RUTX11 Tailscale Exit Node Not Routing

Hi All,

Having issues with making a RUTX11 function as an exit node in tailscale. Exit node is enabled and approved in the tailscale admin dashboard, but it seems like the Teltonika is either breaking the route somehow, or there is a firewall rule I cannot find thats blocking the connection.

On a client device set to use the RUTX11 as an exit node, traceroute shows that traffic is indeed going via the rutx as its first hop, but fails from there. nslookup shows that dns is going via the tailnet too. If I try and ping an external ip directly, it fails, so there is either a routing issue, or firewall… anyone had success with this? Teltonika is running latest firmware.

Worth noting that connecting directly to the router via its tailscale IP works perfectly fine, and so does the rutx advertising its local subnets into the tailnet.

There appears to be no default route applied in table 52 (which I believe is the routing table tailscale uses) Feels like there should be, unless tailscale handles this elsewhere?

Hello,

Apologies for the delay, and thank you for bringing this issue to our attention.

I’ve forwarded all the information regarding the described issue to our R&D team so they can take a closer look into this behavior with the Tailscale exit node. I’ll make sure to keep you updated as soon as we have any feedback or findings from them.

Thank you for your patience and collaboration.

Best regards,

Thanks @Martynas,

Look forward to an update.

Cheers

Hello,

I’ve checked the Exit Node routing setup as suggested by R&D, and it appears to be working as intended now. Assuming the exit node is enabled both on the Tailscale machine’s dashboard and in the RUTX11 WebUI (Services → VPN → Tailscale), you can run the following command on the client device:

tailscale up --exit-node=<exit_node_IP> --reset

image870×534 18.7 KB

image502×162 8.76 KB

After this, when performing a traceroute, packets should be forwarded through the exit node, and you should see the subsequent hops accordingly.

Could you please give this a try on your side and let me know if it works as expected?

Best regards,

Hi @Martynas,

Unfortunately this still doesn’t work. I appreciate the steps listed, but that is the setup already in place. For clarity, please see the following screenshots.

Exit Node Enabled on Rutx11

Screenshot 2025-06-05 at 5.10.53 pm254×155 3.31 KB

Exit Node Authorised in Tailscale Admin for the Rutx11

Screenshot 2025-06-05 at 5.10.32 pm480×219 10.4 KB

The next terminal screenshots shows the following:

1. Running the CLI command to set the exit node on the client.
2. A traceroute showing that the first hop is going via the rutx (via tailscale), but then fails to route any further.
3. Showing a ping to the outside world does not respond.
4. Finally, pinging a local subnet at the Rutx11 side, which shows there is successful connectivity between local subnets.
   
   

   Screenshot 2025-06-05 at 6.30.31 pm1524×1218 158 KB

And finally, to show the CLI command was succesful, below is a screenshot from Tailscale’s MacOS GUI showing the rutx11 is selected as the Exit node on the client machine

Screenshot 2025-06-05 at 6.32.49 pm1192×352 256 KB

Please can I ask that your R&D team look a little deeper, and let me know if you would like a copy of this routers overall configuration.

Thanks,

Cam

Hello @techtsmin

Thank you for the update and for giving it a try. To assist you effectively, we’ll need to continue this process privately. You should find a support request form in the inbox of the email address you used for your forum registration. Kindly fill out the form, and please reference Ticket ID: 13311 when submitting it. Once the form is completed, we’ll contact you directly via email to investigate the issue in detail and help work towards a solution.

Best regards,

Thanks @Martynas, form has been submitted.

This topic was automatically closed after 60 days. New replies are no longer allowed.