Different level of access when using TS exit node vs regular VPN

Hi there,

I have Tailscale running in one of my work machines (Linux). That machine/node is also setup as exit node. The idea was to route all my traffic through that node so I could reach all the machines in the networks at work, the same way I do when I run the vpn software (openconnect against a cisco vpn).

The issue is that there are certain machines that I can’t reach when I route traffic via the Tailscale exit node. But I can access those same machines when I route traffic via the traditional VPN. Also, I can see those machines directly from the exit node.

[OK] laptop (VPN) ----------------Internet----------------------> machineX
[OK]                                               TS Exit Node ---------> machineX
[Not working (*)] laptop (TS) ----Internet------>  TS exit node ---------> machineX 
(*) for certain machines

My question is, why can’t I have the same level of access when I route traffic via Tailscale compared to when I use the vpn? Perhaps there is something in the packets when they come off of the exit node that routing devices in the network use to drop those packets?

Thank you,
-drd

An exit node is intended for accessing the Internet in general. In order to prevent accidentally sharing your private network to others, exit nodes specifically block private networks (technically speaking, this means RFC1918 addresses, which includes the commonly used 192.168.x.x and others).

From what you describe, I believe a better fit for you may be a subnet router (see Subnet routers and traffic relay nodes · Tailscale) which is intended for sharing non-Tailscale devices on private networks to other Tailscale devices.

Thank you Adrian. I just had to add the --advertise-routes=10.246.110.0/23 when starting tailscale in the node.