To do is set up a bunch of static routes on the workplace and home routers

Raspberry Pi
1

Hello,
after a long time with test from many idea, I need help… :slight_smile:

So it looks like what you will want to do is set up a bunch of static routes on the workplace and home routers so that the two machines are able to route traffic between eachother over Tailscale. I am pretty sure you will need to set up routes for your workplace addresses pointing to the home raspi on your home router, and also for your home addresses pointing to the work raspi on your work router. You may also want to set a static route for Tailscale’s IP range.

Yes this is the Idea.

What I have done:
first of all, I have made a roule on my “FritzBox” Router:
Home Net: 192.168.178.0/24
Roule on Router: 192.168.0.0/24 send to 192.168.178.111 (Raspberry PI)

This Roule it´s working fine.

Now the Problems beginn for me:

“Eth0” at the Raspbeery PI (192.168.178.111)
and the
“tailscale0” internal tunnel conection PI (100.80.xxx.xxx)

has no routing.
One of the Idea was:
sudo ip route add 192.168.0.0/24 via 100.80.xxx.xxx) it´s not working.

I´m not the best at networking, but I like tailscale more and more.
Maby one have an step by step Idea, for an beginner :slight_smile:
Thanks at all for your help

best regards

Some more Information:
root@TailscaleHome:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.178.1 0.0.0.0 UG 202 0 0 eth0
192.168.178.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0

root@TailscaleHome:~# ip route
default via 192.168.178.1 dev eth0 proto dhcp src 192.168.178.111 metric 202
192.168.178.0/24 dev eth0 proto dhcp scope link src 192.168.178.111 metric 202

root@TailscaleHome:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.xxx.xxx/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:db:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.178.111/24 brd 192.168.178.255 scope global dynamic noprefixroute eth0
valid_lft 863020sec preferred_lft 755020sec
inet6 fe80::b0bf:454e:xxx:xxx/64 scope link
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b8:27:eb:8e:xxx:xxx brd ff:ff:ff:ff:ff:ff
4: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 100.80.xxx.xxx/32 scope global tailscale0
valid_lft forever preferred_lft forever
inet6 fd7a:xxx:a1e0:xxx:4843:cd96:xxx:xxx/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::xxx:1642:276d:xxx/64 scope link stable-privacy
valid_lft forever preferred_lft forever
root@TailscaleHome:~#

2

You probably want to configure tailscale as a relay node: Subnet routes and relay nodes - Tailscale

Don’t forget to use --accept-routes on the remote node so that it is willing to route through your relay.

3

Hello,
Thanks for your Answer and Help :slight_smile:

Yes thats right, I have used this configure and yes it is works.
But only the “first” step… If I use “–accept-routes” I can ping into all Tailscale network and roules.
This is the way I need. But now it beginn the Problems for me.

My router at home (192.168.178.1) at home send my Question (192.168.0.1) to the PI (192.168.178.111)

Now End way… and stop at Eth0 from the PI

What must I do, that i can write a roule into the PI… 192.168.0.1 must go to “tailscale0” internal tunnel conection PI (100.80.xxx.xxx)

Thanks for any help :slight_smile:

4

It sounds like you are doing --accept-routes on your Pi, and that works when you ping 192.168.0.x locally from the Pi, but you want other devices on your LAN to be able to use the Pi as a router?

If you want 192.168.178.x to be routed over tailscale, then your Pi must add --advertise-routes=192.168.178.0/24, and the remote end must add --accept-routes. This is in addition to the --accept-routes and --advertise-routes options you were using before (since you have two subnets, one side must advertise each subnet).