Note:
These are smaller Tailscale packages for OpenWrt, specifically designed to reduce storage usage while maintaining essential functionality.optimized:
- Combined
tailscaleandtailscaledinto a single binary. - Built with the
--extra-smallflag to significantly reduce binary size. - UPX compression applied to binaries (except for mips64 architecture) to further reduce storage usage.
Repository Setup
Import the public key used to verify package signatures:
Run this command on your OpenWrt device:
wget -O /tmp/key-build.pub https://gunanovo.github.io/openwrt-tailscale/key-build.pub && opkg-key add /tmp/key-build.pub
Add the package feed to your OpenWrt configuration:
Edit /etc/opkg/customfeeds.conf:
echo "src/gz openwrt-tailscale https://gunanovo.github.io/openwrt-tailscale" >> /etc/opkg/customfeeds.conf
Or manually add this line:
src/gz openwrt-tailscale https://gunanovo.github.io/openwrt-tailscale
Installation Methods
Choose your preferred method to install Tailscale on OpenWrt:
Web UI:
- Navigate to System → Software ;
- Click Update lists to refresh packages ;
- Search for "tailscale" ;
- Install the main package and any desired utilities ;
Command Line:
opkg update opkg install tailscale
Note: The "failed log upload" message during installation is expected and can be safely ignored.
Post-Installation Steps
After installation, you need to configure Tailscale to connect your device to the Tailscale network.
Run the following command to start Tailscale and configure it:
tailscale up \
--accept-dns=false \
--advertise-routes=10.0.0.0/24 \
--advertise-exit-node
If you're using OpenWrt == 22.03 you will also need to specify --netfilter-mode=off.
For versions 23+ do NOT include netfilter-mode.
Tips:
- Consider adding
--hostname=your-router-namefor easier identification.
Note:
If you encounter any of the following situations:- Your device has limited RAM, and during usage, Tailscale consumes an excessive amount of memory;
- Or Tailscale is killed and restarted by the OOM Killer;
- Or you’re not sure why Tailscale keeps restarting unexpectedly;
Then you may try trading higher CPU usage for lower memory usage. Here's how:
- Edit the
/etc/init.d/tailscalefile: - Locate the following line:
- Append
GOGC=10to the end of that line so it becomes:
vi /etc/init.d/tailscale
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode GOGC=10"
This will make Tailscale more aggressive in memory garbage collection.
Note:
这是为 OpenWrt 精简定制的 Tailscale 软件包,旨在在保持核心功能的同时,尽可能降低存储占用。优化内容:
- 将
tailscale和tailscaled合并为一个单一的可执行文件。 - 使用
--extra-small编译标志以显著减小二进制文件体积。 - 使用 UPX 对二进制文件进行压缩(mips64 架构除外),进一步降低存储占用。
软件源设置
导入用于验证软件包签名的公钥:
在你的 OpenWrt 设备上执行以下命令:
wget -O /tmp/key-build.pub https://gunanovo.github.io/openwrt-tailscale/key-build.pub && opkg-key add /tmp/key-build.pub
将软件源添加到你的 OpenWrt 配置中:
编辑 /etc/opkg/customfeeds.conf 文件:
echo "src/gz openwrt-tailscale https://gunanovo.github.io/openwrt-tailscale" >> /etc/opkg/customfeeds.conf
或者手动添加以下内容:
src/gz openwrt-tailscale https://gunanovo.github.io/openwrt-tailscale
安装方式
请选择你喜欢的方式安装 Tailscale:
Web 界面方式:
- 打开 系统 → 软件包(System → Software);
- 点击 更新列表(Update lists) 以刷新软件包;
- 搜索 "tailscale" ;
- 安装主软件包及其他你需要的工具组件 ;
命令行方式:
opkg update opkg install tailscale
Note: 安装过程中出现 "failed log upload" 报错属于预期现象,可放心忽略。
安装后步骤
安装完成后,需要配置 Tailscale 以将设备接入 Tailscale 网络。
执行以下命令:
tailscale up \
--accept-dns=false \
--advertise-routes=10.0.0.0/24 \
--advertise-exit-node
如果你的OpenWrt版本为22.03,你还需要添加 --netfilter-mode=off 参数, 对于 OpenWrt 23+ 则不应该包含该参数
Tips:
- 建议添加
--hostname=your-router-name参数,以便在 Tailscale 网络中更容易识别该设备。
NOTE:
如果你遇到以下情况:- 设备运行内存有限,在使用过程中出现tailscale占用极高运行内存;
- 或直接致使tailscale被OOM KILLER杀死并重启;
- 或你不清楚什么原因导致tailscale异常重启;
则,你可以尝试以更高的CPU占用换取较低的内存占用,操作如下:
- 修改
/etc/init.d/tailscale文件 - 找到以下一行:
- 在该行后方加上参数
GOGC=10,使其变为:
vi /etc/init.d/tailscale
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode GOGC=10"
该参数将使 Tailscale 更积极地回收内存。
Feed Security Statement 软件源安全声明
All .ipk packages provided by this OpenWrt software feed are built automatically via
GitHub Actions,
with a fully open-source, transparent, and auditable process.
