Can Mac OS client act as relay node for subnet routing?

Can the Tailscale client for Mac OS act as a relay node for subnet routing?

In another post, Sophie referenced a related Tailscale knowledge base article, “Subnet routes and relay nodes.” That article implies that this functionality is available exclusively via the Linux client: Step #1, “Install the Tailscale client,” describes installation of Tailscale specifically and exclusively on Linux by linking only to the Linux download page. It further implies that this functionality is not available in the Mac OS client: Step #2, “Connect to Tailscale as a relay node,” describes starting or restarting Tailscale via the CLI, which I understand to be unavailable on Mac OS.

My use case: I want to connect from a Linux machine, via SSH or HTTPS, to machines on my employer’s private network that are available remotely only via an L2TP/IPSec VPN, and to other machines that are available only from the company network. Despite my efforts to connect to that VPN using Linux, I have failed to do so. I can and do connect to that VPN from a Mac OS machine. I run Tailscale on both the Linux and Mac OS machines. Running Tailscale on machines on the company network is not currently an option.

I hope to advertise the private network from the Mac OS node, approve it, instruct the Linux machine to accept it, and then connect to machines on the company’s private network via Tailscale from the Linux machine to the Mac, and from the Mac to the private network via the existing VPN. Additionally, I hope to connect from the Linux machine to a variety of machines on an unrelated network (which happens to be in AWS) that are firewalled such that they are accessible from the company network (including from the Mac when it is on the company VPN) but not from other networks, such as that of my home office.

You’re right: we don’t currently support exposing subnets on macOS, but we hope to add support for this in the future. There’s a few steps in the way first, like ensuring our macOS app runs as the system, not as a user, so that your subnets don’t go down if you sign out of your user account.

You can follow that Github issue linked above for updates.

Thanks, @ross for the followup and reference to relevant feature request ticket.

It would likely be helpful for other people if that article was revised to state, rather than simply imply, that subnet routing is currently possible only via the Linux client and/or is currently not possible via the Mac OS client.

Will do. I filed a bug to update that article.

Good suggestion. I made some updates that explicitly call out it’s Linux-only, and link to the two relevant Github issues for support on Windows and macOS: