VM on Host Machine Has Access to Tailnet of Host Machine

I have a VM with the IP, on a host machine with the IP The VM has the same access to my tailnet machines as the host.

Yes, that’s how routing works if you don’t do anything to change it. VMs by default have access to all of the same network resources as their host machine if they are using host-NAT networking. If you want to limit the VM’s access to network resources you’ll either need to give it a separate network interface (usually called 'bridged networking), or use firewall features on the host to limit the VM’s access to resources.

Thank for the explanation, understood.

I guess this makes sense, though I’ve never witnessed it before. This should be the same for normal VPNs then? i.e. If I start an OpenVPN connection on the host, VMs on it will get the same routes the VPN server gives the host? I guess so, but it’s funny how I’ve never noticed before.

Yes, in a way. The VMs, in your configuration (not all VM configurations) are using the host as a router, so they can reach anything it can reach.