Help Integrating Tailscale with Active Directory Domain

I’m looking at setting up Tailscale with an active directory domain. The setup is (for testing):

  • Remote Windows machine with the TS client
  • Subnet Router on Ubuntu with the proper subnet advertised
  • Windows Server with AD, DNS, and DHCP for the internal LAN
  • A custom DNS record is setup in TS to point to the domain controller.
  • ACLs setup so users can access only certain machines on the LAN
  • pfSense router (but we are not using TS on the router itself right now. I have tested it installed on the router but we are having the same issues)

So, right now, I’m at the point that I can join the domain from the remote computer without issue. The problems are:

  1. I can ping from the remote machine to the domain controller, but not from the domain controller to the remote machine. Right now, in the LAN DHCP, the remote machine is showing the IP address assign from TS rather than assigning an internal address. I don’t know if this has anything to do with it. I’ve confirmed the Windows firewalls are off.

  2. When I do a tailscale ping, it never direct connects, it’s always DERP. I have a weird hunch that if I get the first issue fixed, it’ll fix this one as well.

Everything is working great, I just need to make sure I can get to the remote machines from the LAN for management purposes.

Any guidance?

1 Like