I run Tailscale on OPNsense router with routes and exit node advertising.
Everything works well. I can reach my different routes and use my OPNsense as exit node.
The problem is when I’m connected to the OPNsense through Tailscale with exit node enable, I can’t access to my different service hosted on my network with the external IP (actual dns).
The solution with standard OPNsense config is to enable:
Reflection for port forwards
Reflection for 1:1
Automatic outbound NAT for Reflection
It’s work for all my subnets but not for Tailscale.
How I can enable nat reflection / nat loopback with Tailscale ?
If I’m understanding properly, you want to use the public IP to access your machine. If you’re using an exit node, those requests will appear to be coming from the internet, rather than from the LAN.
Can you normally access your services from the internet?
Would you please send us your tailnet details and Tailscale IP of the node you are accessing to and from with the tailscale bugreport captured on failure on support@tailscale.com?
I use --advertise-exit-node and --advertise-routes.
I’m connecting to my node with an Android phone. I can’t use the --exit-node-allow-lan-access option.
I still tried this option from a computer, but it doesn’t work.
We don’t yet have a setting to allow local LAN access from iOS or Android.
If it’s not working from a computer on the LAN, that is another issue. If that’s the case, can you create a bugreport close to the time of failure, and email the code it generates to support@tailscale.com ?
If you include a link to this thread, we’ll know the history here too.