Hello Forks,
I am now planning to use TailScale at my company.
My motivation is all internet outgoing traffic goes though Exit-Node on tailscale like as follows;
Basically,
[PC/TailScale Client -up] – {Internet}- [Exit-Node on GCP] – [Internet Any]
However as for Internet meeting services such as Zoom, I’d like to connect without Exit-node, so I’d like to bypass the tailscale with configuration in certain cases, if possible, as followings.
[PC/TailScale Client -up] -{Internet}- [Zoom]
Are the above configurable on tailscale ?
The intent of the exit node feature is for all traffic to egress from that node. I suspect it would be better to not use an exit node, and instead have the remote node advertise prefixes for the traffic you want to go via GCP:
tailscale up --advertise-routes=0.0.0.0/4,1.0.0.0/4,2.0.0.0/4,4.0.0.0/4,...
Zoom.us lists all of the IP ranges they use in Network firewall or proxy server settings for Zoom – Zoom Help Center, by avoiding those subnets all non-zoom traffic can be sent through the remote GCP node.
Thanks, DG.
Is there no way to designate bypassed host instead of designating advertising IP addresses? I would like to avoid designating too many hosts, I think it too difficult to maintain the hosts… regards,
There is not currently a way built into Tailscale to use an exit node for only some destinations. You could either:
- not use and exit node and instead advertise the prefixes you want to be routed
- turn on and exit node, look at the ip routes which Tailscale installs, and manually install more specific routes for destinations that should go directly.