Split tunnel with exit node questions

Hi everyone!

I’m new to using tailscale and starting to setup my home network and VPS exit node and had a question:

Is there a recommended way to exclude traffic from a LAN subnet from tailscale?

I have a couple non-tailscale devices send backups to my home server via its local 192 address. I’d like to have the server available via both the tailscale subnet and the local subnet, and all non-local traffic sent to an exit node.

On the server, could I do something like tailscale up --accept-routes --advertise-routes=192.168.1.0/24 --exit-node=100.x.x.x ? And then on the devices tailscale up --exit-node=100.x.x.x?

Or is it possible to apply Tailscale to only traffic processed by a particular NIC? I have two NICs on the server, and could restrict one to only local traffic, but not sure how I would tell Tailscale to only apply to the other NIC.


Also, using an exit node, will tailscale send all traffic through the exit node even if it’s to another tailscale client on a local network? E.g. if I have laptop.tailscale on desktop.tailscale my localnet and exitnode.tailscale on a VPS, and I SSH from laptop to desktop, will the SSH traffic be routed from laptop -> exitnode -> desktop or directly laptop -> desktop?


If it makes a difference, in my case I’ll be using MacOS for one device, iOS for one device, and Linux for several other devices on the tailscale network. The other devices that interact with the split tunnel server for backups are also Linux.

Thanks for the help!

There is a switch you can use called --exit-node-allow-lan-access

This will route LAN addresses directly, instead of trying to send them over the exit node.