Tutorial **Tailscale On Merlin**

[Viktor Jaep]

Noted and seen that post but I had the feeling that the bulk of my problems was with a broken entware install (although would not know how to prove it). Opted to add that line for completion and as I thought that it would not do any harm anyway. Also not sure if choosing the second entware server (rather than recommended first) could have made any difference but quite happy with the outcome.

Perhaps just doing a: opkg status entware-opt to make sure it's there?

 

[jksmurf]

Noted and seen that post but I had the feeling that the bulk of my problems was with a broken entware install (although would not know how to prove it). Opted to add that line for completion and as I thought that it would not do any harm anyway. Also not sure if choosing the second entware server (rather than recommended first) could have made any difference but quite happy with the outcome.

Great that it’s working for you Aiadi, really pleased that you persisted and thanks for your feedback, your contribution in that regard was a large part of the learning process.

I know you removed and reinstalled entware and reset amtm? on multiple occasions so I’m baffled as to why “ rc.func and rc.unslug were missing (adding manually didnt work either).”; especially if installing entware-opt fixed it, when that “should” already have been installed.

Anyway it’s a fix that’s out there but hopefully it’s not needed by most; the fewer steps the better.

 

[Aiadi]

Great that it’s working for you Aiadi, really pleased that you persisted and thanks for your feedback, your contribution in that regard was a large part of the learning process.

I know you removed and reinstalled entware and reset amtm? on multiple occasions so I’m baffled as to why “ rc.func and rc.unslug were missing (adding manually didnt work either).”; especially if installing entware-opt fixed it, when that “should” already have been installed.

Anyway it’s a fix that’s out there but hopefully it’s not needed by most; the fewer steps the better.

Thanks JK. No clues what this means but might it shed any light on the issue?:

 

[jksmurf]

Thanks JK. No clues what this means but might it shed any light on the issue?:

View attachment 58061

I’m not experienced enough to interpret that but please check @ColinTaylor feedback in separate note and maybe run the same commands after a new entware install to a blank USB on a second USB?

opkg list-installed

and

ls -al /opt/etc/init.d/

 

[JA93]

Big thanks again to all for their excellent help and guidance. Several attempts later trying different things, this sequence worked flawlessly for me. Not sure which of the extra steps I have followed finally managed to do the trick but I will post them to hopefully help with the final wiki:

View attachment 58052

Is the issue that your are eluding to here the broken entware installation via amtm? or is there another problem that you have managed to identify? Thank you again for your help.

Since it "should" be included by default I guess entwate was broken.. glad you could make it work!

 

[jksmurf]

I am currently on GT-AX6000_3004_388.7_alpha2-g90b483050e

Here’s an off the wall thought. ColinTaylor suggested your entware install was borked possibly due to full or corrupted USB.

As Viktor Jaeps AX6000 entware install works fine, the only other difference is maybe some file permissions, plus your main Router upstream of the AX6000.

Is there some remote possibility something in your main router or on your AX6000 strips the rc. files out because it thinks they are malware? Just an off the wall thought. I’m off for another beer.

Seems like it happened before too?

 

[Ripshod]

@Aiadi you've mentioned a few times about your entware install possibly being broken. Install Disk Checker and run it once (see what the log says after a reboot) - there may be some corruption on your usb drive.

 

[Aiadi]

Is there some remote possibility something in your main router or on your AX6000 strips the rc. files out because it thinks they are malware?

Highly plausible that it could be something due to partial install (don't know if having nextdns could be blocking some of the files) but what I cannot understand is why the problem is only intermittent with success at other times without changing any of my core settings. You might remember my earlier issue updating tailscale using CLI due to download consistently breaking at exactly 83%.

Install Disk Checker and run it once (see what the log says after a reboot)

Will certainly have a go at this. Thinking about a fresh firmware install today (yet another one) as I am not liking Alpha 2 very much and will go through these steps again.


On a perhaps slightly separate note and now that I am having great consistency running tailscale, what is the most efficient and reliable process to backup this whole setup and restore it to a new firmware install without having to go through the whole process again and again (if such a thing even exists). I have done some searches but could not find anything that sounded pretty straightforward and reliable. Any guidance is again very well appreciated.

 

[jksmurf]

what is the most efficient and reliable process to backup this whole setup and restore it to a new firmware install without having to go through the whole process again and again

Maybe consider BackupMon?

 

[kuki68ster]

Hi guys,

I'm practically running the same thing. I've replicated the tailscale install 2x without issues on the GT-AX6000 and RT-AX88U. Entware was installed as default through AMTM on initial setup.

