Skip to content

Tailscale

Tailscale feature available since V4.2

Tailscale is a VPN service that makes the devices and applications you own accessible anywhere in the world, securely and effortlessly. For more information about Tailscale, please access their website.

The Tailscale feature in GL.iNet router allow the router to join the Tailscale virtual network, then you can access it remotely, even to its WAN or LAN resources.

Note: Because Tailscale is based on WireGuard, it is not recommended to use the Tailscale feature with the OpenVPN Client or WireGuard Client at the same time, as there may be bugs.

Note: This feature is currently in beta, and may have some bugs.

Supported models

Router Model Support
GL-MT6000 (Flint 2)
GL-X3000 (Spitz AX)
GL-MT3000 (Beryl AX)
GL-AXT1800 (Slate AX)
GL-A1300 (Slate Plus)
GL-MT2500/GL-MT2500A (Brume 2)
GL-SFT1200 (Opal) -
GL-S1300 (Convexa-S) -
GL-MT1300 (Beryl) -
GL-AX1800 (Flint)
GL-AR750S (Slate) -
GL-XE300 (Puli) -
GL-X750 (Spitz) -
GL-B1300 (Convexa-B) -
GL-AP1300 (Cirrus) -
GL-X300B (Collie) -
GL-MV1000/GL-MV1000W (Brume)

Setup

The following is an example of the GL-MT2500.

Binding

Please register a Tailscale account first. For testing purposes, first bind one or two devices to your Tailscale account. After binding, you will be able to see your devices and their status in the Tailscale Admin console.

tailscale admin console

On the left side -> APPLICATIONS -> Tailscale

glinet tailscale disabled

Toggle to enable Tailscale, then click Apply.

glinet enable tailscale

It will show a Device Bind Link. Click the Device Bind Link.

glinet bind link

It will pop up and show a tailscale link, click it.

glinet bind link

The link will open in your browser and ask you to log in to your Tailscale account.

Once logged in, you will be asked to confirm the device you want to connect to. Click Connect.

tailscale confirm connect device

When the connection is successful, you will automatically be redirected to the admin console. You can see here that the IP of the GL-MT2500 is 100.88.54.21, and you can use this IP to access the router.

tailscale admin console

Test connectivity

Now that the GL-MT2500 is connected to the Tailscale virtual network, you can test it on other devices as fellows three ways.

  • Use ping command

    ping

  • SSH to the router

    ssh

  • Access web Admin Panel

    web admin panel

Allow Remote Access WAN

If this option is enabled, the resources on the WAN side of the device will be allowed to be accessed via the Tailscale virtual network.

For example, as shown below, if this function is enabled, you can access GL-AXT1800 by its IP(192.168.29.1) from leo-phone, because GL-AX1800 is connected to the WAN port of GL-MT2500, which is the upper layer device of GL-MT2500.

tailscale, remote access wan topology

The operation steps are as follows.

  1. Enable Allow Remote Access WAN.

    enable allow remote access wan

  2. Go to admin console of Tailscale, it will display an alert that GL-MT2500 has subnets. Click on the GL-MT2500 menu and select Edit route settings.

    tailscale subnet alert

  3. Enable the subnet routes.

    tailcale, enable subnet route

  4. Now you can access GL-AXT1800 by its IP(192.168.29.1) on other machines. You can actually access the devices at 192.168.29.0/24.

    tailscale, access axt1800

Allow Remote Access LAN

If this option is enabled, the resources inside the device LAN will be allowed to be accessed via the Tailscale virtual network.

For example, as show below, if this function is enabled, you can SSH to Ubuntu by its IP(192.168.8.110) from leo-phone, because Ubuntu is connected to the LAN port of GL-MT2500, which is the lower layer device of GL-MT2500.

tailscale, remote access lan topology

The operation steps are as follows.

  1. Enable Allow Remote Access LAN.

    enable remote access lan

  2. Go to admin console of Tailscale, it will display an alert that GL-MT2500 has subnets. Click on the GL-MT2500 menu and select Edit route settings.

    tailscale subnet alert

  3. Enable the subnet routes.

    tailscale, enable subnet route

  4. Now you can ping or SSH the by its IP(192.168.8.110) on other devices. You can actually access the devices at 192.168.8.0/24.

    tailscale, access ubuntu

Custom Exit Nodes

The exit node feature lets you route all non-Tailscale internet traffic through a specific device on your network. The device routing your traffic is called an “exit node”.

exitnode

Note: GL.iNet router is not yet available as an exit node.

Note: If the router's DNS Server is a private IP address that can be accessed only in the local network, you may lose the Internet access when running the exit nodes. Please go to Network > DNS menu and set a manual public DNS server such as 8.8.8.8 as the solution.

Setup Steps:

  1. On the device you wish to use as an exit node, select Run exit node. On Windows, follow the steps below.

    tailscale windows, run exit node

    Click Yes.

    tailscale windows, run exit ndoe alert

  2. Set up the device as an exit node in the Admin console.

    tailscale exit node alert

    tailscale use as exit node

  3. Enable Custom Exit Nodes in your GL-router, click the refresh button, and select the IP of the device that has been set up as an exit node from the drop-down menu, then click Apply. That is it.

    glinet tailscale, custom exit node

  4. The devices under that GL-router will use the home IP of the Exit Node .

Refer link: Exit Nodes (route all traffic)


Still have questions? Visit our Community Forum.