Tailscale version: 1.32.1
Your operating system & version: Unifi USG-3P v4.4.56 (VyOS) [Debian 7]
Is it possible to selectively use a tailscale client as an exit node? I currently have tailscale deployed on a UDM-Pro and an USG-3P. The UDM-Pro is configured as an exit node. Is it possible to only send traffic from a certain address group on the USG-3P over tailscale0
? Previously, with wireguard I used the following config:
{
"firewall":{
"group":{
"address-group":{
"VIA_VPN_ADDRESSES":{
"address":[
"10.2.1.0/24"
]
}
}
},
"modify":{
"LOAD_BALANCE":{
"rule":{
"2001":{
"action":"modify",
"modify":{
"table":"1"
},
"protocol":"all",
"source":{
"group":{
"address-group":"VIA_VPN_ADDRESSES"
}
}
}
}
}
}
},
"protocols":{
"static":{
"interface-route":{
"10.10.10.0/23":{
"next-hop-interface":{
"wg1":"''"
}
},
"10.1.0.0/16":{
"next-hop-interface":{
"wg1":"''"
}
},
"10.3.0.0/16":{
"next-hop-interface":{
"wg1":"''"
}
}
},
"table":{
"1":{
"interface-route":{
"0.0.0.0/0":{
"next-hop-interface":{
"wg1":"''"
}
}
}
}
}
}
},
"service":{
"nat":{
"rule":{
"5001":{
"outbound-interface":"wg1",
"protocol":"all",
"source":{
"group":{
"address-group":"VIA_VPN_ADDRESSES"
}
},
"type":"masquerade"
}
}
}
}
}
Is something similar possible with tailscale? I tried specifying the --exit-node=
option, but it completely bricked my security gateway, forcing a factory reset.