Tailscale 1.3: Subnet route changes not advertised

[ki4hrg]

Important notices
Before you add a new report, we ask you kindly to acknowledge the following:

• I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
• I have searched the existing issues, open and closed, and I'm convinced that mine is new.
• The title contains the plugin to which this issue belongs

Describe the bug
When using the steps below to remove an advertised subnet in the Tailscale plugin UI and add new subnets, the old subnet is not removed and the new ones are not advertised. Unknown if this has worked previously as this is an infrequent change.

To Reproduce

1. In the OPNsense UI with the Tailscale plugin installed, go to VPN -> Tailscale -> Settings -> Advertised Routes
2. Remove an existing route (in this case, 192.168.1.0/24) and add new route(s) (in this case, 172.16.10.0/24 and 172.16.70.0/24)
3. Apply changes (and restart the Tailscale service for good measure)
4. In the Tailscale web UI, the old subnet (192.168.1.0/24) remains advertised, and the new subnets are not listed as being advertised for approval.

Additional troubleshooting steps included:

• Disabling/enabling Tailscale to try and force reauthentication
• Restarting OPNsense itself.
• Generating a new auth key to use witht he plugin

The issue was finally resolved by manually advertising the routes in the CLI using /usr/local/bin/tailscale set --advertise-routes=172.16.10.0/24,172.16.70.0/24

Expected behavior
The old subnet routes should've stopped being advertised, and the new subnet routes should have been listed as being advertised and ready for approval.

Environment
OPNsense 25.7.10-amd64
FreeBSD 14.3-RELEASE-p4 (running in PVE)
Intel(R) Core(TM) i5-4440