Ignoring LAN subnet routes when connected to that LAN

I have Tailscale on a couple of laptops which are used both at home and on the road. I also have a relay node setup inside my LAN which advertises the various ranges I use at home. When I’m home the default route for my LAN ranges goes over the Tailscale interface (routes are accepted on the laptop). This creates problems because my traffic is taking unnecessary hops to access devices which are in the same broadcast domain as my laptop’s wireless interface.

Is there anything which can be done about this, short of stopping and starting Tailscale each time with the flag set/not set?

Currently, Tailscale starts reaching to destination using derp for few seconds unless it found a direct connection if any or connection with minimum latency. But it does netmap the connection as direct when they both sitting on the same LAN. Can you please print ‘tailscale status’ while you find both are sitting in the same LAN but creating a connection via DERP which adds the hops? send this to support@tailscale.com.

ok this makes some sense. I’ve included some additional info below:

  • my local net is
  • is not a tailscale node
  • the relay node is on a different subnet because it’s a VM
  • phoenix is the hostname of one of the affected laptops where these commands were run
➜  sudo tailscale status   phoenix              glitchcrab@  linux   -   tailscale-relay      glitchcrab@  linux   active; direct, tx 9540 rx 7452

➜  ip r s
default via dev wlp59s0 proto dhcp metric 600 dev wlp59s0 proto kernel scope link src metric 600 dev docker0 proto kernel scope link src dev br-aa079915e170 proto kernel scope link src dev br-63f54406356f proto kernel scope link src linkdown

➜  ip r g dev tailscale0 table 52 src uid 2000

Edit: this is also causing further weirdness to happen. I have monitoring software running inside my LAN which is using ICMP for liveness checks against my laptop. When Tailscale is running I see the following via tcpdump:

15:06:19.534902 wlp59s0 In  IP > ICMP echo request, id 53065, seq 4, length 64
15:06:19.534977 tailscale0 Out IP > ICMP echo reply, id 53065, seq 4, length 64 phoenix glitchcrab@ linux -

this shows laptop is not connected to Tailscale currently. Can you please connect the laptop to Tailscale and then collect the information?

Also, please do not share personal IP information here on the forum, please email directly to support@tailscale.com

The laptop is definitely connected to Tailscale; the Tailscale interface is up, its IP matches the IP in the TS web interface, and I can access other hosts on the same tailnet via magic DNS.

This is what I do currently (actually since I travel infrequently right now I leave it set to not accept routes most of the time). I think there is a GitHub issue open about this as well, so you can add your name there as an interested party.

The tricky bit will be determining the trigger for not accepting the routes; it’s not just as simple as checking to see if those routes are already in the routing table, because if you have multiple subnets in your home network your laptop will have a default route to reach all of them, but the advertised route(s) from Tailscale will be the individual subnets.

1 Like

Any suggestions here @darshinimashar?

A workaround for making sure the LAN traffic does not use a subnet router unnecessarily, one can make the advertised subnet be a less specific route. For example if your LAN is, advertise the subnet route as When you are on the local LAN and it installs a route for, the direct LAN connection will win. When you leave the local LAN and the /24 entry goes away, the /23 entry for the advertised subnet will win.

I came here for the same issue.

In my case:

$ ip r s
default via dev enp0s25 proto dhcp metric 100
default via dev wlp3s0 proto dhcp metric 600 dev enp0s25 proto kernel scope link src metric 100 dev wlp3s0 proto kernel scope link src metric 600

$ traceroute -n
traceroute to (, 30 hops max, 60 byte packets
1 1.123 ms 1.119 ms 1.117 ms
2 1.111 ms 1.106 ms 1.070 ms is my LAN, and I have a node ( that advertises While on my LAN, all my LAN traffic gets routed there.

I tried @darshinimashar 's trick but it didn’t work for me. Changed the node to relay, and I’m still getting routed through the node.

$ sudo ip route flush cache
$ ip r g dev tailscale0 table 52 src uid 1000
$ traceroute -n
traceroute to (, 30 hops max, 60 byte packets
1 0.879 ms 0.810 ms 0.774 ms
2 0.763 ms 0.753 ms 0.741 ms

Here’s a link to the github issue: https://github.com/tailscale/tailscale/issues/1227