Tailscale on Openwrt router

xxnewbiexx · Jul 25, 2025

Anyone has experience to share with setup of tailscale on OpenWRT router? I have set up successfully on pfSense but no luck with OpenWRT. https://openwrt.org/docs/guide-user/services/vpn/tailscale/start webpage is not clear on how to link this setup with your own tailscale account

xiaofan · Jul 25, 2025

xxnewbiexx said:
Anyone has experience to share with setup of tailscale on OpenWRT router? I have set up successfully on pfSense but no luck with OpenWRT. https://openwrt.org/docs/guide-user/services/vpn/tailscale/start webpage is not clear on how to link this setup with your own tailscale account

Maybe you want to mention what is your goal and what is your existing Tailscale setup, and then what is the issue you are facting.

My use case for Tailscale is only for remote access and it is not difficult to set up under OpenWRT. Still I remember it was pretty easy to set up Tailscale under pfSense as well but I am not using pfSense now) than under OpenWRT.

I just followed the first portion of the guide mentioned above. I have no experiences setting up Tailscale Exit Node though.

Relevant OpenWRT settings from my virtual OpenWRT 23.05 installation (under Proxmox PVE). I can access it from another network using Tailscale.

But usually I user wireguard VPN more often for remote access.

Bash:

PS C:\work> ssh root@100.73.183.65
root@100.73.183.65's password:


BusyBox v1.36.1 (2023-11-14 13:38:11 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.2, r23630-842932a63d
 -----------------------------------------------------

root@OpenWrt:~# cat /etc/config/tailscale
config settings 'settings'
        option log_stderr '1'
        option log_stdout '1'
        option port '41641'
        option state_file '/etc/tailscale/tailscaled.state'

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'dda5:edda:cf50::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.38.1'
        option netmask '255.255.255.0'
        option ip6assign '64'
        list ip6class 'wan6'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'tailscale'
        option proto 'none'
        option device 'tailscale0'

config interface 'wan6'
        option proto 'dhcpv6'
        option device '@wan'
        option reqaddress 'try'
        option reqprefix 'auto'
        option norelease '1'

...

root@OpenWrt:~# cat /etc/config/firewall
...
config zone
        option name 'tailscale'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        list network 'tailscale'

config forwarding
        option src 'tailscale'
        option dest 'lan'
...

root@OpenWrt:~# tailscale status
100.73.183.65   openwrt              xiaofanc@    linux   -
...

root@OpenWrt:~# ip address show tailscale0
17: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc fq_codel state UNKNOWN group default qlen 500
    link/none
    inet 100.73.183.65/32 scope global tailscale0
       valid_lft forever preferred_lft forever
    ...

xiaofan · Jul 25, 2025

I just set up a new Tailscale installaiton under another virtual OpenWRT installation and the steps mentioned in OpenWRT website seems to work fine. But again I am not setting it up as an exit node.
https://openwrt.org/docs/guide-user/services/vpn/tailscale/start

xxnewbiexx · Jul 28, 2025

I am able to install tailscale, able to start it successful. when issue /etc/initd.o/tailscale status it shows it is running.

When I test authentication with tailscale up command, I get

fail to connect to local tailscaled; it doesn't appear to be running

xiaofan · Jul 28, 2025

xxnewbiexx said:
I am able to install tailscale, able to start it successful. when issue /etc/initd.o/tailscale status it shows it is running.

When I test authentication with tailscale up command, I get

fail to connect to local tailscaled; it doesn't appear to be running

You may need to check if "tailscale" service is running or not.

Try to run "service tailscale start" or "service tailscale restart" first to see if that helps.

xxnewbiexx · Jul 28, 2025

I did a few things after I check some article online. For me I think the one that help me fixed my tailscale on my openwrt is this command:

opkg install iptables-nft

Now it is working, I will likely to use this for subnet advertise route

Tailscale on Openwrt router

More options

xxnewbiexx

Junior Member

xiaofan

High Supremacy Member

xiaofan

High Supremacy Member

xxnewbiexx

Junior Member

xiaofan

High Supremacy Member

xxnewbiexx

Junior Member