I’ve got a site that’s using Starlink so I’ve set this site up with pfSense and connecting it to another office with pfsense using Tailscale.
Site A LAN ↔ pfSense <->Starlink <–Tailscale–> ISP ↔ pfSense ↔ Site B LAN
What I Can Do:
- Site A LAN can ping the Tailscale Address from LAN and WAN pfSense Interface
- Site A WAN can ping Site B LAN
- Site B LAN can ping Site A LAN
What I Can’t Do:
- Site A LAN cannot ping Site B Lan
What I’ve Checked:
- Firewall Rules are the same on both sides, nothing being blocked in the firewall logs either.
- Nat Rules are reflective on both sides (IE: Destination IPs are swapped)
NAT Example:
Tailscale | Source: Any | Source Port: Any | Destination: Site B LAN | Destinaton Port: Any | NAT Address: Tailscale Address | Nat Port: Any
- Both Firewalls are on the same pfSense version and Tailscale version.
- Routing rules are visible in the Route Tables for LAN B and Route Advertising is Enabled on Tailscale.
Quite perplexed on this one. I had one person suggest upgrading the package of Tailscale to the most latest version using SSH but that’s not fully supported by Netgate so I would prefer to try something else first.
Since Site A WAN can ping Site B LAN the only thing I can think of is it being a NAT issue since Starlink uses CGNAT but I’m not sure what I should try.