Tailscale on OPNsense

robert · February 1, 2021, 2:57pm

So i have installed Tailscal on my OPNsense box, as described here : Setting up Tailscale on OPNsense - Tailscale

I get an ip, but i have a hard time, getting anything to work.
Can anybody tell, when other steps they did, to make it usable in this setup ?

Thanks

SupportBot · February 3, 2021, 1:15am

OPNsense, and FreeBSD more generally, are community supported and built from the Tailscale client code (which is open source). However some of us do run OPNsense ourselves, including me.

The instructions set up tailscale for just the OPNsense host, so you can (for example) remotely connect to its web UI. If you’re expecting OPNsense to route from your LAN to the tailscale network, that can be done but requires an additional option when bringing the network up: https://tailscale.com/kb/1019/subnets

You’ll need to accept the subnet routes in https://login.tailscale.com/admin/machines before they will work. If everything is configured correctly you’ll see a “Subnets” badge on the machine. A screenshot from my admin panel is attached.

One note, however: Subnet Routing isn’t a feature in the free Solo plan. https://tailscale.com/pricing/
(I pay for the Connectivity plan for my personal Tailscale use.)

robert · February 3, 2021, 7:04am

Thanks for your answer.

One thing that strikes me, is that Subnet routing is not part of the free plan ?
Is this new ?
I can’t recall to have seen that, and honestly, i have been using it, on my plan.

Regards

/Robert

SupportBot · February 4, 2021, 12:14am

The subnet routing feature is not disabled in any tier, and we encourage people to try it to make sure it will meet their needs.

Nnyan · April 16, 2021, 10:18pm

I just installed Tailscale on OPNsense and just with the defaults that showed up (the guide doesn’t show how to configure the rest , ex: dhcp, etc…) I never get an IP. But in my TS portal I do see OPNsense there with an IP. But I still can not access devices directly.

SupportBot · April 16, 2021, 10:35pm

Tailscale interfaces don’t use DHCP to configure themselves, running “service tailscaled start” followed by “tailscale up” is sufficient. You should see an IP address in ifconfig:

root@OPNsense:~ # ifconfig tailscale0
tailscale0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
options=80000
inet 100.64.1.1 → 100.64.1.1 netmask 0xffffffff
inet6 fd7a:115c:a1e0:ab12:4843:cd96:6240:0101 prefixlen 48
groups: tun
nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD>
Opened by PID 31526

Nnyan · April 20, 2021, 7:11am

so i had to stop the tailscaled service and restart it. Now ifconfig hows the 100.67.223.113 IP that the admin console shows. I can ping out to the test site 100.101.102.103 and other devices from opnsense but can not ping the opnsense from any other devices.

Nnyan · April 20, 2021, 7:16am

Ignore my last email I did not have a default rule for the tailscale interface. working fine now! Thank you!

tappis · November 14, 2022, 7:40pm

Do you happen to remember how you did it ? Same problem here.

Or if anyone else can guide me to do the necessary stuff in CLI. My issues:

Opnsense in VM can ping other VMs
Other VMs can’t ping opnsense or access gui
Tailscale machine list shows connection to the opnsense VM.

ColeTrain · January 29, 2023, 6:30pm

thank you. your mistake helped me, that was my mistake!

chris.dempsey · March 11, 2023, 2:31pm

@tappis
Did you ever find the solution to this? I have the exact same symptoms but despite hours of reading am still unable to reach the OPNsense GUI from other devices on the same Tailnet.

@ColeTrain
You seem to indicate you didn’t have a default rule for the Tailscale interface - I believe I have implemented this but still unable to reach the OPNsense GUI.

Any suggestions welcome.