By default the subnet router replaces the Tailscale IP source address 100.x.y.z with its own LAN address. This makes it simpler for the cameras to send a response: the camera thinks it is talking to 10.10.1.1, there on its local LAN. It also means the cameras cannot connect to 100.x.y.z, as they cannot get through NAT.
There is a --snat-subnet-routes=false argument which tells the subnet router to pass the 100.x.y.z addresses onto the local LAN.
HOWEVER: routing on the LAN is outside of Tailscale’s control. The cameras need to know that to reach 100.64.0.0/10 the next hop is 10.10.1.1. If the subnet router is also the default route for the LAN this tends to be simple. If there is a separate Wi-Fi AP as the default route and the subnet router is a separate node, getting a route to 100.64.0.0/10 installed on the cameras will be harder.
