At a loss here, even after reading dozens of articles, posts, etc on the topic. I’ve definitely got to be missing something obvious. I’ll drive right in with the details:
Situation: I have 2 tailscale-connected machines at home. I have one mobile device (android, but also adding an ipad once I get all this working). I would like to connect to Tailscale, then access the home network (not just the 2 machines with tailscale installed) as needed. I would like to be able to use an exit node for certain situations to route traffic through home.
Problem: The mobile will connect to the tailnet with no issue. It can access anything hosted on the 2 tailscale devices at home via their tailscale IPs. However, it cannot access any other IP on the home network and cannot use the exit node (internet with exit node enabled simply doesn’t work). I’ve tested using both home devices as advertiser and exit node, with the same results.
Details:
- Home network is 192.168.0.0/24 and is advertised by both tailscale devices present there.
- Device 1 at home is a Synology, running the 1.44 Tailscale client. All task scheduler steps per the instructions have been run and the Synology rebooted. No change.
- Device 2 at home is an Opnsense firewall, on 1.42. Followed guides, added the interface, etc. No change.
- Both home devices are flagged and approved as advertising 192.168.0.0/24 and are set as exit nodes.
- ACL should be allowing access to all from my account
- When I connect without exit node, I can get to the internet and the 2 above devices, but not to the home network.
- When I connect with an exit node, I cannot get to the internet, cannot get to home network, but can get to the 2 devices.
- MagicDNS is turned ON and appears to be working.
When connected with mobile (v1.42):
- Ping 192.168.0.1 fails
- Ping 100.90.x.x (192.168.0.1’s tailnet IP) instead, succeeds
- Ping 192.168.0.x (any IP on homenet) fails
- [Using exit node] Ping 8.8.4.4 fails
- [Using exit node] Ping google.com fails
Been struggling with this a few days and just can’t find where the problem is. Would appreciate any help anyone can give!
[Edit]
Ok, it’s weirder than I thought. I restarted/retested the connection about 10 times. 3 of 10 times, it worked perfectly in all ways. 7 of 10 times, it didn’t work at all. I’m starting to think Android is just flaky.
[Edit #2]
Disregard. Found the issue…sort of. The ACL rules were not always getting processed (they weren’t “wrong” but strangely some didn’t always/consistently apply). I rewrote them with the same result under Preview Rules and now they’re working consistently. I’m chalking this one up to gremlins.