Bypassing exit-node

Hello Forks,

I am now planning to use TailScale at my company.
My motivation is all internet outgoing traffic goes though Exit-Node on tailscale like as follows;

[PC/TailScale Client -up] – {Internet}- [Exit-Node on GCP] – [Internet Any]

However as for Internet meeting services such as Zoom, I’d like to connect without Exit-node, so I’d like to bypass the tailscale with configuration in certain cases, if possible, as followings.

[PC/TailScale Client -up] -{Internet}- [Zoom]

Are the above configurable on tailscale ?

The intent of the exit node feature is for all traffic to egress from that node. I suspect it would be better to not use an exit node, and instead have the remote node advertise prefixes for the traffic you want to go via GCP:
tailscale up --advertise-routes=,,,,... lists all of the IP ranges they use in Network firewall or proxy server settings for Zoom – Zoom Help Center, by avoiding those subnets all non-zoom traffic can be sent through the remote GCP node.

Thanks, DG.
Is there no way to designate bypassed host instead of designating advertising IP addresses? I would like to avoid designating too many hosts, I think it too difficult to maintain the hosts… regards,

There is not currently a way built into Tailscale to use an exit node for only some destinations. You could either:

  • not use and exit node and instead advertise the prefixes you want to be routed
  • turn on and exit node, look at the ip routes which Tailscale installs, and manually install more specific routes for destinations that should go directly.