Noureddine RAMDI / Automating Tailscale updates on GL.iNet routers with a smart shell script

Created Sat, 23 May 2026 20:41:14 +0000 Modified Sat, 23 May 2026 20:41:27 +0000
958 Words
github-stars shell tailscale glinet openwrt vpn automation

admonstrator/glinet-tailscale-updater

Tailscale is a popular mesh VPN based on WireGuard, but running it on small embedded devices like GL.iNet routers can be tricky due to architecture diversity and limited storage. The glinet-tailscale-updater repo offers a practical solution: a single shell script that automates installing and updating Tailscale on GL.iNet routers running firmware 4.x, handling all the quirks under the hood.

how glinet-tailscale-updater manages tailscale on routers

This repo is essentially a carefully crafted shell script designed for GL.iNet routers with firmware version 4.x. It targets several CPU architectures common in these devices—arm64, armv7, mips, mipsle, and x86_64—by automatically detecting the router’s CPU type and downloading the matching Tailscale binary from the official GitHub releases.

The script goes beyond just grabbing a binary. It supports fetching a “tiny” version of the Tailscale binary, which is a stripped-down build optimized for devices with very limited flash storage. More impressively, it optionally applies UPX compression to squeeze the binary size further. This is crucial because many GL.iNet routers have as little as 15 MB free space, and the full Tailscale binary can be too large without these optimizations.

Other features include:

  • Stateful filtering configuration for exit nodes, which helps manage traffic routing policies.
  • Tailscale SSH setup, facilitating secure command-line access over the mesh VPN.
  • Version pinning to lock the Tailscale version, useful for stability in production.
  • Support for testing/prerelease channels, letting users experiment with cutting-edge builds.
  • Unattended force installs, allowing scripted or automated upgrades without manual intervention.
  • Safe restoration of original firmware binaries, enabling rollback if needed.

This script is part of the broader GL.iNet Toolbox ecosystem and has been tested across nearly all GL.iNet models, ensuring broad compatibility.

technical strengths and design tradeoffs

The standout technical feature is the script’s architecture detection and binary selection mechanism. Instead of requiring users to manually identify their device architecture and fetch the appropriate binary, the script automates this step, reducing user error and friction.

The use of tiny binaries and UPX compression demonstrates a real-world tradeoff: achieving a minimal footprint at the cost of added complexity in the install process. UPX compression reduces the binary size but might introduce a slight overhead at runtime due to decompression. However, on low-storage routers, this tradeoff is often necessary and worth it.

The script is opinionated in its approach—it focuses on GL.iNet routers with firmware 4.x and does not attempt to support other firmware or router brands. This focus allows it to be very effective within its niche but limits its applicability outside that ecosystem.

The code is a single Shell script, which means no dependencies or complex build steps. This simplicity aids portability and makes the script easy to audit and modify. However, shell scripting can be fragile and less maintainable than compiled languages for complex logic, so the script likely keeps its logic straightforward.

One limitation is the recommendation against running the updater as a cron job. This suggests the author prefers manual execution to avoid unexpected issues during unattended runs, which might be a consideration for production deployments.

quick start

Installation and updating are straightforward. The script can be run directly without cloning the repo by fetching it with wget and executing it with sh. Here are the commands as provided:

wget -q https://get.admon.me/tailscale -O update-tailscale.sh ; sh update-tailscale.sh

Before running, ensure that Tailscale is enabled in the GL.iNet router settings.

For unattended or forced updates, the script supports a --force flag to skip prompts and make the installation permanent:

wget -q https://get.admon.me/tailscale -O update-tailscale.sh ; sh update-tailscale.sh --force

If storage is tight and you want to bypass the free space check, combine it with --ignore-free-space:

wget -q https://get.admon.me/tailscale -O update-tailscale.sh ; sh update-tailscale.sh --force --ignore-free-space

The README cautions against running this script as a cron job, so manual execution is recommended.

verdict

For GL.iNet router users running firmware 4.x who want to run Tailscale mesh VPN, this updater script offers a practical, no-frills solution that automates the tricky parts of architecture detection and binary optimization. Its clever handling of tiny binaries and compression makes it possible to run Tailscale on routers with minimal free space, which is a common pain point.

The tradeoff is its niche focus and manual execution model. If you run non-GL.iNet hardware or need fully automated cron updates, this script might not fit perfectly without modification. Also, shell scripts can be less robust than compiled tools, so for very large deployments or diverse router fleets, a more integrated solution might be preferable.

Still, the code is surprisingly clean and focused, making it easy to audit and customize if needed. It solves a real problem for a specific community and does so with minimal dependencies and a clear UX.

If you manage GL.iNet routers and want to keep Tailscale updated without hassle, this repo is worth checking out.

→ GitHub Repo: admonstrator/glinet-tailscale-updater ⭐ 618 · Shell