I have started using subnets recently, and I can access subnet’s hosts from any of my tailscale hosts, but not the other way around. My host acting as the relay is a linux one, so I figured I probably need some extra IpTables rules on the relay host. Is there any easy way of accomplishing that?
Best regards,
Aram
It’s not exactly easy, but it can be done. The trickiest part is to make sure that all the hosts on your subnet use your tailscale relay as their router, when they’re trying to reach 100.64.0.0/10. You can do that by adding explicit routes on each machine (which is a pain), or by installing tailscale on the LAN’s actual router (default gateway), which is possible if your router is advanced enough.
ᐧ
Thanks for the fast response! The problem is that I’m trying to connect an android tv box (tailscale app gets stuck with white screen at start) and I don’t have access to the routing table without rooting the device, which I’d like to avoid. I guess my only option in this case is forwarding packets in the tailscale relay node, what do you think?
In that case, running a relay node on your router would be best, the thing which responds to DHCP requests on your LAN and can set itself as the default gateway. That way all packets from Android TV for 100.640.0/10 will go to the default gateway without needing to modify the routing table on the Android TV device.
If your router is something you can install software on, like OpenWRT or a Raspberry Pi, getting tailscaled running should work.
Also: if you’re not doing so already, starting the subnet relay with --advertise-routes=... --snat-subnet-routes=false would likely work best. snat-subnet-routes tells it to just send the 100.64.0.0/10 addresses out onto the LAN, and allow the other devices on the LAN to see the actual IP address to send their packets back to.