Client with exit-node-allow-lan-access=true

Hi there,

I’m using tailscale to connect a few nodes I have lying around in a nice little walled garden and so far it’s been working perfectly !

I am also using the Exit Node feature to allow me to tunnel my traffic through a tailscale node.

The problem I am facing is that one of my tailscale client needs access to resources that is on the local LAN, but on a different subnet (IoT separation etc…) so I thought that setting exit-node-allow-lan-access to true would allow the client node to access these local resources and at the same time use the Exit Node for all non-local traffic.

I tried to add a route on the client node to help with the routing:

> ip r s dev enp13s0u1 proto static scope link metric 100

hoping that tailscale would “ignore” this route from the “exit-node forwarding”… but it doesn’t work…

I tcpdump'ed the traffic on my physical interface for traffic for but it doesn’t even reaches the interface…

That’s why I think I am missing something here… should I add these static routes in a special location ? (Some hidden tailscale config file ? somewhere else ?)

Thanks for your help !

There is no supported way to do this currently. It may get done by tweaking iptables.