Can computers behind two subnet routers on different networks talk to each other

I’m sorry if this question is too naive. I’m kind of a networking noob and I just learned about Tailscale and am trying to use Tailscale as a solution.

If I set up two subnet routers on two different locations, can the computers behind one subnet router talk to computers behind the other subnet router?

Example, I have subnet router A set up at location 1 advertising routes 192.168.1.0/25, and another subnet router B set up at location 2, advertising routes 192.168.2.0/25.

These subnet routers are not connected in any other way than through Tailscale.

Would computer X (192.168.1.101) be able to communicate with computer Y (192.168.2.101) if these computers don’t have Tailscale installed directly on them and the only way for them to get onto the Tailscale network is through the subnet router?

Do I have to do some additional setup to get this to work?

There are ways in which this can be made to work, but this is not a case where tailscale is the best product for the application. We find that using a plain wireguard tunnel or Open VPN on a bastion host would be more fit to purpose.

Our first solution of course would be to install tailscale on each device, and use the tailnet to communicate. If that is not possible, and using the other VPNs is not permitted, then a few things to keep in mind.

You will need to set --snat-subnet-routes=false to have the routers communicate properly.
You will need to drop the MTU to 1280 to handle the VPN overhead
Your LAN nodes will need a static route pointing to the tailscale subnet routers on each end.

Again; possible for edge cases, but not what we would recommend as the best use of the product.

Thanks a lot for explaining!

This is not my primary use case for Tailscale, but it would be nice if I could use it this way.

So in order to implement this, as you said, I would have to point all my devices in both of my LANs running the subnet router to use the subnet router as the default gateway?

So will setting up a static route to for example 192.168.1.0/25 with the ip of the subnet router on the router of 192.168.2.0/25 make this work?

Not the default gateway, but the route, yes.

And yes, in addition to the snat settings and the MTU settings, that should work.

Thanks a lot!
As you can tell, I’m a networking noob, I’d say in the process of enlightenment eh?

Thanks for explaining.

1 Like

and, did it work for you? I currently have the same use case :slight_smile: Would be curious to hear if this worked for you @DeS

It did!
I haven’t tested out the performance yet because I happen to not need this anymore.
But yes, when I set up a static route to the other subnet with the tailscale subnet router as the default gateway, computers behing both subnet routers could talk to each other, with their local IPs when you set --snat-subnet-routes=false

1 Like