Tailscale - Filter Tailscale to ...

[michielc]

Hi all,

First of all merry christmas 

I am having a problem with my OPNSense (OPNsense 23.7.10_1-amd64) Community installation.
My OPNSense is acting as an exit node for clients and i am able to connect my phone to the tailscale network with the firewall as exit node.
This weekend i splitup my network so that i have different vlans and rules per vlan.
Now i want to make sure that traffic from tailscale cant access some host.
When looking at the logs i see all the traffic from my phone is originating from 10.0.6.1 ( Default VLAN interface ).
I tried looking for a sollution but all i can find is routing traffic from lan to tailscale not the other way arround.

Can anyone point me in the right direction on how to be able to filter traffic from tailscale or is this just a limitation to the implemantation on opnsense?

Tailscale parameters: --advertise-exit-node --advertise-routes=10.0.6.0/24
I can even disable or remove the Tailscale interface on my Opnsense and everything keeps working.

[michielc]

Just switched to Zerotier and with that implementation i can filter packages and add rules so if you are looking for a wireguard implementation on opnsense go with zerotier.

[lrosenman]

Have you looked at the tailscale access rules?

[michielc]

Have you looked at the tailscale access rules?

Thanks for the suggestion and yes i did test with the access rules in Tailscale, that works but i want to manage it all in de FW itself. I now have a working system with the use of zerotier instead of tailscale and all my rules are managed in OPNSense.