Tailscale on Asus RT-AX86U router

[glens]

# Health check:
# - dns-os: getting OS base config is not supported
# - dns: getting OS base config is not supported

I have no idea what this means but presumably it is because ASUS Merlin FW is not supported by Tailscale or something like that?

Possibly trying through systemd which the router thankfully doesn't use.

 

[jksmurf]

Just a follow up, as I am chuffed to bits with this Talscale implementation on my RT-AX86U, kudos to @RandomUser777 for finding out what needed to be done, it really is quite simple to install.

I am a wee bit surprised that there is not more interest in this implementation, I appreciate there are tonnes of devices (AppleTV, RPi, Thin Clients repurposed with DietPi etc) all able to operate as Subnet Routers, but it is really great that it's all in one box.

I don't do much but access my Router WebGUI "locally" and occasionally use Remote Desktop "locally" behind a CGNAT, so I guess one of the the unknowns is how the Router CPU can handle "heavy duty" throughput via Tailscale, but at the end of the day, it's really just Wireguard (as I understand it), which the Router already does.

Even if it was a fall-back subnet router it would be useful; as I understand it, if you have multiple subnet routers they operate in the order of date joined, if one is offline.

I wonder if @thelonelycoder or some other equally well-respected member of this community would consider adding it to amtm (which I have only recently discovered and think is pretty awesome) as a "Tailscale Installation" script, following Random777's setup? I firmly believe it would be a welcome addition. It might need caveats for horsepower e.g. only on RT-AXZZU etc. but even so, it would be great IMHO.

Thoughts?

k.

 

[thelonelycoder]

Just a follow up, as I am chuffed to bits with this Talscale implementation on my RT-AX86U, kudos to @RandomUser777 for finding out what needed to be done, it really is quite simple to install.

I am a wee bit surprised that there is not more interest in this implementation, I appreciate there are tonnes of devices (AppleTV, RPi, Thin Clients repurposed with DietPi etc) all able to operate as Subnet Routers, but it is really great that it's all in one box.

I don't do much but access my Router WebGUI "locally" and occasionally use Remote Desktop "locally" behind a CGNAT, so I guess one of the the unknowns is how the Router CPU can handle "heavy duty" throughput via Tailscale, but at the end of the day, it's really just Wireguard (as I understand it), which the Router already does.

Even if it was a fall-back subnet router it would be useful; as I understand it, if you have multiple subnet routers they operate in the order of date joined, if one is offline.

I wonder if @thelonelycoder or some other equally well-respected member of this community would consider adding it to amtm (which I have only recently discovered and think is pretty awesome) as a "Tailscale Installation" script, following Random777's setup? I firmly believe it would be a welcome addition. It might need caveats for horsepower e.g. only on RT-AXZZU etc. but even so, it would be great IMHO.

Thoughts?

k.

I will add support if another coder would do the grunt work and write an amtm-compatible script that gets some reasonable attention on this board.

 

[glens]

I will add support if another coder would do the grunt work and write an amtm-compatible script that gets some reasonable attention on this board.

That narrows it down, hahaha!

 

[jksmurf]

I will add support if another coder would do the grunt work and write an amtm-compatible script that gets some reasonable attention on this board.

Thank you, there‘s hope !

I still wonder why ASUS have not added it to their core firmware like GLiNET have done. Then @RMerlin could make it even better (or maybe he can add it himself… (TIC)).

I would imagine it would only need (apart from the underlying code to copy and edit the various files) a few things in the amtm setup (maybe eventually in the Webadmin GUI ;-) ) like:

• Select the USB Disk to mount it on (one off)
• Toggle Tailscale on / off
• Toggle to advertise as a Subnet Router; with IP address(es) of subnet(s) e.g. 192.168.50.0/24; 192.168.20.0/24
• Toggle autoupdate Tailscale
• Maybe a Table showing list of all machines in selected account with machines connected, although this is not really a must for me, I can see it from any Tailscale app on Windows or iOS.

k.

EDIT: Does this need to be in the amtm forum for more visibility to potential coders?

 

[domic]

Thank you, there‘s hope !

I still wonder why ASUS have not added it to their core firmware like GLiNET have done.

Likely because TailScale is a proprietary service first and foremost, and could close their company any day. This I imagine is to not have obsolete bloat code in Merlin firmware/amtm on future unsupported models etc, to keep the complaints lower on the forums too.

 

[jksmurf]

Likely because TailScale is a proprietary service first and foremost, and could close their company any day. This I imagine is to not have obsolete bloat code in Merlin firmware/amtm on future unsupported models etc, to keep the complaints lower on the forums too.

Well sir, you may well be proven right in the long run, but I take a more optimistic view, that nothing gets done without either a clamour for it or someone taking a calculated risk that it might be a “good thing“.

Like all those other addons in amtm which potentially add bloat, if folks think it’s useful for them and does not add an unmanageable penalty to the existing system, I’d say “why not” go for it .

k.

 

[domic]

Well sir, you may well be proven right in the long run, but I take a more optimistic view, that nothing gets done without either a clamour for it or someone taking a calculated risk that it might be a “good thing“.

Like all those other addons in amtm which potentially add bloat, if folks think it’s useful for them and does not add an unmanageable penalty to the existing system, I’d say “why not” go for it .

k.

I could have skipped the word bloat, it wasn't intended to sound pretentious.

 

[jksmurf]

I recently checked for and updated amtm Entware packages, and was surprised to see tailscale amongst them, which duly updated (to 1.58.1, which is not quite the latest stable track 1.60.0 per https://pkgs.tailscale.com/stable/#static). Can I assume this tailscale update under amtm is actually because of my own implementation of it as discussed in this thread and not because amtm now has it built in?

