TAILMON TAILMON v1.3.0 -Aug 24, 2025- WireGuard-based Tailscale Installer, Configurator and Monitor (Available in AMTM!)

[buis]

Hi all I've put everything on it several times, read a lot and can't find anything that I'm doing wrong. But In Clint's phone mode, the app was unchecked. That was it, I read a lot, learned a lot, and that at my age. 63. Thank you for your help.

 

[Viktor Jaep]

Hi all I've put everything on it several times, read a lot and can't find anything that I'm doing wrong. But In Clint's phone mode, the app was unchecked. That was it, I read a lot, learned a lot, and that at my age. 63. Thank you for your help.

Glad you got it working. A fully functional Tailnet can be a beautiful thing!

 

[buis]

Glad you got it working. A fully functional Tailnet can be a beautiful thing!

I am very happy with it thank you for the hard work to make it

 

[jksmurf]

Hi all I've put everything on it several times, read a lot and can't find anything that I'm doing wrong. But In Clint's phone mode, the app was unchecked. That was it, I read a lot, learned a lot, and that at my age. 63. Thank you for your help.

Excellent, well done and super pleased for you. If you get a moment could you please take a wee screenshot of the unchecked item in the App and post it, it might help someone else one day, maybe a 64 yo, who knows .

 

[buis]

At split tunnel in the

 

[jksmurf]

At split tunnel in the

Excellent. I don’t have an android phone, but I’m guessing you’re using this. I learnt something .

 

[jksmurf]

Hi Viktor, got a funny retsart message that I wasn;t expecting today, well after I updated ot 1.88.3. Will watch it.
Also noticed a message I had not seen in that Health check before?

# Health check:
#     - flushing nat/ts-postrouting: running [/usr/sbin/iptables -t nat -F ts-postrouting]: exit status 1: iptables: Invalid argument. Run `dmesg' for more information.

 

[Viktor Jaep]

Hi Viktor, got a funny retsart message that I wasn;t expecting today, well after I updated ot 1.88.3. Will watch it.
Also noticed a message I had not seen in that Health check before?

# Health check:
#     - flushing nat/ts-postrouting: running [/usr/sbin/iptables -t nat -F ts-postrouting]: exit status 1: iptables: Invalid argument. Run `dmesg' for more information.

That's an interesting one. I don't have that on neither of my routers running Tailscale. Maybe something got gummed up and a reboot is in order?

 

[jksmurf]

That's an interesting one. I don't have that on neither of my routers running Tailscale. Maybe something got gummed up and a reboot is in order?

Seems to have fixed it...

 

[Viktor Jaep]

Seems to have fixed it...

Software will be software. There will always be flaws.

 

[jksmurf]

Software will be software. There will always be flaws.

Flaws … Bastille

 

[JGrana]

Flaws?!? Any good Product Manager would refer to them as “undocumented features”.

 

[buis]

Question split-tunneling for Tailscale It is possible that it now passes everything I can't really find how to do

 

[jksmurf]

Question split-tunneling for Tailscale It is possible that it now passes everything I can't really find how to do

With all due respect, you're really going to have to get better at asking questions if you want the anwers to assist you.

I don't know quite what your question is or who or what you wish to include or exclude, but as per my link above Tailscale Andoid App (Client-Based App) has it already built in for the method by exclusion i.e. it allows everything EXCEPT what you choose to exclude. So you need to choose which Apps to exclude; it will accept everything else.

Here is the link again: https://tailscale.com/kb/1444/android-app-split-tunneling

In theory if you have e.g. an Android TV and can install Android Tailscale on it (v1.70+) you should be able to get your TV to decide which apps are included and excluded as well; if that is your question.

If you're looking at the second method it is by acceptance:

NOTHING gets through and you have to ACCEPT which Apps are forced to use Tailscale.
This approach uses MDM, I know nothing about it and in any case it is for the Premium and Enterprise plans only.

k.

 

[buis]

Yes I understand, so just Tailscale pc Windows and pc Linux and turn on what you don't want to have through it, I hadn't thought of that, Thank you very much

 

[Joel_w]

Hi. I installed Tailmon yesterday but no matter what I try I can't seem to get a direct connection to the router itself from outside the network. By switching to a full cone NAT instead of symmetric I seem to get a direct connection to my other devices on my network but never to the router. To troubleshoot I've tried to forward port 41641 to 192.168.0.1, and also temporarily enable UPnP, but it makes no difference when it comes to the router.

Maybe I'm wrong but I'm thinking I need a direct connection to the router since it gives access to the rest of the internal devices that don't run Tailscale, right? Now when I try to reach them I get slow speeds and ping so they must be relayed.

And by the way, is just enabling a full cone NAT the most secure way to get a direct connection on Asus Merlin? UPnP should be much worse, and I'm thinking forwarding a port would be too, right?

 

[jksmurf]

Hi. I installed Tailmon yesterday but no matter what I try I can't seem to get a direct connection to the router itself from outside the network.

I probably can’t help with the full cone NAT queries but could you share your Tailmon config line and confirm you followed the URL at setup to Tailscale admin and in that browser page, accepted that device and (maybe) setup as a subnet router ?

 

[Joel_w]

I probably can’t help with the full cone NAT queries but could you share your Tailmon config line and confirm you followed the URL at setup to Tailscale admin and in that browser page, accepted that device and (maybe) setup as a subnet router ?

Yes, I accepted the device on the Tailscale admin page and approved the subnet routes. Are these the Tailmon config lines you mean?

Tailscale works and I can reach the router, I can ping it and open the router admin page from another network. It's just slow and if I ping the router in the Tailscale iPhone app (with the phone not connected to wifi) it always says it's relayed.

 

[jksmurf]

Are these the Tailmon config lines you mean?

Yup. Ok sorry I thought you couldn’t access the WebGui of the Router. So it’s just about performance from a speed perspective and it always going through a DERP rather than direct?

Sorry I believe you’ve checked all your firewalls and not blocked UDP port 41641, so I’m not sure what else to suggest. @ColinTaylor is normally all over these issues, maybe he can spot something to try.

 

[ColinTaylor]

Hi. I installed Tailmon yesterday but no matter what I try I can't seem to get a direct connection to the router itself from outside the network. By switching to a full cone NAT instead of symmetric I seem to get a direct connection to my other devices on my network but never to the router. To troubleshoot I've tried to forward port 41641 to 192.168.0.1, and also temporarily enable UPnP, but it makes no difference when it comes to the router.

Maybe I'm wrong but I'm thinking I need a direct connection to the router since it gives access to the rest of the internal devices that don't run Tailscale, right? Now when I try to reach them I get slow speeds and ping so they must be relayed.

And by the way, is just enabling a full cone NAT the most secure way to get a direct connection on Asus Merlin? UPnP should be much worse, and I'm thinking forwarding a port would be too, right?

Sorry @Joel_w I really can't follow what you're asking. You talk about NAT (full cone or symmetric), "direct connection", port forwarding, UPnP. None of this has anything to do with TAILMON (Tailscale). Tailscale is a VPN.