I succeeded in getting a 'GL.iNet GL-AR300M16-Ext' to route all traffic via an existing tailscale exit node. This does currently not work when the router is in wifi repeater mode. Use wired phone tethering or wired LAN. I used a GL-A300M16 because the "Mango" variant (N300) does not have sufficient space in ROM, although there are ways around that.
EDIT: There now is native support for selected models (see docs )
according to the Tailscale documentation
using your preferred wifi credentials, internet connection, etc.
using this repo. Use wget to download the release
wget https://github.com/adyanth/openwrt-tailscale-enabler/releases/download/{RELEASE}/openwrt-tailscale-enabler-{RELEASE}.tgz
see releases page for the latest package.
log in to the router via ssh
ssh -oHostKeyAlgorithms=+ssh-rsa root@{ROUTERIP}
connect to tailscale (once again) with these arguments
tailscale up --reset --exit-node={EXITNODEIP} --accept-dns=false --exit-node-allow-lan-access
via GL.iNET admin panel (MORE SETTINGS -> Advanced -> Install)
Network -> Interfaces -> Add -> Unmanaged -> select 'tailscale0'
Network -> Interfaces -> Edit {NAMEOFTAILSCALEINTERFACE} -> Firewall Settings -> select 'WAN'
Big thanks to Pat Regan for figuring this out.
There is a different approch described here where a dedicated firewall zone is created to route all traffic through OpenVPN, but I didn´t have any luck implementing the same principle with Tailscale.
Set up guest wifi to use WAN only (without access to tailscale). Ideas welcome :)
There is the possibility to have devices from the subnet local to the GL.iNET respond to requests from the subnet router´s subnet, although static routes will have to be set and I did not explore this option.