Messages

You'll advertise exit node from Opnsense, approve on tailscale, then from your client outside of the network, connect to tailscale and use the Opnsense exit node.

I believe the two settings shown are asking if you want to run the client as an exit node and subnet router, which is not necessary or wanted.

Thanks so much! I figured it out and now its working as expected, turns out you need to use it as an exit node as well and explicitly connect to the machine as an exit node.

The only issue right now is that mDNS doesn't work. I tried using mDNS-repeater plugin using LAN and TLSCL interfaces but it doesn't seem to be working. Looks like a fundamental issue behind tailscale https://github.com/tailscale/tailscale/issues/1013 ?

That said, from my research I believe you need to advertise exit node and then connect to your exit node on the client side.

You mean that I need to enable the exit node on tailscale running on opnsense via this setting https://imgur.com/SQro32E? I tried doing that before and it didn't help but I can re-enable it to try it again.

Also does the client connecting to tailscale need to enable any of these settings https://imgur.com/K1StxPd ?

Did you approve the subnet route in your tailnet admin console? It's under edit route settings for the firewall node.

Yes I did and its approved

https://imgur.com/FeGogO3

https://imgur.com/FdeWJHF

https://imgur.com/nhDJZKt

Here are also the settings of the machine

https://imgur.com/RR5gZ4L

I am trying to use tailscale as a VPN for my home network so that I can connect to my home network from other networks. The setup for my home network is quite trivial, the only thing that is non standard is that my LAN is setup as a bridge since I have multiple NIC's on my router where opnsense is installed and hence I have each of these NIC's connected to their own switches.

The bridge is setup as so

https://imgur.com/WgzLDE7

And here is the NIC/interface setup

https://imgur.com/2i5g8DI

What I am trying to get working is subnet routes (https://tailscale.com/kb/1019/subnets), basically rather than having to have a tailscale client installed on every machine on my home network instead I would like to connect to those machines using LAN IP's (in my case specifically 192.168.1.0/24)

These are the settings for my tailscale

https://imgur.com/gDA8rGs

And here are the advertised routes

https://imgur.com/hfH2xCD

I followed the guide on https://tailscale.com/kb/1097/install-opnsense which means that aside from having "randomizeClientPort": true in my tailscale ACL, I also have the following tailscale settings added

https://imgur.com/Z522uW0

That last "Tailscale outbound NAT rule" setting is a result from https://forum.opnsense.org/index.php?topic=35464.msg177360#msg177360

https://imgur.com/uBq4tww

https://imgur.com/IiVaZcP

The issue is that even with all of these settings enabled and everything looking from tailscales side looking like its okay, if I use a network aside from my home one (i.e. my phone hotspot that I use for testing), and then connect to tailscale I cannot reach the machines on my LAN.

Even standard pings don't work, i.e. if I am directly connected to my home network and want to ping my NAS which is on 192.168.1.100, that will obviously work but when connected via tailscale pinging 192.168.1.100 fails. Interestingly pings to my opnsense router also fail (192.168.1.1) and even more interestingly pinging the tailscale assigned IP to my opnsense router (the ones that start with 100) also fail.

Does anyone have any idea what the issue could be?