Using Tailscale SubNet Routing and Flex Radio

Alan · March 11

There have been others observe that when using TailScale VPN subnet routing, that your Flex Radio does not work, including no audio, no pan adapter streams and DAX not showing audio. All these use UDP broadcast packets, which TailScale subnet routing "captures" never to be seen again by the Flex radio on the LAN.

I wanted to find a solution to allow me to access my home network when away. Normally, TailScale is a device to device VPN, that is easy to set up and secure. But what about the other devices on the home network, like the PG-XL and TG-XL you want to access remotely? You cannot install Tailscale on these devices.

The solution is in setting up the TailScale "advertised" sub net. I have TailScale set up on my AppleTV. The "default" advertised subnet is your subnet starting at "0", with a "24" mask. This will advertise your subnet addresses from ****.****.****.0 to ****.****.****.254. This is all the available address, which your Flex Radio will also reside.

The solution is to first, use a mask of "25" as shown below. This will advertise IPs addresses ****.****.****.0 to ****.****.****.128. Now move your Flex radio to an IP greater than ****.****.****.129. All done.

I like to use DHCP reservations, so just change the IP in the reservation table, or if you prefer static IPs, change that on the Flex radio, If you change the DHCP reservation table, be sure to re-boot the radio, to force it to use the new IP.

Now, the Flex radio is not within the advertised TailScale Subnet router, and will be left alone. All of the Flex UDP broadcasts now work, and for devices within the advertised subnet, you can access them from outside your LAN, as long as you are logged into TailScale.

One hich….no UDP packets will move to the WAN via Tailscale. This is not a problem if you do not use UDP, but what about the genius utilities, that depend on receiving a UDP packet with the connection information? This is a problem.

First, I tested using the "Genius Tools' from my Mac SmartSDR. The tool allows you to enter the LAN IP of the AG, PG or TG. Works great when outside the LAN via TailScale.

Not so much with the AG, PG and TG window utilities. No way to manually enter the IP, it needs to first see the UDP packet with connection info. I built a Node-Red flow to broadcast a UDP packet on the computer's loopback address and appropriate port for each device. Now the utility knows how to connect, even though the UDP is local, not from the actual device at home.

Alan. WA9WUD

JohnCahill · October 28

Hi Alan, I am bit surprised no replies from this post. Let me be sure if I am clear, are you saying you can now access your Flex from off-network with SSDR or Mac SSDR, or Maestro? I am working on a project and can 'see' the radio on the Maestro remotely but I have not been able to connect yet. Packet captures are my next steps, however thought I'd search the community for anything new regarding Tailscale.

Alan · October 28

John

you asked: Let me be sure if I am clear, are you saying you can now access your Flex from off-network with SSDR or Mac SSDR, or Maestro?

No…….just the opposite. Tailscale swoops up the UDP broadcasts, never to be seen again…….SDR of any version will not work via Tailscale. Yes, you can spoof the broadcast packets to enable the radio picker….but the audio, meters and pan adapter all fail because they use UDP.

The point of my post was that if you use the TailScale SubNet router to access stuff on your LAN, if the Flex radio IP is in that same range of IPs, TailScale will cause even your LAN connected Flex radio to fail.

I presented a solution to move the Flex IP outside the TailScale SubNet router IP range, so you could use this same feature to access other items on your LAN.

Alan. WA9WUD

JohnCahill · October 29

Thanks for the follow-up Alan. I got excited when I was able to get SSDR to see my radio with some packet replay and using Tailscale, made connections.. As you said, however, the audio and spectrum was missing. I grabbed packets and can see the UDP packets from this side (remote) however without a packet capture on the radio side or the tailscale subnet router (more importantly) I can't do much else. I know I can use ZeroTier, I used it for years before Tailscale came along.

SmartLink works fine for me, however the AWS outage last Monday (10/14/2025) reminded me of the dependency we all have on these cloud services, it inspired me to jump back on the VPN project and Tailscale.

I access all my network at home over my Tailscale subnet router (/24 network) which includes the Flex Radio without a problem from my Mac, Windows or over GLiNet travel router without any issues and I leave Tailscale enabled on the machines all the time, unless I am using the travel router.

73 and thanks again!

John, N2JWC

Mike-VA3MW · October 29

John

If you want an easy to setup VPN that works flawlessly with a FlexRadio, you want to use SoftEther. It is pretty easy to setup and it can work on a direct IP address with DYNDNS (or their DNS) or you can run it through their cloud.

We used it for years long before SmartLink. I was a road warrior then. You can find lots of notes here in the community on how people set it up. But, if you understand basic networking, you shouldn't have an issue.

When you connect a client, it not only gives you an IP address on the same subnet, it will also pass the required layer 2 traffic.

https://www.softether.org/#Remote_Access_to_LAN

KD0RC · October 29

I will second what Mike said. I am definitely not a networking expert, yet I was able to get SoftEther working pretty easily.

WX7Y · October 29

I also second Mike's comments about SoftEther, I presently run my Softether VPN server on my Windows machine that is always on that hosts my Media PLEX Movie and Audio Books services. Runs great once set up and has done so for MANY MANY years here long before SmartLink came out.

Alan · October 29

John, you said,

I access all my network at home over my Tailscale subnet router (/24 network) which includes the Flex Radio without a problem from my Mac, Windows or over GLiNet travel router without any issues and I leave Tailscale enabled on the machines all the time, unless I am using the travel router.

It been awhile, and my memory is not always good, but I think the issue for me was Windows DAX and tail scale subnet router. There must be UDP packets going between the Flex server and DAX on that get interupteed.

Anyway since I went to a ****/25 subnet and move the IP for the Flex, all is good.

Alan. WA9WUD

WW4GA · October 29

I successfully installed SoftEther VPN on my Raspberry Pi 5 today using these step by step instructions which I found very helpful

https://youtu.be/RCDW5NqLorQ?si=SqpQN7nGp_HAXxr4Error

I am able to connect to devices on my home network as I have done previously with TailScale however

Using Marcus SDR on my iPhone (fixed IP to home IP address of 8600) over SoftEther VPN, I am able to connect to radio in SDR however no PanAdapter or Audio.

Have I missed a setting in SoftEther setup?

Has anyone successfully used SoftEther VPN with "Marcus" software from iPhone or iPad??

Thanks and have a blessed day

Ryland, WW4GA

WX7Y · October 29

Yes I have, If I remember right, you need to set up a "ISPEC/L2TP" server settings for the Native IOS VPN.

Here is what the ICON looks like in the SoftEther VPN Server manager.

WW4GA · 12:10AM

Thanks Bret - I did setup IPsec/L2TP Settings and that is allowing me to make the connection to my network but it appears it is not passing UDP packets

73's Ryland, WW4GA

WW4GA · 3:04AM

Thinking about it I suspect that the L2TP Apple uses to communicate with SoftEther is striping the UDP (not level 2)

Ryland, WW4GA

WX7Y · 4:52AM

Mine works here so not sure, I don't have encryption enabled if that may make a differance

Using Tailscale SubNet Routing and Flex Radio

Comments

Leave a Comment

Categories