Using pfSense as Tailscale exit node only partially works
-
When setting my tailscale client to use the pfSense at a remote location as the exit node. Some websites works others do not, I am not sure why, any ideas or is it a known issue?
Sites that work:
facebook.com
slashdot.orgSites that do not work:
test-ipv6.com
netgate.comThe error starts of with site unexpected closed connection and then ends up with connection was reset according the browser error page.
I tested with Brave and Google Chrome
-
Did some more tests and it works fine with Firefox and Safari, which is weird.
I disabled extensions in Chrome and it still did not work, anybody got any ideas? -
@jpedrot Chrome based browsers had a change a while back that break Tailscale exit nodes if the exit node does not have IPv6 support. This is why it works with Safari and Firefox. IPv4 only website works but IPv6 supported website doesn't has Chrome based browsers tries first to connect with IPv6. As the Exit node does not have IPv6, the request get dropped. (Short explanation)
https://redmine.pfsense.org/issues/13489
Looks like there are no fix from Netgate at this point. 1.30 fixed the issue but the version for pfSense is still 1.26.2.
-
Thanks @mhache, then I have temp workaround until pfSense updates its Tailscale package.
-
@jpedrot You can try this:
https://www.reddit.com/r/PFSENSE/comments/yw82cq/guide_manually_install_a_newer_version_of/ -
@mhache I am lazy, so I will wait for Netgate to update the package. I just enabled IPv6 for the WAN interface and that worked like a charm.