Tailscale Exit node broken after V1.37(ABWV.0)

Alanl

Hello just upgrade my USG Flex 200H to 1.37 today. Tailscale is no longer able to be seen as available as an exit node on my clients. The devices is reporting as offline even though no setting other than firmware was applied.

I logged into the the tailscale web site and it is reporting that it was last seen right before the USG was upgrade but the device is not reporting as online.

Any help would be helpful.

Zyxel_Barry

Hi @Alanl,

I understand you're experiencing an issue with your USG FLEX 200H where Tailscale is no longer recognized as an available exit node after updating to firmware V1.37(ABWV.0), and the device is reporting as offline.

Here are some initial steps to troubleshoot this issue:

• Verify Exit Node Configuration: Log in to your Tailscale portal and confirm that the exit node option is still enabled for your USG FLEX H device.

• Check Tailscale VPN Status on the USG FLEX H:

  • SSH to your USG FLEX 200H or open local GUI web console.
  • Type in "cmd tailscale show status"

• Review Advertised Networks and Accepted Routes: In the Tailscale configuration on your USG FLEX 200H, ensure that you have correctly configured "Other Site Networks (Advertised Network)" to share your LAN subnets and "Accept Route" to receive and use routes from other Tailscale devices. You will also need to approve these routes in the Tailscale admin console for full communication.

• Check for IP Helper Service: If you are using a Windows client, ensure that the IP Helper Service is running.
• Port 41641/UDP: Verify that port 41641/UDP is allowed for connection on your network.
• Key Expiry: Confirm that "Key Expiry" is disabled in the Tailscale console to prevent silent disconnections. If keys have expired, log out on the firewall, remove the device from the Admin Console, and re-add with a new key.

To help me further investigate this issue, please provide the following information:

• Network Topology Map: A simple diagram showing how your USG FLEX 200H is connected to your network and where your clients are located.

• Screenshots:

  • Screenshots of your Tailscale VPN configuration on the USG FLEX 200H (local GUI).
  • Screenshots of the device status in the Tailscale admin console.
  • Any error messages you are receiving.

• Nebula Support Access: If your USG FLEX 200H is registered to Nebula, please enable Zyxel Support Access via Help > Support Request in the Nebula console. This allows our support team to directly view your cloud environment configuration, significantly shortening troubleshooting time. Please also provide your Organization and Site name.

Alanl

The clients are reporting the USG device as offline. Replied with all the information in a PM. I gave support access via control center and created case -

260101483

Zyxel_Melen

Hi @Alanl

We tried your configuration in our lab, but we didn't encounter your issue.

Do you mean your firewall is offline on the Tailscale? If so, please help to invite our agent to your Tailscale and enable Zyxel support access so we can help to check. I will send you the agent's info in the private message.

Zyxel_Melen

Update:

This issue is resolved after update a new Tailscale API key. However, the API key was set to no change.

If anyone encounter the same issue and can resolve by changing API key, please let us know.