I set up Tailscale on my Family’s Windows PC a few years ago. Even though I’m on a different continent, I’m still their primary tech support, and sometimes I need a local IP to access some services like government websites.
Tailscale gave me:
- Secure RDP access to diagnose/fix issues remotely (Using Rustdesk through Tailscale)
- Exit node capability when I need to appear on their network
It worked perfectly….until it suddenly stopped.
The PC is still connected to tailscale and I can RDP without issue, but the exit node stopped working. All connections were hanging and I had no internet access when connected to the Windows exit node. So why did the exit node stop working?
After 3+ hours digging into the issue (and discovering how messy the windows networking and permissions system is), I found the issue, the PC was using a USB USB WiFi adapter that didn’t support “Internet Connection Sharing”. Exit nodes require ICS to route traffic, without it, the available Exit node can’t actually route any of the incoming traffic.
But…that doesn’t explain why it was working before. Turns out the primary WiFi card failed at some point. My family took the PC to be repaired and a USB WiFi adapter was added. Of course, they don’t remember when this happened or what was “fixed” or even if it was before or after when I initially setup Tailscale. Did the exit node work on the USB wifi adapter before? Did a Windows update cause the exit node to stop working?
This type of mystery really bothers me and I want to get to the bottom of it. A simple solution to my problem would be to set up a Tailscale Exit Node on another device, preferably Linux where they are known to reliably work. If Exit nodes are working for others on Windows, even if unreliably, why doesn’t it work at all on my family’s PC? Why did it used to work?
Debugging Journey
What I checked?
- Tailscale settings were correct and exit node setup properly
- Windows firewall rules - correct
- Network configuration - Looked normal except for 2 Wifi options, only one was active though.
- Double checked that sharing is enabled on the active Wifi device and allows connection sharing with Tailscale
Things looked right on the surface. But clearly something wasn’t working. Time to dig deeper.
In theory, the internet connection should’ve been shared with Tailscale. So I decided to look into why there are two Wifi options.
PS C:\Windows\system32> Get-NetAdapter
Name InterfaceDescription ifIndex Status
---- -------------------- ------- ------
Wi-Fi 2 Linksys WUSB600N Wireless-N USB Netw... 19 Up
Tailscale Tailscale Tunnel 52 Up
Ethernet Broadcom NetLink (TM) Gigabit Ethernet 6 Disconnected
Wi-Fi Broadcom 802.11n Network Adapter 5 Disconnected
One of the adapters is built-in and the other is an external USB WiFi adapter. Why is the PC using the external Wifi adapter and not the internal one? I tried enabling the internal one and having it connect to the wifi, but it kept getting disabled within a minute. So the built-in WiFi card is broken. But when did it fail? My family doesn’t remember when they took it to a shop or what was repaired.This is the crucial unknown: did I set up the exit node before or after the switch to USB WiFi? If it was after, the exit node never worked with USB. If it was before, something changed.
Next, why wasn’t the exit node working? After some googling / chatGPT usage, it seems like on Windows “Internet Connection Sharing” needs to be enabled in order for different adapters to share connections. The settings menu shows that “Wifi 2” is setup to share it’s connections with “Tailscale”, so in theory that should be working, so tried to verify. ICS was in a “stopped” state and trying to start it was throwing out an error. I read that not all USB Wifi drivers support ICS and that I might have better luck with trying a newer version. Decided it was worth a try since:
- The current driver was from 2015
- My family was complaining about speed and network stability with the PC
They got a newer driver, had to use facetime to walk them through how to set it up and disable the older Wifi 2 interface - can’t RDP to a PC without network access. After the PC was connected to the internet, I configured sharing with the Tailscale adapter from the new Wifi adapter. I then checked ICS status, it was “stopped”, tried starting it, it didn’t throw an error this time and status was saying connected! Great. The exit node was still not working, and the PC requires a reboot after enabling ICS, so I rebooted and checked the status again…it was back to “stopped”.
Looking into the driver information: the old adapter supported ‘Host Networking’ but ICS threw an error. The new adapter doesn’t list ‘Host Networking’ support, but ICS started without errors—yet didn’t persist after reboot. This is backwards from what I expected. The adapter claiming to support host networking fails hard. The one without that feature gets further but still doesn’t work
What do I know at this point:
- It’s not just “USB WiFi adapters don’t support ICS”
- Two different adapters, two different failure modes
- The issue might not be purely hardware/driver related—there’s something more complex happening with Windows networking. Either the Windows networking stack or the ICS service itself seems broken or misconfigured.
Questions This Raises
- Why does ICS status show as ‘stopped’ even when sharing is configured in the UI? The Windows network settings show sharing enabled with Tailscale, but the service itself isn’t running. What’s the disconnect?
