Tailscale version: 1.34.2
Your operating system & version: Ubuntu Server 22.04
I’ve currently got a tailscale network setup between my VPS and my other devices in order to expose services without having to open local ports, and I’ve been using the site-to-site networking to expose subnet routes on both the VPS and a local Raspberry Pi. This currently has a reverse proxy (traefik) as well as a proxy/router for game servers on it that point to a local machine. From a different machine on the local network, without tailscale, and without adding the subnet routes via the RPi, I’m unable to access the public IP address of the VPS. How do I go about solving this?
Edit: I should clarify, I can access the public IP from outside the LAN, just want to be able to access it from within without NAT reflection or any kind of shenanigans.
Why did you enable subnet routes? you dont need it if tailscale is installed on your raspi (for this scenario where you want to expose services withouth opening ports)
i have a similar setup.
Internet → VPS → Tailscale → RasPi(with caddy)
VPS can access my RasPi over tailscale with its tailscale IP.
VPS has an external accessible IP
VPS redirects port 80/443 to my RasPi over tailscale-network (im using rinetd for this)
so when i access my.server.com (resolv to e.g. 22.214.171.124) im going to my vps. the vps redirects this traffic than to my raspi over tailscale. my raspi is than doing its reverseproxy thing.
btw. rinetd is as simple as that:
# bindadress bindport connectaddress connectport
0.0.0.0 80 100.81.244.1 80
0.0.0.0 443 100.81.244.1 443
Alright, I’ve tried using rinetd, but I’ve had absolutely no luck. How were you able to use rinetd? There have been no logs, I’ve edited the config file, nothing. I’ve tried building it from the source on github, also tried installing it from the apt package manager, what were your setup steps?
i’ve installed it with
sudo apt-get install rinetd
the configuration file is located at
you can check the status with
systemctl status rinetd
After configuration change do
systemctl restart rinetd
You can also check if rinetd is listening on the ports with
Alright, I’ve gotten it to partially work now, although it was only my http and https forwarding. For whatever reason it started working when I removed the ones for my gameservers (25565/tcp and 11000/udp). Any clue as to why that happened in particular?
Okay, I’ve mostly gotten it working, although the ones to my minecraft server reverse proxy don’t work, 25565 both tcp and udp, tried using just tcp, no luck. I’ve been checking through the logs that finally generated (not entirely sure why it wasn’t working before, I’ve gone back to my previous config and it’s working now), and whenever I try to connect via 25565, it says it opens, and almost immediately again it says “done-local-closed.” Do you have any idea as to why that would have happened?
Is your Minecraft server listening on any connection or only on your LAN address?
For example it’s listening on 192.168.168.5:25565 than tailscale would not be able to connect to it. You need to bind the Minecraft server to 0.0.0.0:25565 if this is possible.
Can you test to connect to the Minecraft server from your laptop etc. over tailscale?
If your Minecraft game is able to connect to it, than the server is already listening on the tailscale interface. If not, than it’s not bound to the ‘any’ interface.
On the MC Server host, you can also check with netstat -tuplen how the port 25565 is bound
Oh one important thing:
In the rinetd config, if you define the port as a simple number, it is always TCP. If you want to tunnel UDP, u need to add /udp to BOTH the incoming and outgoing port.
0.0.0.0 1100/udp 126.96.36.199 1100/udp