No Traffic over advertised subnets


since I read about the “Subnet routes and relay nodes - Tailscale” I was intregued to find out more.
But sadly I am not able to even try this feature.

When I activate one on a machine -> image. And then also over the webinterface,

I can ping pong endpoints in this subnet.

As I see, ICMP is working. I have to say that works pretty fine, since it ignores every firewalls in its way.

But nothing else. No RDP, SSH, SCP, SFTP, FTP, HTTP and so on.

What could be the reason for that?

Maybe the firewalls are indeed working? Are you running a firewall on that subnet relay?

Do you have Tailscale ACLs configured?


thank you for your reply. I shut down all the Firewalls behind the tailscale-relay-server and I still can’t reach a Windows machine over RDP.

The whole subnet is And this is exactly what I setup as a “subnet-route” over tailscale.

Lets say the machine with tailscale installed is with CentOS and the Windows machine is They can see each other and ping, but there is no use of RDP (through the tailscale tunnel) possible.

There are just the default ACLs set.

Do you need to pay for that feature and therefore it is disabled?

All the best,

No, we’re not limiting it. Does your RDP work otherwise, without Tailscale?

Give us a source IP, destination IP, and time, and we can look at your logs and see what’s going on.

Yes, RDP works the moment I turn off tailscales subnet routes. While they (the subnet-routes) are active the RDP within the subnet aren’t working (so I would expect at least they work over tailscale, but they don`t).

With source / destination IP you mean the tailscale IPs? Can I send them via PM?

Hello, you can email your IPs on


I reinstalled the machine I used as relay. And jumped from CentOS 8 to CentOS 7.
There were no changes in the environment otherwise. And now it is working.

I can’t see where the issue was. Thank you for your time. Next time I just reinstall the machine… :smiley:

All the best,