Cannot access local network when connected to Tailscale

Don’t know if this belongs in this category or in the Windows one, so I’m posting on both, sorry if that’s not allowe.
I don’t know what happened, I reset my router because it was having some problems, and now from this particular PC, I cannot ping the router, or the router cannot ping this PC when Tailscale is connected.

I have tried resetting the Windows firewall, and even disabling it, but it doesn’t matter, as long as Tailscale is connected, I cannot ping my default gateway or open my router’s portal.

But the moment I disconnect Tailscale I can open the router’s portal and ping my router.

I cannot for the life of me figure out why this would happen, everything used to work flawlessly until now.

Is there something VERY obvious that I’m missing here?

I am king of freaking out, so any help at all is appreciated.

Tailscale version - 1.18.2
Operating system & version - Windows 10 21h2, build 19044.1415

Edit: Okay I’m a fu***** idiot. I thought that it would be fun to assign public ip ranges (123.4.6.0) in my LAN because those numbers are of personal significance to my family.

And now I know what happens when you are a noob and are still learning about networking and you try stuff out and complain about it. Stuff breaks. And gives you a ton of headaches.

Setting the LAN ip range back to private ip ranges solved the problem entirely.
I don’t understand how it used to work before this though, but now I"ve learned my lesson, and hey, learned a lot more about ip ranges.

Is the router an exit node, and is the Windows machine configured to use the exit node? When you right-click on the Tailscale icon in the taskbar and go to the Exit node menu there is a “Allow local LAN access” item which may help.

Is the router advertising subnet routes, and is it advertising the local subnet? That should work, but in the Preferences of the Tailscale menu is an “Allow Tailscale subnets” selection to turn off subnet routes. If that makes the problem go away, that would indicate a bit more about the problem.

Does your ISP use CGNAT, the 100.x.y.z addresses, on the WAN port of the router? It might be that the router is confused about its own routing table.

No, the router is not running Tailscale, and not being used as an exit node.

I do have another linux machine set up to advertise as exit node but that’s offline now, and this problem still persists.

I have set the ‘Use exit node-none’ in the Tailscale menu from the tray icon.

My ISP does indeed use CGNAT, and that is one of the reasons I chose Tailscale over other VPNs, for it’s seamless NAT traversal, but the thing is, all of this worked flawlessly until today when I reset my router.
I have tried uninstalling Tailscale and installing it again, but the problem is still there.
I have tried resetting windows firewall, but nothing.
I can’t figure out why it would happen, specially when everything used to work till now.
I’ve been using Tailscale for more than a month now, and this is the first time I’ve seen this problem

I actually went ahead and emailed support with a bug report and my routing table.
If you can help too, here they are:

C:\Users\sds20>ipconfig/all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Lenovo-G560
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 1C-75-08-57-95-30
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter Tailscale:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Tailscale Tunnel
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd7a:115c:a1e0:ab12:4843:cd96:6270:734(Preferred)
IPv4 Address. . . . . . . . . . . : 100.112.7.52(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 12-CB-38-4F-CE-D7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 10:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
Physical Address. . . . . . . . . : 22-CB-38-4F-CE-D7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Qualcomm Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : C0-CB-38-4F-CE-D7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c2cb:38ff:fe4f:ced7%9(Preferred)
IPv4 Address. . . . . . . . . . . : 123.4.6.30(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Lease Obtained. . . . . . . . . . : Tuesday, January 11, 2022 2:16:38 PM
Lease Expires . . . . . . . . . . : Friday, February 17, 2158 8:59:11 PM
Default Gateway . . . . . . . . . : 123.4.6.1
DHCP Server . . . . . . . . . . . : 123.4.6.1
DHCPv6 IAID . . . . . . . . . . . : 213961528
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-7D-26-CD-1C-75-08-57-95-30
DNS Servers . . . . . . . . . . . : 123.4.6.1
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\sds20>tailscale bugreport
BUG-166a496624531684baa72702f29da72d42e9a9f480bdd08ac5ae2ac973ac3401-20220111143205Z-9ff6aa3cb268118b

image636×633 10.6 KB

I see that your Wireless card is using a publicly routeable IP address. I’d like to better understand what’s happening here. Did you set your LAN to use the 123.0.0.0 block of IPs, or is that what was assigned to you by your router?

What part of the world are you located in?

Okay I’m a fu***** idiot. I thought that it would be fun to assign public ip ranges (123.4.6.0) in my LAN because those numbers are of personal significance to my family.

And now I know what happens when you are a noob and are still learning about networking and you try stuff out and complain about it. Stuff breaks. And gives you a ton of headaches.

Setting the LAN ip range back to private ip ranges solved the problem entirely.
I don’t understand how it used to work before this though, but now I"ve learned my lesson, and hey, learned a lot more about ip ranges.

Windows 10 - Tailscale client is cannot access LAN private network access while connected to the tailscale network.

I did have to go in an select the allow local … to get that to work. This setting is still checkd and everything was working as expected … able to ping TS ips… able to ping internal LAN ip’s.

All of the sudden happened all of a sudden. Connectivity from windows client was working and able to access both lan and ping TS ip’s… great!

About the Environment:
internal LAN
home LAN/w Pfsense FW (using tailscale package_basic install nothing fancy basically another node expose subnets to the lan.
external
Hybrid cloud/ vpc and some baremetal hosted. all have tailscale on them.

My setup is pretty basic home lab . Lan with pfsense firewall with tail scale installed.
couple of servers couple of clients laptops mostly windows.

I have tailscale package installed on pfsense - basic setup no exit nodes, subnet routes advertised and no DNS … for the tailscale network settings… really basic.

thanks,nuggy

I have allow local enabled and it was working and stopped for some reason … not really any config changes made.

Im using pfsense /nat/dhcp/dns - not as an exit node it is advertising subenet routes im wondering it that may be it… intitially I wanted to be able to have that feature is the main benifit.

I lost IP transport or loose transport to the lan when my windows 10 client is connected.

If its any consolation I have openvpn also installed on pfsense and this issue doesnt occur when ovpn win client is connected I have full transport internally…

basically when I connect to tailscale from my windows pc… I loose lan access
allow local is checked, It worked ok for a day… then just stopped. no config changes were made
to the client or the pfsense box other than I made static DNS entry for the windows client.

No magic DNS… Using pfsense dns resolver with dhcp and static dns entries

The windows client with TS … is listed in these static entries…

OH SNAP… I juset deleted the client static entry from FW dns and GUessss what…
It works now…

Static LAN DNS entry of the Tailscale IP seems to have been the issue

sharing is caring - for the record
Static DNS entries for tailscale IP’s on Pfsense with dns resolver
Will prevent local area transport via IP… the windows client will not be able to ping lan , Windows 10 can reach tailscale IP but not LAN.