Issues routing from LAN to tailscale network

[deliarmin]

Hi!

I have tailscale set up on my OPNsense (23.7.1_3-amd64) and it works.
I have access from my OPNsense Box to tailscale clients and I can also reach the LAN subnet from tailscale.

What I can't get to work is accessing tailscale IPs from LAN (which was actually my primary intended use case)

I started tailscale with the following parameters:

Code Select Expand

tailscale up --advertise-routes=192.168.100.0/24 --advertise-exit-node --accept-dns=false --accept-routes

I additionally have the firewall rules to allow access from tailscale to the local LAN, wehich works, but I can't connect to any tailscale node from the LAN.

Any idea what I'm missing here?

Thx already for your support!

[glennbrown]

Having the same exact problem, I am coming from Openwrt where I had this working without issue.

I see passes in the Firewall rules when trying ping/ssh but no bueno on the actual ping/ssh.

[miniksa]

I came here with this exact problem.

Then I found this Reddit thread: https://www.reddit.com/r/OPNsenseFirewall/comments/rbttv3/allow_hosts_to_connect_to_tailscale_via_opnsense/

Which shows this IMGUR: https://imgur.com/a/sYYozao

Which basically says...
Go to Firewall > NAT > Outbound
- Use Hybrid outbound NAT rule generation
- Create a new rule
- Interface = TLSCL
- Source address = LAN Net
- Translation/target = TLSCL address

Then commit that and apply.

And now I can ping tailscale hosts from machines on my LAN that don't have tailscale!