"
I came here with this exact problem.
Then I found this Reddit thread: https://www.reddit.com/r/OPNsenseFirewall/comments/rbttv3/allow_hosts_to_connect_to_tailscale_via_opnsense/
Which shows this IMGUR: https://imgur.com/a/sYYozao
Which basically says...
Go to Firewall > NAT > Outbound
- Use Hybrid outbound NAT rule generation
- Create a new rule
- Interface = TLSCL
- Source address = LAN Net
- Translation/target = TLSCL address
Then commit that and apply.
And now I can ping tailscale hosts from machines on my LAN that don't have tailscale!
Then I found this Reddit thread: https://www.reddit.com/r/OPNsenseFirewall/comments/rbttv3/allow_hosts_to_connect_to_tailscale_via_opnsense/
Which shows this IMGUR: https://imgur.com/a/sYYozao
Which basically says...
Go to Firewall > NAT > Outbound
- Use Hybrid outbound NAT rule generation
- Create a new rule
- Interface = TLSCL
- Source address = LAN Net
- Translation/target = TLSCL address
Then commit that and apply.
And now I can ping tailscale hosts from machines on my LAN that don't have tailscale!
