Logo Neurocoda

Setting up Tailscale on OpenWrt for Internal Network Penetration

Neurocoda
Neurocoda
2026-07-03 12:46:35 303 Words 2 Mins ...

{% notel default fa-info 💡 %}
😀 Recently, I configured a bypass gateway using the Octopus Planet S912, and the experience was decent. Later, I thought about setting up internal network penetration to interact with devices on the internal network when away from home. A friend previously recommended Tailscale as a convenient tool, which inspired this blog post.
{% endnotel %}

Installing Tailscale

I used the following project; readers may consider other deployment methods:
https://github.com/adyanth/openwrt-tailscale-enabler

Specific commands:

  • Connect to OpenWrt via ssh:
ssh root@<IP>
  • Download the project (you can choose the version yourself):
Terminal window
wget <https://github.com/adyanth/openwrt-tailscale-enabler/releases/download/v1.60.0-e428948-autoupdate/openwrt-tailscale-enabler-v1.60.0-e428948-autoupdate.tgz>

  • Extract the downloaded archive:

    tar x -zvC / -f <File Name>

  • Update and install dependencies:

    opkg update
    opkg install libustream-openssl ca-bundle kmod-tun

  • Enable auto-start on boot:

    /etc/init.d/tailscale enable
    ls /etc/rc.d/S*tailscale*

  • Start Tailscale:

    /etc/init.d/tailscale start
    tailscale up

  • Enable subnet routing:

    tailscale up --accept-routes --advertise-routes=192.168.1.0/24 --accept-dns=false

    Note: The format of the advertise-routes parameter may vary. Simply put, take the first three parts of your current OpenWrt IP address, set the last part to 0, and use subnet mask 255.255.255.0. That is <original>.<original>.<original>.<0>/24. For example, if my OpenWrt IP is 192.168.1.254, then I need 192.168.1.0/24.

  • In the Tailscale admin console, go to routing settings, check the box, and save.

Configuring OpenWrt

Configuring Network Interface

In the LuCI interface:

  1. Add Interface
    • Go to Network > Interfaces > Add New Interface.
    • Name: tailscale
    • Protocol: Static address
    • Device: Select tailscale0
    • IPv4 address: Enter the IP assigned by Tailscale to the router (e.g., 100.x.x.x).
    • Subnet mask: 255.0.0.0
    • Firewall zone: Select lan.
  2. Save and apply changes.

Adding Firewall Rules

In the LuCI interface:

  1. Go to Network > Firewall > Custom Rules.
  2. Add the following to allow Tailscale traffic:
Terminal window
iptables -I FORWARD -i tailscale0 -j ACCEPT
iptables -I FORWARD -o tailscale0 -j ACCEPT
iptables -t nat -I POSTROUTING -o tailscale0 -j MASQUERADE
  1. Save and restart the firewall.


That’s it.

Title: Setting up Tailscale on OpenWrt for Internal Network Penetration Author: Neurocoda Created at: 2026-07-03 12:46:35 Link: https://neurocoda.com/zh/posts/setting-up-tailscale-on-openwrt-for-internal-network-penetration-en/ License: This work is licensed under CC BY-ND 4.0.

Comments