Hi there we are putting all of our machines onto tailscale, and one of the sites that we access has the ability to lockdown administration/login to only being accessed by defined ip addresses. It seems like we could set a node as an exit node and then we could use that devices ip for this purpose, but having so many devices funnel through a single device for all internet traffic seems overkill and prone to some issues.
Is there a way to continue to have all non tailscale traffic continue out to the internet directly from all devices on whatever network/connection they are on, but for certain sites direct that interaction through the tailscale network?
1 Like
Just a thought, you can maybe achieve this with a combination of static routes, router node and local DNS relay.
Something like, all your machines query the local DNS relay, and all traffic is routed via plain internet except when you query this specific site, the DNS provides an IP that will be routed via the router node to the said site, nating the source IP with the router IP with the right config, so the site will accept the connection as it knows the router IP.
That’s doing a partial exit node adhoc sort to say. For other purpose I’m running a DNS proxy on the router node and it works well, except in my case I’m trying to get the source IP, not the one from the router node…
1 Like
I’m also looking for a solution to this. In my case, the IP of the site I want to access is not fixed, so I’m unable to use the subnet router feature as it is right now.