Tailscale version
1.36.1
tailscale commit: 12fc975413493ea4c5b8bc87961d34eb52e9d61d
other commit: 84afcfe6d7872304a956d8aa9f9cf63bfdd1cbe9
go version: go1.19.4-tsdc0ce6324d
Your operating system & version
ubuntu-2204-jammy-v20230114
When I try accessing 10.100.0.2:443 via curl i get a connection timed out error
$ curl --insecure https
://10.100.0.2 -v
- Trying 10.100.0.2:443…
- connect to 10.100.0.2 port 443 failed: Operation timed out
- Failed to connect to 10.100.0.2 port 443 after 75002 ms: Operation timed out
- Closing connection 0
curl: (28) Failed to connect to 10.100.0.2 port 443 after 75002 ms: Operation timed out
On the Tailscale GCE VM, looking at the logs reveals the following
$ journalctl --follow -u tailscaled
Feb 10 11:37:27 test-tailscale tailscaled[1792]: Accept: TCP{100.109.120.123:59574 > 10.100.0.2:443} 64 tcp ok
Feb 10 11:37:28 test-tailscale tailscaled[1792]: Accept: TCP{100.109.120.123:59574 > 10.100.0.2:443} 64 tcp ok
Feb 10 11:37:29 test-tailscale tailscaled[1792]: Accept: TCP{100.109.120.123:59574 > 10.100.0.2:443} 64 tcp ok
Feb 10 11:37:38 test-tailscale tailscaled[1792]: Accept: TCP{100.109.120.123:59574 > 10.100.0.2:443} 64 tcp ok
$ tailscale ping 10.100.0.2
pong from test-tailscale-1 (100.109.212.113) via 35.207.124.250:41641 in 125ms
ACL is full allow “:” so I don’t think it’s an acl issue.
If I ssh into the Tailscale GCE VM and run the following command, it works
$ curl --insecure https://10.100.0.2
{
“kind”: “Status”,
“apiVersion”: “v1”,
“metadata”: {
},
“status”: “Failure”,
“message”: “forbidden: User "system:anonymous" cannot get path "/"”,
“reason”: “Forbidden”,
“details”: {
},
“code”: 403
}
This proves that the IP is accessible from the Tailscale GCE VM but not via the Tailscale Network.
Any suggestions will be highly appreciated.