Hi,
I have setup and got working as per instructions.
I can reach the local LAN and remote sub-nets, and access resources.
Confirming forwarding and NAT are working.
The exit nodes work fine with all Tail-scale clients.
What I would like to do, is add a policy to route the local sub-net 192.168.20.0/24 to the far Tail-net exit node,
This works fine when using wire-guard gateways.
So on the LAN interface I add a rule
Action Pass, any, use remote Gateway 100.90.90.1
I see traffic leaving opnsense tails interface from the subnet device IP, using the opnsense tails Address confirming its nat'ted.
But as soon as I enable the rule to use the remote gateway it cant reach the internet, no return traffic
Anyone got this to work, or am I making an error?
RESOLVED
I always figure it out in the end.
Right so what i misunderstood was on the Opnsense plugin in order to apply the flag --exit-node-allow-lan-access
you can't advertise Opnsense as an exit node at same time, so I disable Opnsense as exit node and now all LAN devices behind the Opnsense tail-scale Subnet router now route over the VPN tunnel and use the far exit node as a gateway