I set up Headscale and Tailscale using Docker on a VPS, which I want to use as my public IPv4 and Reverse Proxy to route incoming traffic to my local network and e. g. my home server. I also set up Tailscale using Docker on my home server and connected both to my Headscale server.
I am able to ping on Tailscale container from the other and vice versa and set up –advertise-routes=192.168.178.0/24 on my home server as well as –accept-routes on my VPS, but I can’t ping local IP addresses from my VPS. What am I missing?
Both container are connected to the host network, I have opened UDP ports 41641 and 3478 on my VPS.
Try v1.60.1
image: tailscale/tailscale:v1.60.1
To pull that version of tailscale. Latest broke subnets.
Did you enable the route in the admin web ui?
That should be all that’s required. Are you using ACLs? If so you need to provide access to the subnet router as well as a rule to the IP behind it
I ran into a similar problem with tailscale. It looked like I needed to disable source NAT but that didn’t appear to be implemented in the FreeBSD package so it didn’t work for me. If you’re in Linux it might be worth a shot.
--snat-subnet-routes=false
“Disables source NAT. In normal operations, a subnet device will see the traffic originating from the subnet router. This simplifies routing, but does not allow traversing multiple networks. By disabling source NAT, the end machine sees the LAN IP address of the originating machine as the source.”
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
| Fewer Letters | More Letters |
|---|---|
| IP | Internet Protocol |
| NAT | Network Address Translation |
| UDP | User Datagram Protocol, for real-time communications |
| VPN | Virtual Private Network |
| VPS | Virtual Private Server (opposed to shared hosting) |
5 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #703 for this sub, first seen 22nd Apr 2024, 16:55] [FAQ] [Full list] [Contact] [Source code]
‘ip route show’ on all machines. Make sure they know how to get to each other.
You expect to see the subnet of the VPN network mentioned, and the wg0 interface as it’s gateway. Also might want to make sure your wg0 interface even exists and is up with ‘ip addr show’
Are you sure Tailscale in Docker is creating a wg0 interface? Because I got a working connection between my smartphone and my home server and the home server is not showing any interface related to Tailscale?
default via 192.168.178.1 dev ens18
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.178.0/24 dev ens18 proto kernel scope link src 192.168.178.178
