Hi there we are putting all of our machines onto tailscale, and one of the sites that we access has the ability to lockdown administration/login to only being accessed by defined ip addresses. It seems like we could set a node as an exit node and then we could use that devices ip for this purpose, but having so many devices funnel through a single device for all internet traffic seems overkill and prone to some issues.
Is there a way to continue to have all non tailscale traffic continue out to the internet directly from all devices on whatever network/connection they are on, but for certain sites direct that interaction through the tailscale network?
Just a thought, you can maybe achieve this with a combination of static routes, router node and local DNS relay.
Something like, all your machines query the local DNS relay, and all traffic is routed via plain internet except when you query this specific site, the DNS provides an IP that will be routed via the router node to the said site, nating the source IP with the router IP with the right config, so the site will accept the connection as it knows the router IP.
That’s doing a partial exit node adhoc sort to say. For other purpose I’m running a DNS proxy on the router node and it works well, except in my case I’m trying to get the source IP, not the one from the router node…