I was checking the GL.iNet site to see if there were any firmware updates available for the GL.iNet GL-AXT1800 travel router. There was a new beta firmware available, and the changelog mentioned Tailscale, Zerotier, and some other new VPN-related features.

Basic Tailscale functionality seems to work fine

Setting up Tailscale with the new beta firmware is pretty slick! You tick the enable checkbox, and it gives you a link to click to authenticate the router as a new node on your tailnet. If you are already logged into Tailscale with that web browser, then you’re already done. You can now reach the router from your tailnet.

Tailscale GUI on new GL.iNet OpenWRT Router Firmware

If you click the allow LAN access button, the router will register itself as a subnet router for the appropriate network.

There is an allow WAN access button, but I am not quite sure what it does. I assume it has something to do with using the GL.iNet router as an exit node, but you don’t normally need to do anything on the client to enable that. Maybe OpenWRT requires some firewall rule changes to make this work correctly.

One thing that feels weird is that Tailscale and Zerotier are listed under Applications and not under VPN. I am assuming this is because these two mesh VPN systems aren’t under the control of the cool new VPN Dashboard.

I still can’t make the GL-AXT1800 route through an exit node

I was hoping there would be buttons for this in the new GUI!

I did ssh in and ran some variations of tailscale up --exit-node=<hostname> --exit-node-allow-lan-access. I couldn’t make it work.

The new VPN interface looks awesome

I don’t know exactly how much of this VPN GUI interface is new. There is a VPN control panel on the version 3 firmware of my GL.iNet Mango. There was a VPN interface in whatever firmware shipped on the GL-AXT1800. There are definitely more knobs and buttons in the 4.2 beta firmware that I installed yesterday.

There are buttons for blocking non-VPN traffic or allowing VPN clients to access the router’s WAN interface. You can also decide which traffic flows through which VPN tunnel based on the target addresses, by client device, or based on VLAN.

VPN Interface on new GL.iNet OpenWRT Router Firmware

These are things that can absolutely be accomplished with stock OpenWRT. In fact, if you set these things up at the OpenWRT CLI, you will almost definitely have more fine-grained control over everything.

You have to know what you’re doing to make that happen, and it will require a lot more work than checking two or three boxes in the GL.iNet GUI.

It is awesome that I can ignore or even sometimes remove GL.iNet’s GUI and still have an OpenWRT router. Maybe that is what I want to do with the router installed permanently at my home. If I am out in the field trying to solve a problem, I am happy to know that I can pull out my GL.iNet travel router and click a few buttons to temporarily solve it.

Which GL.iNet routers can run this new interface?

I was curious about this, so I clicked around in the firmware download section of their site. I knew that my $20 Mango is stuck at version 3.125, but I was curious what the smallest or cheapest GL.iNet router with the new interface might be.

I did not do an exhaustive search, so I certainly may have missed something, but it seems like only the WiFi 6 routers are getting the version 4 firmware.

I am excited that Tailscale is right there on the menu!

Installing Tailscale on an OpenWRT router isn’t exactly difficult, but getting Tailscale to do anything interesting on an OpenWRT router ranges from challenging to impossible.

My friends and I keep talking about wanting to be able to drop an OpenWRT router in between something like an Apple TV or Fire TV and the Internet so we can route our streaming traffic through one of our Tailscale exit nodes. I have had limited success with the older firmware on the Mango, but I have had zero success on anything with more modern versions of OpenWRT.

I am hopeful that the inclusion of Tailscale in GL.iNet’s GUI means that better Tailscale support on OpenWRT will be arriving sooner rather than later. This sure feels like a killer feature for a travel router, doesn’t it?!