You can review the build workflows, scripts, logs, and release history at: https://github.com/GuNanOvO/openwrt-tailscale
Build Integrity & Transparency
- Built from Official Source: All binaries are compiled from official Tailscale release source code, without any functional modifications. UPX is optionally used for binary compression.
- Fully Public Workflow: All build scripts, packaging steps, compiler flags, and release assets are open for community audit.
- Automated & Reproducible: Builds are performed in GitHub's CI environment, eliminating the risk of manual tampering.
Security Best Practices
- Minimal Attack Surface: The feed is served statically via GitHub Pages, with no dynamic code or backend logic.
- No Manual Uploads: All artifacts are generated directly from source during automated CI runs — never uploaded manually or by third parties.
User Recommendations
To further validate the feed's trustworthiness, users are encouraged to:
- Review the GitHub Actions workflows and build history
- Reproduce builds locally or via GitHub to verify reproducibility
- Verify checksums or cryptographic signatures (e.g., SHA256 or
usign) of downloaded packages
Disclaimer
While every effort has been made to ensure the security, transparency, and integrity of this feed, it is provided as-is, with no warranties. Users should always evaluate the source code, build process, and decide independently whether to trust and use these packages.
For a safer OpenWrt experience, it is recommended to use packages only from this feed or other trusted sources, and stay up to date with the repository.
所有本软件源中的 .ipk 软件包均通过
GitHub Actions 自动化构建,构建流程开源、透明、可审计。
详细的构建脚本、日志和发布历史可在以下仓库查看: https://github.com/GuNanOvO/openwrt-tailscale
构建透明性与可信性
- 构建基于 Tailscale 官方源代码: 不做任何功能性更改,仅使用 UPX 等开源工具进行二进制压缩以减小体积。
- 完全公开的工作流程: 构建脚本、打包流程、编译参数等均完全公开,供任何人审查验证。
- 自动化与可复现性: 构建过程由 CI 自动执行,避免人为干预,构建结果具备可复现性。
安全保障原则
- 最小攻击面原则: Feed 页面托管在 GitHub Pages,无需动态服务或后端执行,攻击面极小。
- 零人工上传: 构建产物完全由 CI 自动生成,无任何第三方上传或手动干预。
用户使用建议
为了进一步验证本软件源的安全性,建议用户:
- 审查 GitHub Actions 构建脚本和构建日志
- 使用本仓库脚本在本地或 GitHub 上自行构建 以验证可复现性
- 校验 .ipk 软件包的哈希值或签名(如 SHA256 或
usign)
风险提示
尽管本项目已尽最大努力确保 Feed 的安全性、透明度与可信性,本软件源仍然是 “按原样”提供,不附带任何形式的担保。请用户自行评估源代码与构建过程,并据此判断是否使用。
为确保系统安全,请尽量从本源或 其他可信来源 获取软件包,并关注仓库更新动态。