anasfanani/Magisk-Tailscaled

subnet routes is not work on my devices

SAFEluren opened this issue · 5 comments

SAFEluren commented

as title, ts subnetroutes is not work on my devices

When I use Tailscale Andorid, I can access it fine.

Here's what I tried on the console:

https://pastebin.ubuntu.com/p/vTQ2Nc6h7h/

Let me know if you need more information

anasfanani commented

maybe because tailscale is in mode userspace-networking with proxy, any network traffict from device to other device must going to local socks5 proxy on port 1099

you may check latest pre-release at https://github.com/anasfanani/Magisk-Tailscaled/releases and try add ip to the iptables.

anyway I'm not yet use the subnetroutes feature, for now I cant help so much because I dont have enough knowledge for subnetroutes.

SAFEluren commented

After updating to the pre-release version, the subroutes still don't work, and when accessing the Subroutes IP in a browser, this will prompt ERR_CONNECTION_TIMED_OUT. but it is possible to access other devices in the tailnet.
In any case, thank you!
(Machine translated by DeepL)

anasfanani commented

Bellow is just for notes in case other people asking the exit node.

Exit Nodes

I trying use Android as exit node based on this documentation:
https://tailscale.com/kb/1103/exit-nodes?tab=linux#advertise-a-device-as-an-exit-node

I see the problem at file /etc/resolv.conf

Current available solution for dns error while using android as exit node is:

su
mkdir -p /data/adb/modules/magisk-tailscaled/system/etc/
printf "nameserver 1.1.1.1\nnameserver 1.0.0.1" >> /data/adb/modules/magisk-tailscaled/system/etc/resolv.conf

Then reboot the device.

In second machine I'm using Ubuntu in AWS for test exit node

sudo tailscale up --exit-node=100.123.227.100

After enter the command, my connection to the Ubuntu machine is disconnect, I dont know why, but I check in the tailscale dashboard my device still connected to the machine, so I reconnect it with ssh ubuntu@100.68.147.73

Connection success.

Try to check which network is used for internet connection with curl ipinfo.io -v and show my Ubuntu machine is using IP from my Android.

But when try curl to 192.168.1.1 (Wi-Fi router connected in my Android network), the connection is timed out.

I assume the exit node is partially working ( or my configuration is wrong ).

Subnet Routes

Based on this documentation https://tailscale.com/kb/1019/subnets

I'm using OpenWRT for testing, first I need Enable IP forwarding, then advertise routes in the OpenWRT machine.

sudo tailscale up --advertise-routes=192.168.0.0/24,192.168.1.0/24

After that Enable subnet routes from the admin console

image

Now go to my Ubuntu machine to test the subnet routes is working or not.

sudo tailscale up --accept-routes

Then test the connection

ubuntu@ip-172-31-45-215:~$ curl 192.168.1.1 -v
*   Trying 192.168.1.1:80...
* Connected to 192.168.1.1 (192.168.1.1) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.1
> User-Agent: curl/7.81.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Connection: Keep-Alive
< Keep-Alive: timeout=20
< ETag: "2db0-30c-6531a3aa"
< Last-Modified: Thu, 19 Oct 2023 21:46:18 GMT
< Date: Thu, 02 May 2024 22:17:17 GMT
< Content-Type: text/html
< Content-Length: 780
<
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
        <head>
                <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
                <meta http-equiv="Pragma" content="no-cache" />
                <meta http-equiv="Expires" content="0" />
                <meta http-equiv="refresh" content="0; URL=cgi-bin/luci/" />
                <style type="text/css">
                        body { background: white; font-family: arial, helvetica, sans-serif; }
                        a { color: black; }

                        @media (prefers-color-scheme: dark) {
                                body { background: black; }
                                a { color: white; }
                        }
                </style>
        </head>
        <body>
                <a href="cgi-bin/luci/">LuCI - Lua Configuration Interface</a>
        </body>
</html>
* Connection #0 to host 192.168.1.1 left intact

My subnet routes is perfectly working.

Now switch to the Android phone with Magisk-Tailscaled module installed the pre-release version and execute this as root.

su
tailscale up --accept-routes

Because my latest pre-release version add the socks5 tunnel with interface named as tailscale0, now I test the connection to my OpenWRT router using curl on specific interface, my android is connected to 4G LTE network.

curl 192.168.1.1 -v --interface tailscale0

or I can use socks5 directly

curl 192.168.1.1 -v -x 0.0.0.0:1099

Connection success.

For subnet routes solution for now is add your own iptables route in /data/adb/tailscale/scripts/tailscaled.tun.up and /data/adb/tailscale/scripts/tailscaled.tun.down file.

tailscaled.tun.up is executed when tailscaled started.
tailscaled.tun.down is executed when tailscaled stopped.

  • 👍1
SAFEluren commented

Thanks, I didn't let traffic through the socks tunnel earlier.🤓

  • 👍1
anasfanani commented

Thankyou brother for open issue, let me close this issue because already fixed, however you may check latest version.

https://github.com/anasfanani/Magisk-Tailscaled/releases/tag/v1.66.0.1

But all your modifed files in tailscaled.tun.up tailscaled.tun.down is replaced when you flash this.