This is like a site-to-site network, except I want my LAN machines that don’t have tailscale installed to be able to access servers that are in WAN locations. But I don’t want these WAN servers to be able to initiate connections back to machines on my LAN.
I have a LAN with machines on subnet 10.0.0.0/24.
I tave a server in another location that is running Taliscale. Let’s say its IP is 22.214.171.124.
I have setup a machine on my LAN with Tailscale on 10.0.0.2 running Ubunto 24.04. It’s Tailscale IP is 126.96.36.199.
I have setup a static route in the LAN router: 188.8.131.52/32 via 10.0.0.2
I have enabled “net.ipv4.ip_forward = 1” and “net.ipv6.conf.all.forwarding = 1” in /etc/sysctl.conf
I have run tailscale up --accept-routes --snat-subnet-routes=true (also tried false)
I have setup a static route on 184.108.40.206: 10.0.0.0/24 via 220.127.116.11.
Pings from LAN machines to 18.104.22.168 time out.
Traceroutes from machines on the network go 10.0.0.1 => 10.0.0.2 => and then time out.
When pinging 22.214.171.124, TCPDump on 10.0.0.2 shows:
IP 10.0.0.136 > myhost.tailxxxxxx.ts.net: ICMP echo request, id 1, seq 5251, length 40
but no replies.
What am I missing?