Win 10 stopped connecting, can't get ping response

Recently installed Tailscale on home PC running Win 10 Pro behind router/NAT and on Win10 pro laptop. Installations was all OOB with defaults, no Magic DNS or other options.

Tailscale was working OK when on the same W-Fi network and via USB tethering on my phone so I know it was working when connecting from an external network. I could ping and connect an RDP session on using the Tailscale IP as shown in the admin console for the Home system.

Today the laptop isn’t connecting via different Wi_Fi or by USB tethering. Tailscale admin screen shows it as connected and running v 1.8.7, but ping to 100.101.102.103 fails (no response).

sleek==laptop
smooth==HomePC

I can VPN to ‘Smooth’ and it pings 100.101.102.103 OK. So that tells me that end should be OK. Nothing so far on the laptop end has made a difference, reboot, restart TS client etc.

I can’t find anything on what ports TS needs open, some I’m wondering if windows Defender/firewall is blocking outgoing traffic?

Here is what I get with ping attempts on ‘sleek’:

C:\WINDOWS\system32>ping 100.101.102.103

Pinging 100.101.102.103 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 100.101.102.103:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>ping 100.87.50.49

Pinging 100.87.50.49 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 100.87.50.49:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\WINDOWS\system32>tailscale status
100.101.148.15 sleek myTSaccount@ windows -
100.101.102.103 (“hello”) services@ linux -
100.87.50.49 smooth myTSaccount@ windows -

C:\WINDOWS\system32>tailscale ping 100.101.102.103
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
timeout waiting for ping reply
read tcp 127.0.0.1:64439->127.0.0.1:41112: wsarecv: An existing connection was forcibly closed by the remote host.

C:\WINDOWS\system32>

Any ideas/suggestions?

RESOLVED:

Appears that when TS installs it is only enabled for Private network connections in Windows Defender. I enabled access to Public networks and it works OK now. Seems counterintuitive for TS installer to enable ‘Private’ access as the default, when Windows usually defaults to Public.

Thanks! Had the same issue and fixed it the same way (network mode was Public, didn’t work, switched to Private, worked)

We can see that our network is in Public mode by running Get-NetConnectionProfile in Powershell:

PS > Get-NetConnectionProfile

Name             : Tailscale
InterfaceAlias   : Tailscale
InterfaceIndex   : 53
NetworkCategory  : Private
IPv4Connectivity : NoTraffic
IPv6Connectivity : NoTraffic

Name             : Your WiFi or something
InterfaceAlias   : Wi-Fi
InterfaceIndex   : 7
NetworkCategory  : Public
IPv4Connectivity : Internet
IPv6Connectivity : Internet

You can also change it to Private through Powershell, but that’s above me - unless you know the magical incantation it’s just easier to do it through Windows settings.

I’m not sure why Tailscale has issues while in Public mode when though the firewall rule attempts to allow connections for both modes:

PS > Get-NetFirewallRule | Where {$_.DisplayName -eq 'Tailscale-Process' }

Name                  : {snip}
DisplayName           : Tailscale-Process
Description           :
DisplayGroup          :
Group                 :
Enabled               : True
Profile               : Any
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Allow
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 :
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local