Blacklisting Interface for Tailscale tunnel

I have Tailscale and Zerotier install to try both out and compare/contrast.

I have found for more difficult to reach nodes, Tailscale will look at all interfaces, even virtual ones, and use the Zerotier interface to do the tunnel. Obviously this messes up any comparison.

Zerotier has a way to setup a local.conf to blacklist certain IP ranges and disallow traffic over them. Does Tailscale have something similar?

(PS so far - both very similar but TS slightly ahead since have better recovery from changes in network… lets see how it goes!)

Cheat? Tailscale tries all paths. If you want to avoid Zerotier for comparison purposes, stop Zerotier.

But actually, Tailscale already has code that tries to avoid Zerotier because in the past we observed infinite routing loops between Tailscale and Zerotier: Ignore zerotier interfaces when collecting endpoints · Issue #1208 · tailscale/tailscale · GitHub. But that’s only trying to avoid Zerotier based on its interface name. Maybe you/ZT changed the default interface name?

Hi Brad,

Thanks for this. No special meaning on the word ‘cheat’ - air quotes to try to lighten the meaning but obviously that didn’t come through so I edited OP. Sorry any offense.

I haven’t changed the name from the default ztxxxx - but latest inspection TS seems to have decided the underlying IP interface is better and stopped using ZT - let me spend some more time trying to reproduce and I’ll share circumstances when it occurs if I can get it to happen again.