tailscale icon indicating copy to clipboard operation
tailscale copied to clipboard
verified publisher icon tailscale

mwan3 with tailscale exit node not working.

Open dc-me opened this issue 1 year ago • 0 comments

What is the issue?

Openwrt with mwan3 and tailscale with exit node not working because of the route rule priority

Priority	Rule
0	from all lookup local
1001	from all iif eth1 lookup 1
1003	from all iif eth2 lookup 3
1310	from all fwmark 0x80000/0xff0000 lookup main
1330	from all fwmark 0x80000/0xff0000 lookup default
1350	from all fwmark 0x80000/0xff0000 unreachable
1370	from all lookup 52
2001	from all fwmark 0x100/0x3f00 lookup 1
2003	from all fwmark 0x300/0x3f00 lookup 3
2061	from all fwmark 0x3d00/0x3f00 blackhole
2062	from all fwmark 0x3e00/0x3f00 unreachable
3001	from all fwmark 0x100/0x3f00 unreachable
3003	from all fwmark 0x300/0x3f00 unreachable
32766	from all lookup main
32767	from all lookup default

With the rule below

1001	from all iif eth1 lookup 1
1003	from all iif eth2 lookup 3

Which makes the exit node not working because the package coming from wan are not go through tailscale0 which is route table 52.

Some references: https://github.com/openwrt/packages/issues/23480 https://github.com/tailscale/tailscale/pull/12035 (This PR seems to be a better solution to let you pass in the base rule priority) This two does not fix exit node and there's potential it's not gonna work because when router reboot the the wan might not be up yet, cause the detect logic not working. This is the route rule when reboot the route

0:	from all lookup local
1001:	from all iif wan lookup 1
1003:	from all iif wl0-sta0 lookup 3
2001:	from all fwmark 0x100/0x3f00 lookup 1
2003:	from all fwmark 0x300/0x3f00 lookup 3
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
3001:	from all fwmark 0x100/0x3f00 unreachable
3003:	from all fwmark 0x300/0x3f00 unreachable
5210:	from all fwmark 0x80000/0xff0000 lookup main
5230:	from all fwmark 0x80000/0xff0000 lookup default
5250:	from all fwmark 0x80000/0xff0000 unreachable
5270:	from all lookup 52
32766:	from all lookup main
32767:	from all lookup default

This is the route rule when restart tailscale which correctly detected mwan3

0:	from all lookup local
1001:	from all iif wan lookup 1
1003:	from all iif wl0-sta0 lookup 3
1310:	from all fwmark 0x80000/0xff0000 lookup main
1330:	from all fwmark 0x80000/0xff0000 lookup default
1350:	from all fwmark 0x80000/0xff0000 unreachable
1370:	from all lookup 52
2001:	from all fwmark 0x100/0x3f00 lookup 1
2003:	from all fwmark 0x300/0x3f00 lookup 3
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
3001:	from all fwmark 0x100/0x3f00 unreachable
3003:	from all fwmark 0x300/0x3f00 unreachable
32766:	from all lookup main
32767:	from all lookup default

@twitchyliquid64 https://github.com/tailscale/tailscale/pull/5775 https://github.com/tailscale/tailscale/pull/5588

Steps to reproduce

No response

Are there any recent changes that introduced the issue?

No response

OS

Linux, Other

OS version

OpenWrt 23.05.3 r23809-234f1a2efa

Tailscale version

1.58.2

Other software

mwan and openwrt firewall4

Bug report

No response

dc-me avatar Jun 29 '24 18:06 dc-me