tailscale: set nftables as default

This changes the default firewall method used by Tailscale to nftables.
The 'autodetection' mode is only supported by arm64 and amd64 for now[1].
This causes mips devices to not do proper detection and incorrectly default back to
iptables.

I added a fw_mode variable to the tailscale.conf file that could be
set to iptables for easy conversion for someone still using iptables.
I was able to test on an older mips device and my current aarch64
without issues.

Also a few readme updates to bring it up to the current status.

1. https://github.com/tailscale/tailscale/blob/dc7aa98b768bf82017aa5cc82a62dd4d685f811d/util/linuxfw/linuxfw_unsupported.go#L4C58-L4C58

Signed-off-by: Tyler Young <git@yfh.addy.io>

1 files changed, 3 insertions, 6 deletions

diff --git a/net/tailscale/README.md b/net/tailscale/README.md
index eaffa57d7..7bad0a3c3 100644
--- a/net/tailscale/README.md
+++ b/net/tailscale/README.md
@@ -8,6 +8,8 @@ To install them run
 ```
 opkg install tailscale tailscaled
 ```
+> [!NOTE]
+> By default this package will use nftables. If you wish to use iptables, the config file `/etc/config/tailscale` can be modfied, changing the line `fw_mode 'nftables'` to `fw_mode 'iptables'`. You can then run `/etc/init.d/tailscale restart` to restart tailscale using your chosen method
 
 ## First setup
 
@@ -25,9 +27,4 @@ Run command and finish device registration with the given URL.
 tailscale up
 ```
 
-If you are running with nftables, it is not supported by tailscale,
-so disable it and configure firewall by yourself and add argument
---netfilter-mode off
-to tailscale up command to disable iptables use.
-
-After that, you should see your router in tailscale admin page.
+See the [OpenWrt wiki](https://openwrt.org/docs/guide-user/services/vpn/tailscale/start) for more detailed setup instructions