Hi!
I have tailscale set up on my OPNsense (23.7.1_3-amd64) and it works.
I have access from my OPNsense Box to tailscale clients and I can also reach the LAN subnet from tailscale.
What I can't get to work is accessing tailscale IPs from LAN (which was actually my primary intended use case)
I started tailscale with the following parameters:
tailscale up --advertise-routes=192.168.100.0/24 --advertise-exit-node --accept-dns=false --accept-routes
I additionally have the firewall rules to allow access from tailscale to the local LAN, wehich works, but I can't connect to any tailscale node from the LAN.
Any idea what I'm missing here?
Thx already for your support!
Having the same exact problem, I am coming from Openwrt where I had this working without issue.
I see passes in the Firewall rules when trying ping/ssh but no bueno on the actual ping/ssh.
I came here with this exact problem.
Then I found this Reddit thread: https://www.reddit.com/r/OPNsenseFirewall/comments/rbttv3/allow_hosts_to_connect_to_tailscale_via_opnsense/
Which shows this IMGUR: https://imgur.com/a/sYYozao
Which basically says...
Go to Firewall > NAT > Outbound
- Use Hybrid outbound NAT rule generation
- Create a new rule
- Interface = TLSCL
- Source address = LAN Net
- Translation/target = TLSCL address
Then commit that and apply.
And now I can ping tailscale hosts from machines on my LAN that don't have tailscale!