LuCI web interface for managing Tailscale on OpenWrt routers.
Inspired by asvow/luci-app-tailscale, this project is a major redesign that eliminates conflicts with the standard OpenWrt tailscale package. See Motivation for details.
Auto-detects opkg / apk and installs the latest release:
wget -qO- https://raw.githubusercontent.com/vad-b/luci-app-tailscale-ng/main/install.sh | shAfter installation, navigate to VPN -> Tailscale NG in the LuCI web interface.
Need manual package install options instead? See Manual Installation.
| Authentication | Settings | Status |
 |
 |
 |
The original asvow/luci-app-tailscale project is excellent and inspired this work, but its integration model is tightly coupled to core files from the OpenWrt tailscale package, which leads to three operational drawbacks:
- Invasive install: During installation,
asvow/luci-app-tailscalereplaces coretailscalefiles (/etc/init.d/tailscaleand/etc/config/tailscale) and takes ownership of them. - Breaking uninstallation: When
asvow/luci-app-tailscaleis removed, those same files are deleted, leaving the stocktailscalepackage non-functional. - Restore normal operation: To recover normal Tailscale operation, you must recreate the removed files manually or reinstall the
tailscalepackage.
See asvow/luci-app-tailscale#31 for details.
The goals of luci-app-tailscale-ng are:
- keep integration non-conflicting with the standard OpenWrt
tailscalepackage - make the OpenWrt Tailscale UI closer to the Tailscale management UI in pfSense and OPNsense
luci-app-tailscale-ng takes a non-invasive approach:
- Does not replace any files from the
tailscalepackage - the original/etc/init.d/tailscaleand/etc/config/tailscaleremain untouched - Adds its own UCI config (
/etc/config/luci-app-tailscale-ng) and init script (/etc/init.d/luci-app-tailscale-ng) that work alongside the standard ones - Manages
tailscale upparameters by reading settings from its own config and applying them via thetailscaleCLI - Combines two configs in the UI - settings from the standard
tailscaleconfig (port, state file, firewall mode, logging) and our extended config (auth, DNS, routing, exit nodes) are presented on a single page
This means you can install and remove the package at any time without breaking your Tailscale setup.
- Enable/disable Tailscale service with auto-start on boot
- Configure listen port, state file path, firewall mode
- Login status with one-click authentication link
- Configure control server URL and pre-authentication keys
- Accept DNS / Accept subnet routes
- Advertise as exit node or select a remote exit node (with auto-detection of exit nodes)
- Advertise local subnets (with auto-detection of LAN/WAN networks)
- Pass additional
tailscale upflags - Live status dashboard (tailscale status, IP, interface, netcheck, DNS)
- Automatic settings reapply on network interface changes via hotplug
Right now this package provides Tailscale management in LuCI (service control,
tailscale upsettings, and status visibility). It does not automatically create Tailscale interfaces or firewall rules yet. See Roadmap for planned automation.
- Auto-create network interfaces and firewall zones/rules for Tailscale
- Import existing Tailscale settings on first install (read current running parameters and populate the config)
- Backup and restore of the Tailscale state file
- Update Tailscale directly from the web UI (both standard and size-optimized builds for memory-constrained devices)
Download the latest .ipk package from Releases, upload it to the router's /tmp directory, then:
opkg install /tmp/luci-app-tailscale-ng_*.ipkDownload the latest .apk package from Releases, upload it to the router's /tmp directory, then:
apk add --allow-untrusted --upgrade /tmp/luci-app-tailscale-ng_*.apk- asvow/luci-app-tailscale - the project that inspired this work