and select Edit route settings.
-
Enable the subnet routes.
-
Now you can access GL-AXT1800 by its IP(
192.168.29.1
) on other machines. You can actually access the devices at192.168.29.0/24
.
Allow Remote Access LAN¶
If this option is enabled, the resources inside the device LAN will be allowed to be accessed via the Tailscale virtual network.
For example, as show below, if this function is enabled, you can SSH to Ubuntu
by its IP(192.168.8.110
) from leo-phone
, because Ubuntu
is connected to the LAN port of GL-MT2500
, which is the lower layer device of GL-MT2500
.
The operation steps are as follows.
-
Enable Allow Remote Access LAN.
-
Go to admin console of Tailscale, it will display an alert that GL-MT2500 has subnets. Click on the GL-MT2500 menu and select Edit route settings.
-
Enable the subnet routes.
-
Now you can ping or SSH the by its IP(
192.168.8.110
) on other devices. You can actually access the devices at192.168.8.0/24
.
Custom Exit Nodes¶
The exit node feature lets you route all non-Tailscale internet traffic through a specific device on your network. The device routing your traffic is called an “exit node”.
Note: GL.iNet router is not yet available as an exit node.
Note: If the router's DNS Server is a private IP address that can be accessed only in the local network, you may lose the Internet access when running the exit nodes. Please go to Network > DNS menu and set a manual public DNS server such as 8.8.8.8 as the solution.
Setup Steps:
-
On the device you wish to use as an exit node, select Run exit node. On Windows, follow the steps below.
Click Yes.
-
Set up the device as an exit node in the Admin console.
-
Enable Custom Exit Nodes in your GL-router, click the refresh button, and select the IP of the device that has been set up as an exit node from the drop-down menu, then click Apply. That is it.
-
The devices under that GL-router will use the home IP of the Exit Node .
Refer link: Exit Nodes (route all traffic)
Still have questions? Visit our Community Forum.