1. opkg update
2. opkg install tailscale
3. tailscale update
4. modified this line in the /opt/etc/init.d/S06tailscaled file: ARGS="--tun=userspace-networking --state=/opt/var/tailscaled.state"
5. modified this line in the /opt/etc/init.d/S06tailscaled file: PREARGS="nohup"
6. /opt/etc/init.d/S06tailscaled start
7. tailscale up --accept-routes --advertise-routes=192.168.50.0/24 (and follow the link it generates)

From this point, rebooting your router will cause tailscale service to come up automatically, as per @Martinski's post a little ways up.

(EDIT: steps edited based on @ColinTaylor's latest findings)

Hi there,

Got it to work, following the instructions, so thank you for the tips @Viktor Jaep @JA93 @ColinTaylor and specially @jksmurf

 

[jksmurf]

Hi guys,

Hi there,

Got it to work, following the instructions, so thank you for the tips @Viktor Jaep @JA93 @ColinTaylor and specially @jksmurf

You’re a star ! Well done.

It’ll be good once the scripts mature and get into amtm but the successful installs are incredibly encouraging at this point.

 

[Viktor Jaep]

On a perhaps slightly separate note and now that I am having great consistency running tailscale, what is the most efficient and reliable process to backup this whole setup and restore it to a new firmware install without having to go through the whole process again and again (if such a thing even exists). I have done some searches but could not find anything that sounded pretty straightforward and reliable. Any guidance is again very well appreciated.

Backupmon is only designed to restore a router back to its same config and firmware level onto that same router. It is not advisable to restore a configuration from a previous firmware to a new firmware. Unfortunately, it is necessary at times to go through the whole process again, especially after doing a factory reset moving to a different firmware, or getting a new router in place.

 

[Aiadi]

Backupmon is only designed to restore to same firmware level.

This is what I had thought and hence checking whether there was some other way. Great script that Viktor anyway and wish that you could soon get your mitts on sorting something similar for Tailscale! How about a way to just back the tailscale settings up and restoring them??

 

[XIII]

3. Configure tailscale as an exit node and subnet router (then enable those options in the console). This is a one-time task.

# tailscale up --advertise-exit-node --advertise-routes=192.168.1.0/24

I'm completely new to Tailscale, but using Colin's instructions installation on the router was a breeze. Thanks!

PS: I initially thought it did not work, but I still had to manually approve subnets and exit nodes in the Tailscale admin console after step 3.

 

[ColinTaylor]

I'm completely new to Tailscale, but using Colin's instructions installation on the router was a breeze. Thanks!

PS: I initially thought it did not work, but I still had to manually approve subnets and exit nodes in the Tailscale admin console after step 3.

I've created a wiki page for the tailscale install procedure. Feel free to message me suggesting improvements or point out errors (there's already some stuff I forgot to add).

Installing Tailscale through Entware

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

 

[jksmurf]

I've created a wiki page for the tailscale install procedure. Feel free to suggest improvements or point out errors.

Installing Tailscale through Entware

Third party firmware for Asus routers (newer codebase) - RMerl/asuswrt-merlin.ng

github.com

Fantastic work and thanks once again for your time and patience Colin.

The kernel mode option (with the firewall-start addition) came as a really pleasant and welcome surprise; just testing it now to see if it stays up. So far so good.

#!/bin/sh

ENABLED=yes
PROCS=tailscaled
ARGS="--state=/opt/var/tailscaled.state" # Orig 158.2-1 Entware Install and for Kernel Mode only #
#ARGS="--tun=userspace-networking --state=/opt/var/tailscaled.state" # from Viktor Jaep and ColinTaylor for Userspace Mode only#
PRECMD="modprobe tun" # from ColinTaylor for Kernel Mode only#
PREARGS="nohup" # from ColinTaylor for both Kernel and Userspace Mode#
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

As regards suggestions, not a must but not everyone will want the Subnet Router AND Exit Node Options:

After this line:

tailscale up --advertise-exit-node --advertise-routes=192.168.50.0/24

Maybe state "If you just want subnet routes but not the exit node option, issue this:"

tailscale up --advertise-routes=192.168.50.0/24

And maybe state "If you just want the device added to your Tailnet without the subnet routes or exit node option, issue this:"

tailscale up

(I think this is correct?)

Maybe here, state that "it will generate a unique code for your machine, do not use 29ce323012ea8, that is just an example"

https://login.tailscale.com/a/29ce323012ea8

It might seem obvious to most here, but for me if you remove the possibility of someone trying to issue an old code, hopefully it will result in fewer SNAFUs.

[EDIT] Tailscale up commands edited to reflect Tailscale CLI

 

[Aiadi]

The kernel mode option (with the firewall-start addition) came as a really pleasant and welcome surprise

Thanks @ColinTaylor for the very well written Wiki and the work involved.

