"
First time on the forum.
I am behind GNAT, OPNsense 26.1.1 Tailscale 1.94.1. I had this working since OPNsense 24.7
I can confirm you can disable the snat on the OPNsense plugin os-tailscale, you need to enable advance mode to show the option (VPN>Tailscale>Settings>) Top left (small toggle).
Also since that disables snat you need to make outbound nat rules for you TS-net and subnets, source IPv4 range is 100.64.0.0/10 source IPv6 range is fd7a:115c:a1e0::/48. You migth also need to enable ip forwarding base on your set up (System>Settings>Tunables) set this 2 values to 1, IPv4 net.inet.ip.forwarding and IPv6 net.inet6.ip6.fowarding. And you should have full site to site, I use site-to-vpn, never full site-to-site but besides adding a nat rule for each others subnets this should be it.
Also since Tailscale operates on the firewall itself, you wont normally see any traffic on the Tailscale interface, you might see it on the origin or destination interface.
I am behind GNAT, OPNsense 26.1.1 Tailscale 1.94.1. I had this working since OPNsense 24.7
I can confirm you can disable the snat on the OPNsense plugin os-tailscale, you need to enable advance mode to show the option (VPN>Tailscale>Settings>) Top left (small toggle).
Also since that disables snat you need to make outbound nat rules for you TS-net and subnets, source IPv4 range is 100.64.0.0/10 source IPv6 range is fd7a:115c:a1e0::/48. You migth also need to enable ip forwarding base on your set up (System>Settings>Tunables) set this 2 values to 1, IPv4 net.inet.ip.forwarding and IPv6 net.inet6.ip6.fowarding. And you should have full site to site, I use site-to-vpn, never full site-to-site but besides adding a nat rule for each others subnets this should be it.
Also since Tailscale operates on the firewall itself, you wont normally see any traffic on the Tailscale interface, you might see it on the origin or destination interface.
