Traffic going in 1 direction only
-
I have the following setup
- pfSense router is connected to LAN (192.168.1.0/24)
- Cloud VMs running tailscale (different clouds - AWS and Azure)
- pfSense and Cloud VMs are connected via the Tailscale - CIDR - 10.7.1.1
- pfSense Tailscale Client has advertise the subnet routes 192.168.1.0/24 and is accepting routes
- CLoud VMs tailscale clients has also advertised their routes (pvt.ips) 10.1.1.147 and 10.0.0.101
- The following Rule is defined in the pfsense
Results:
- All direct tailscale clients (pfSense and Cloud VMs) are able to talk to each other - 10.7.1.1 <-> 10.7.1.2 <-> 10.7.1.3
- Cloud VMs can also ping subnet of pfSense 192.168.1.0/24 - 10.1.1.147 --> 192.168.1.111 and so on
- But the Vice Versa - i.e machines in pfSense network is not able to talk to Cloud VMs - either the Tailscale IP (10.7.1.1 or 10.7.1.3) or Pvt Ips (10.1.1.147 or 10.0.0.101)
- machines in pfSense network is obviously able to talk to pfSense's Tailscale ip (10.7.1.2) as it is the same as local network CIDR 192.168.1.0/24)
Question:
- I think I just need to setup some rule to allow the comms from subnet of pfSense to cloud VMs as they are already connected
- Tailscale is probably not the culprit as it is already allowing traffic from Cloud VMs to PfSense & its Subnet
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.