search

jamesog / tailscale-edgeos

Running Tailscale on Ubiquiti EdgeOS
MIT License
327 stars 29 forks source link

how to route all traffics out using an exit node? #18

Closed yubiao closed 1 year ago

yubiao commented 1 year ago

I tried to start tailscale by routing all traffics to an exit node tailscale up --exit-node=xxx.xxx.xxx.xxx but then the edge router is stuck and no internet access. Am I doing this the wrong way?

jamesog commented 1 year ago

Given the device itself is a router it's probably not a good idea to have it use an exit node, but it would be fine to use it as an exit node. It depends how it talks to your ISP, DNS resolvers, etc.

Have you tried to do a packet capture to see what gets stuck?

yubiao commented 1 year ago

after the command tailscale up --exit-node=xxx.xxx.xxx.xxx, I cannot ssh into the router or open its web GUI.

yubiao commented 1 year ago

My simple use case is that I want every device connected to this edge router to have its traffic routed through the exit node.

jamesog commented 1 year ago

Do you know how to use tcpdump to do packet captures? To help you I'd need to understand where it could be going wrong.

yubiao commented 1 year ago

Once I issued the tailscale up command with exit node, I got the following tcpdump on my macOS

edit: removed the log

yubiao commented 1 year ago

CLI on edge router shows the following

root@ubnt:/home/ubnt# sudo tailscale up

To authenticate, visit:

    https://login.tailscale.com/a/*****

Success.
root@ubnt:/home/ubnt# sudo tailscale up --exit-node=xxx.xxx.xxx.xxx
client_loop: send disconnect: Broken pipe
jamesog commented 1 year ago

I mean to tcpdump on the router. Do you have a model with a serial console?

yubiao commented 1 year ago

Oh, sorry, no, I am using a ER-X, it seems only have ethernet ports.

jamesog commented 1 year ago

This is going to be pretty hard to debug then, sorry.

bartaspoz commented 1 year ago

I have tried to do the same thing. After tellong the router to use an exit node it stops routing traffic of all connected clinets, but the router itself is actually connected succesfully to the tailscale network. Using other interntet you can connect to tailscale and ssh into the router using its private or tailscale IP. I can confirm that the router itself is routing all the traffic via the selected exit node. I just have to find out how to get the connected clients to work again. Even dhcp stops working. I've tried to manually assign IP address for the ER-x client (from the local pool as well as from the pool of the exit node), bot no traffic gets out from the end user machine