Public IPv4 Address + Subnet Forwarding

SupportBot · October 27, 2020, 6:54pm

Tailscale user:
Our customer support uses Postman to hit internal APIs, and we typically facilitate this through IP whitelisting at the Security Group level. One of our members has a satellite connection that reallocates her IP frequently, so I was hoping to Tailscale her in - seems like a great solution.

We have hundreds of these endpoints hardcoded to the public IP address of our API server. I followed the subnet routes guide, configuring it to use the instance’s public IP with a /32 CIDR range, but I can’t ping or resolve HTTP requests from my laptop. (The internal Tailscale-assigned IP does work).

Do you think this feature can work with the public IP?

SupportBot · October 27, 2020, 7:00pm

Tailscale support:
If I understand correctly, you’ve installed Tailscale on your member’s device (the one using a satellite connection). Have you also installed it on your API server (or some server or virtual machine on the same subnet)?
Essentially, you’ll want to configure the IP whitelist to contain the (non-Tailscale) IP address of the endpoint where Tailscale traffic is emerging. If that’s the API server itself then that’s ideal, but it could be any device that has a public IP address that is in your whitelist.

This article is relevant: https://tailscale.com/kb/1059/ip-blocklist-relays

Topic		Replies	Views
Route external traffic through Tailscale	3	942	October 5, 2021
Tailscale: publically routable IPs for nodes?	0	350	January 27, 2023
Advertise hosts LAN IPs SUPPORT QUESTIONS	0	302	August 28, 2022
Advertising 100.125.0.0/16 route?	2	466	September 29, 2022
Using a subnet router with ipv6 SUPPORT QUESTIONS	4	1366	March 11, 2022

Public IPv4 Address + Subnet Forwarding

Related Topics