Would it be at all possible for you to please elaborate there on when a user should perhaps consider the "less performant" userspace method of installation?

Also would it be easy enough to add a method of uninstalling/ completely removing the Tailscale implementation by the user if needed?

Thanks again for your excellent work.

 

[jksmurf]

The kernel mode option (with the firewall-start addition) came as a really pleasant and welcome surprise; just testing it now to see if it stays up. So far so good.

Unfortunately my joy at kernel mode was relatively short lived, was hopeful there for a wee while.

Stayed up a good part of the day but then logged itself out.

Even restarting S06tailscaled, then checking the status says exactly that:

tailscale status
Logged out.
Log in at: https://login.tailscale.com/a/xxxxxxxxxxxxxx

Have reverted back to userspace mode for now. If I can capture logs for you somehow let me know, I will see what I can do.
Double checked I ran this to make firewall-start executable:

chmod a+rx /jffs/scripts/firewall-start

and had only this in firewall-start

#!/bin/sh
if [ -x /opt/bin/tailscale ]; then tailscale down; tailscale up; fi

and only added this to s06tailscaled

PRECMD="modprobe tun"
PREARGS="nohup"

NOTE: Was on 1.64.0 though, I can try again on 1.58.2-1 if you think it helps.

k.

[EDIT]

Just uninstalled Tailscale again (thanks to Wiki) and reinstalled using kernel mode. In doing so I realised I had omitted to leave the ARGS= line unchanged (I had #'d it out) when I amended/added the PRECMD and PREARGS lines, so am trying again. This is my kernel mode S06tailscaled file, with the (original) ARGS (now) left operable:

#!/bin/sh

ENABLED=yes
PROCS=tailscaled
ARGS="--state=/opt/var/tailscaled.state"  # Orig 158.2-1 Entware Install - leave as is for Kernel Mode only #
#ARGS="--tun=userspace-networking --state=/opt/var/tailscaled.state" # from Viktor Jaep and ColinTaylor for Userspace Mode only #
PRECMD="modprobe tun" # from Colin Taylor for Kernel Mode Only #
PREARGS="nohup" # from Colin Taylor for both Kernel and Userspace Mode #
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

Will let it run on 1.58.2-1 for a wee while, then if OK try the tailscale update.

 

[kuki68ster]

Unfortunately my joy at kernel mode was relatively short lived, was hopeful there for a wee while.

Stayed up a good part of the day but then logged itself out.

Even restarting S06tailscaled, then checking the status says exactly that:

tailscale status
Logged out.
Log in at: https://login.tailscale.com/a/xxxxxxxxxxxxxx

Have reverted back to userspace mode for now. If I can capture logs for you somehow let me know, I will see what I can do.
Double checked I ran this to make firewall-start executable:

chmod a+rx /jffs/scripts/firewall-start

and had only this in firewall-start

#!/bin/sh
if [ -x /opt/bin/tailscale ]; then tailscale down; tailscale up; fi

and only added this to s06tailscaled

PRECMD="modprobe tun"
PREARGS="nohup"

NOTE: Was on 1.64.0 though, I can try again on 1.58.2-1 if you think it helps.

k.

[EDIT]

Just uninstalled Tailscale again (thanks to Wiki) and reinstalled using kernel mode. In doing so I realised I had omitted to leave the ARGS= line unchanged (I had #'d it out) when I amended/added the PRECMD and PREARGS lines, so am trying again. This is my kernel mode S06tailscaled file, with the (original) ARGS (now) left operable:

#!/bin/sh

ENABLED=yes
PROCS=tailscaled
ARGS="--state=/opt/var/tailscaled.state"  # Orig 158.2-1 Entware Install - leave as is for Kernel Mode only #
#ARGS="--tun=userspace-networking --state=/opt/var/tailscaled.state" # from Viktor Jaep and ColinTaylor for Userspace Mode only #
PRECMD="modprobe tun" # from Colin Taylor for Kernel Mode Only #
PREARGS="nohup" # from Colin Taylor for both Kernel and Userspace Mode #
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func

Will let it run on 1.58.2-1 for a wee while, then if OK try the tailscale update.

How is kernel mode holding?

 

[jksmurf]

How is kernel mode holding?

So far so good, after my reinstall early this morning, so I am about 7 hours in on the corrected S06tailscaled and with 1.58.2-1. Tested using my phone on LTE only. So assuming it holds I am going to do the 1.58.2-1 to 1.64.0 update later this afternoon and see if that still holds.

Not sure why it bailed out yesterday, I was doing a few things with Firmware updates at the time, as well as starting with 1.64.0 and an incorrect S06tailscaled script, so maybe that was it.