- Why does ICS fail differently on each adapter? One adapter errors out when starting, the other starts but doesn’t persist across reboots.
- Did a Windows update break something? Exit nodes worked for a time, maybe even with the USB wifi adapter. Could a change to Windows broken things?
- Can I reproduce this in a VM? I can try to simulate the conditions of the family PC and check if it reproduces the issue. It would also provide a safer testing ground where I don’t have to worry about bricking the PC (during my investigation I tried to mess with registry values and that broke the windows menu)
Next Steps
My plan is to:
- Try to reproduce this in a VM
- Research Windows ICS requirements and recent changes (Windows updates that might have affected ICS behavior)
- Verify if exit node works over Ethernet
This post is a note to myself of what I’ve found out so far, and where to pick up my efforts. I’m planning to follow this up with the investigation results once I figure out what’s truly going on.
If you’re hitting similar issues with Tailscale exit nodes on Windows (especially with USB WiFi adapters), I’d love to hear about it. Have you solved this? Found a workaround? Seen the same ICS persistence problem? Would love to hear from you. I’ll update this post with anything I discover.
Appendix
Is internet sharing really enabled?
# Status of ICS?
Get-Service SharedAccess
# Status : Stopped
# Start ICS
Start-Service SharedAccess
# Failed command or successful
Start-Service : Service 'Internet Connection Sharing (ICS) (SharedAccess)' cannot be started due to the following error: Cannot start service SharedAccess on computer '.'. At line:1 char:1 + Start-Service SharedAccess + ~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : OpenError: (System.ServiceProcess.ServiceController:ServiceController) [Start-Service], ServiceCommandException + FullyQualifiedErrorId : CouldNotStartService,Microsoft.PowerShell.Commands.StartServiceCommand
What’s the current networking state?
Check network driver info:
PS C:\Windows\system32> Get-NetIPConfiguration
InterfaceAlias : Tailscale
InterfaceIndex : 44
InterfaceDescription : Tailscale Tunnel
NetProfile.Name : Tailscale
IPv6Address : fd7a:115c:a1e0::4e01:df2b
IPv4Address : 100.76.223.43
IPv6DefaultGateway :
IPv4DefaultGateway :
DNSServer : fec0:0:0:ffff::1 fec0:0:0:ffff::2 fec0:0:0:ffff::3
InterfaceAlias : Wi-Fi 2
InterfaceIndex : 16
InterfaceDescription : Linksys WUSB600N Wireless-N USB Network Adapter with Dual-Band ver. 2
NetProfile.Name : Mobily_eLife_2.4G.
IPv6Address : 2a02:ce0:1802:771a:31ae:bfc1:b9d0:3ca1
IPv4Address : 192.168.100.193
IPv6DefaultGateway : fe80::1
IPv4DefaultGateway : 192.168.100.1
DNSServer : fe80::1 192.168.100.1
InterfaceAlias : Wi-Fi I
nterfaceIndex : 5
InterfaceDescription : Broadcom 802.11n Network Adapter
NetAdapter.Status : Disconnected
InterfaceAlias : Ethernet
InterfaceIndex : 6
InterfaceDescription : Broadcom NetLink (TM) Gigabit Ethernet
NetAdapter.Status : Disconnected
PS C:\Windows\system32> netsh wlan show drivers
>>
Interface name: Wi-Fi 2
Driver : Linksys WUSB600N Wireless-N USB Network Adapter with Dual-Band ver. 2
Vendor : Linksys,a division of Cisco Systems,Inc.
Provider : Microsoft
Date : 4/21/2015
Version : 5.1.22.0
INF file : netr28ux.inf
Type : Native Wi-Fi Driver
Radio types supported : 802.11b 802.11a 802.11g 802.11n
FIPS 140-2 mode supported : Yes
802.11w Management Frame Protection supported : Yes
Hosted network supported : Yes
Authentication and cipher supported in infrastructure mode: <omitted for brevity>
Authentication and cipher supported in ad-hoc mode: <omitted for brevity>
Interface name: Wi-Fi
Driver : Broadcom 802.11n Network Adapter
Vendor : Broadcom
Provider : Microsoft
Date : 6/2/2013
Version : 6.30.223.256
INF file : netbc64.inf
Type : Native Wi-Fi Driver
Radio types supported : 802.11n 802.11g 802.11b
FIPS 140-2 mode supported : Yes
802.11w Management Frame Protection supported : Yes
Hosted network supported : Yes
Authentication and cipher supported in infrastructure mode: <omitted for brevity>
Authentication and cipher supported in ad-hoc mode: <omitted for brevity>