Tailscale routes / exit nodes / ACLs localhost

I’m curious how to allow localhost traffic.

For simplicity, my setup is:

  • Laptop →
  • exit node (Vultr, most traffic, pins my IP for other firewall rules for non-tailscale hosts)
  • home automation Pi (traffic for 192.168.2.1, 192.168.1.1, to let me access my router)

I don’t have a good solution for accessing localhost.

How would you do that?

example ACLs:

		{
			"action": "accept",
			"src":    ["tag:home"],
			"dst":    ["autogroup:internet:*"],
		},
		{
			"action": "accept",
			"src":    ["tag:home"],
			"dst":    ["192.168.1.0/24:*", "192.168.2.0/24:*"],
		},

on pi: sudo tailscale up --advertise-routes=192.168.1.1/24,192.168.2.0/24
on VPS: sudo tailscale up --advertise-exit-node
on laptop: sudo tailscale up --exit-node=100.vps-whatever --accept-routes

Hi what do you mean “localhost”? which one?

I’m running the router node on my Home Assistant Raspberry Pi as a add-on (GitHub - tsujamin/hass-addons), which can access the “local host” being the Pi itself from the addon container using the “userspace_networking” option, which also allow me to reach the other subnets annouced, including uplink (to the wan VLAN) and downlink (to the other lan VLAN) and it works well for me.