Im trying to get tailscale working but I see return traffic from hosts inside the RUTX11 LAN subnet trying to return traffic via qmimux0; rather than tailscale0.
I can’t find how to make it return traffic via tailscale0 to the source.
You can see that from gateway it returns via tailscale0; but traffic from the 192.168.7.0/24 subnet is returning traffic via qmimux0?
root@RUTX11:/usr/local/home/admin# ip route show
default via 10.10.20.1 dev eth1 proto static src 10.10.20.52 metric 1
default dev qmimux0 proto static scope link src 100.95.130.4 metric 3
10.10.20.0/24 dev eth1 proto static scope link src 10.10.20.52 metric 1
100.95.130.4 dev qmimux0 proto static scope link src 100.95.130.4 metric 3
172.16.1.0/24 dev eth0.172 proto kernel scope link src 172.16.1.1
192.168.7.0/24 dev br-lan proto kernel scope link src 192.168.7.200
root@RUTX11:/usr/local/home/admin# ip rule show
0: from all lookup local
1: from all to 10.8.0.0/24 iif br-lan lookup 1
1: from all iif eth0.172 oif eth1 lookup 2
3: from all iif br-lan lookup 2
3: from all iif br-lan lookup 2
4: from all nop
1001: from all iif eth1 lookup 1
1002: from all iif qmimux0 lookup 2
1310: from all fwmark 0x80000/0xff0000 lookup main
1330: from all fwmark 0x80000/0xff0000 lookup default
1350: from all fwmark 0x80000/0xff0000 unreachable
1370: from all lookup 52
1501: from 10.10.20.52 lookup 1
2001: from all fwmark 0x100/0x3f00 lookup 1
2002: from all fwmark 0x200/0x3f00 lookup 2
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
3001: from all fwmark 0x100/0x3f00 unreachable
3002: from all fwmark 0x200/0x3f00 unreachable
32766: from all lookup main
32767: from all lookup default
I found that once I disabled my mobile SIM connection; it started to work using the WAN interface. Im not sure I understand why as yet; as it should route over either connection.
First, to understand this issue better, could you kindly clarify what the primary goal is in your setup? I assume you’re aiming to route all traffic from your tailscale tailnet hosts through the tailscale exit node running on the RUTX11, or is the intention different?
Additionally, just to check, is the failover enabled in your current setup? There’s a known issue where using a tailscale exit node or default route together with failover can cause unexpected routing behavior. This is planned to be resolved with the upcoming 7.17 firmware release.
I have two internal networks, br-lan and vlan172. br-lan uses the 4G as the default route. and vlan172 uses the WAN as the default route. Both have failover profiles applied. I had openvpn working that allowed me to access the hosts on br-lan without an issue; but now testing with tailscale; my remote tailscale host can only see return traffic/icmp reply when pinging the br-lan gateway. If I disconnect the 4G ; then it works pinging hosts on the br-lan subnet. I though it was a conflict with my 4G sim having a 100.x.x.x IP address.. but this is just coincidence.
Im not using tailscale as the exit node; as I’d like internal traffic on the RUT to continue to use the respective internet routes via 4G network or the WAN network.
Tailscale creates a custom routing table 52 for tailscale routes. During mwan3 setup it deletes routes from custom routing tables if those routing tables aren’t associated with mwan3 interfaces.
As Martynas has mentioned, there will be a fix for this issue in RUTOS 7.17
