Support Firewall portfoward for Subnet gateway

Tailscale version

Your operating system & version
2x OPNsense (Firewall HA Carp Cluster)
Almalinux 9.2 (running Tailscale client as subnet gateway)


i am creating a subnet gateway to deliver dns and internel servers to users on the road. I found that all connections run over relay servers and that slow down a bit. So i created a port forward on wan with my opnsense cluster with port 41631 redirecting to to my tailscale subnet gateway port 41631, i tested this port from external and i can see it reaches my machine with the tailscale subnet gateway. This was unsuccessful, tailscale does not use or know about this port forward. This worked with Zerotier i used previously but not with Tailscale.

I tried a hacky upnp solution and found that a port forward created by upnp works, but that is unwanted and break with firewall carp failover as upnp is not supported in this scenario and use random wan IPs that may not be work in failover as upnp on OPNsense is not HA aware.

I would like to see the option to use a simple port forward from wan to the tailscale subnet router to make stuff work. Maybe give tailscale an option to use a specific port so it knows it is reachable on this port.