In any case it seems to have stopped my tailscale implementation working, so I think I will need to go through the above procedure again. I rebooted the router but it did not connect to tailscale again.

@RandomUser777 - have you seen this issue when updating amtm Entware packages, if you have done that?

@thelonelycoder - I appreciate you do not (currently ) support this install of Tailscale, but as amtm (appears to update it, albeit not the latest stable version), I thought I would ask if there is a way to exclude the tailscale update from the Entware packages update please and also stop it from modifying /opt/etc/init.d/S06tailscaled?

Thanks a lot !

k.

EDIT: it seems the amtm package update only reset /opt/etc/init.d/S06tailscaled, so I redid that file as above and rebooted and seem to have tailscale back with the latest version, which I grabbed from https://pkgs.tailscale.com/stable/#static and copied across.

 

[ColinTaylor]

@thelonelycoder - I appreciate you do not (currently ) support this install of Tailscale, but as amtm (appears to update it, albeit not the latest stable version), I thought I would ask if there is a way to exclude the tailscale update from the Entware packages update please and also stop it from modifying /opt/etc/init.d/S06tailscaled?

I've faced the same problem with the sysstat package. I need to modify the S99sysstat script, but every time there's an update it gets overwritten. There's an option in opkg to prevent a package being updated (e.g. opkg flag hold sysstat), but that applies to the whole package rather than one file.

 

[domic]

I ran `opkg flag hold tailscale` to protect the manual TailScale binary that's up to date.
Entware seems to update their repo very rarely.

 

[Jeffrey Young]

I've faced the same problem with the sysstat package. I need to modify the S99sysstat script, but every time there's an update it gets overwritten. There's an option in opkg to prevent a package being updated (e.g. opkg flag hold sysstat), but that applies to the whole package rather than one file.

Dito for UPS NUT. My custom init.d file gets wiped every time. I'm ready for it nowadays

 

[jksmurf]

I’m relieved it’s not just me then.

I thought it was because I was running a non standard install that this was happening, I’m assuming it is an issue for other scripts then, that are in the amtm menu (apart from @domic tailscale install.

 

[jksmurf]

I ran `opkg flag hold tailscale` to protect the manual TailScale binary that's up to date.
Entware seems to update their repo very rarely.

That is useful thanks, but would I be I correct in assuming it wouldn't protect the S06tailscaled file?
As an aside, if I wanted to update that tailscale file (manually), what would be the command to briefly unprotect it so I can overwite it?

 

[domic]

That is useful thanks, but would I be I correct in assuming it wouldn't protect the S06tailscaled file?
As an aside, if I wanted to update that tailscale file (manually), what would be the command to briefly unprotect it so I can overwite it?

I don't know, but now that you mention it, I'd recommend backing up that file.
I just copy the file and add a .bak extension to know I made a copy of the file.
Quick and dirty, heh.

 

[Jeffrey Young]

If you are looking at preventing an init.d file from being overwritten, just remove the write permission attribute from the file.

chmod -w filename

 

[ColinTaylor]

That is useful thanks, but would I be I correct in assuming it wouldn't protect the S06tailscaled file?

S06tailscaled part of the Entware package. So yes, putting a hold on the tailscale package will prevent that file and all the other files in the package being updated by opkg upgrade.

As an aside, if I wanted to update that tailscale file (manually), what would be the command to briefly unprotect it so I can overwite it?

There's nothing to stop you manually editing that file with something like vi or nano.

I don't know, but now that you mention it, I'd recommend backing up that file.
I just copy the file and add a .bak extension to know I made a copy of the file.
Quick and dirty, heh.

Be careful if you do this. Adding .bak at the end of a filename doesn't confer any special meaning. All you've done is create a second startup script. Any user executable script whose filename begins with "S" found in init.d will be run at startup. So you either need to move this backup file to a different directory, or change its name and/or permissions.

If you are looking at preventing an init.d file from being overwritten, just remove the write permission attribute from the file.

chmod -w filename

This won't work in this case. opkg is being run by the root user which has no problem overwriting a file with the "correct" version, including changing its permissions back again.

 

[Jeffrey Young]

S06tailscaled part of the Entware package. So yes, putting a hold on the tailscale package will prevent that file and all the other files in the package being updated by opkg upgrade.


There's nothing to stop you manually editing that file with something like vi or nano.


Be careful if you do this. Adding .bak at the end of a filename doesn't infer any special meaning. All you've done is create a second startup script. Any user executable script whose filename begins with "S" found in init.d will be run at startup. So you either need to move this backup file to a different directory, or change its name and/or permissions.


This won't work in this case. opkg is being run by the root user which has no problem overwriting a file with the "correct" version, including changing its permissions back again.

Looking at the script that parses the init.d directory, any file that does not have the execute attribute set is skipped.

Personally, I don't keep backup files in the same directory to avoid confusion, but as long as the backup file is not executable,it should be ignored.

 

[ColinTaylor]

Looking at the script that parses the init.d directory, any file that does not have the execute attribute set is skipped.

Personally, I don't keep backup files in the same directory to avoid confusion, but as long as the backup file is not executable,it should be ignored.

Yes, that's why I specifically said "Any user executable script whose filename begins with S", meaning the execute bit being set for the user permissions. On my router the default umask is such that if I simply copy the file the new file will have this permission set.

 

[Jeffrey Young]

Yes, that's why I specifically said "Any user executable script whose filename begins with S", meaning the execute bit being set for the user permission. On my router the default umask is set such that if I simply copy a file the new file will have these permissions.

Well. Missed that. Hmmm. My