I have a VPS with multiple public IP addresses (e.g., 126.96.36.199, 188.8.131.52).
Then I have a laptop that’s connecting to the internet through whatever.
I want my laptop to be reachable through one of the public IP addresses of the VPS (e.g., 184.108.40.206), to host random services.
Tailscale is installed on both the VPS and the laptop.
tailscale up --advertise-routes 220.127.116.11/32 --snat-subnet-routes=false on the laptop,
tailscale up --accept-routes on the VPS.
edit forwarding is enabled on both VPS and laptop, and there’s no firewall. edit
Now, from the VPS, I can ping the laptop at 18.104.22.168. I do see the ICMP echo request/reply on the laptop, the source address is the tailnet IP.
Now I want the internet to access 22.214.171.124 forwarded through tailnet, but pings don’t get through.
I do see the ICMP request on the VPS on tailnet0, but not on the laptop. I do see the tailnet wireguard encapsulated traffic arriving on the tailscale port on the laptop.
But still the echo request and/or reply get eaten somewhere.
Am I missing something? I’m aware that the laptop might choose a different route for its reply, but shouldn’t I at least see the echo request coming in on tailscale0?
(I did use plain wireguard for this, and it worked well. But of course in reality this will get more comlex, and Tailscale is awesome.)
Thanks for any suggestions!