Hi,
This is like a site-to-site network, except I want my LAN machines that don’t have tailscale installed to be able to access servers that are in WAN locations. But I don’t want these WAN servers to be able to initiate connections back to machines on my LAN.
For example:
I have a LAN with machines on subnet 10.0.0.0/24.
I tave a server in another location that is running Taliscale. Let’s say its IP is 100.10.20.30.
I have setup a machine on my LAN with Tailscale on 10.0.0.2 running Ubunto 24.04. It’s Tailscale IP is 100.10.50.60.
I have setup a static route in the LAN router: 100.10.20.30/32 via 10.0.0.2
I have enabled “net.ipv4.ip_forward = 1” and “net.ipv6.conf.all.forwarding = 1” in /etc/sysctl.conf
I have run tailscale up --accept-routes --snat-subnet-routes=true (also tried false)
I have setup a static route on 100.10.20.30: 10.0.0.0/24 via 100.10.50.60.
Pings from LAN machines to 100.10.20.30 time out.
Traceroutes from machines on the network go 10.0.0.1 => 10.0.0.2 => and then time out.
When pinging 100.10.20.30, TCPDump on 10.0.0.2 shows:
IP 10.0.0.136 > myhost.tailxxxxxx.ts.net: ICMP echo request, id 1, seq 5251, length 40
but no replies.
What am I missing?
Thanks,
Tony