Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale - Site B can access Site A, but Site A cannot access Site B

    Scheduled Pinned Locked Moved
    Tailscale
    2
    2
    443
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      twcory
      last edited by

      Hello everyone,
      I am new to Tailscale and have been wanting to set it up for a Site-to-Site VPN essentially. I followed the tutorial videos from Christian McDonald and Lawrence Systems.

      • I have the routes advertised on both ends
      • I added the Outbound NAT mappings for the interfaces (on both sides)
      • I added the pass all traffic rule for the Tailscale interface group

      The problem that I am having is that my Site B can access everything on my Site A, but my Site A cannot. Mainly devices behind the Site A firewall cannot access anything on Site B, but the Site A firewall itself can ping everything on Site B.

      I have checked on both sides and both firewalls have the routes in their respective routing table, I have no firewall rules on the interfaces used for testing that would block the interfaces.

      Here is my Site A configuration:
      Screenshot_650.png
      Screenshot_651.png Screenshot_652.png Screenshot_653.png
      The above screenshot is of a machine behind the Site A firewall.

      Here is from Site B's perspective:

      Screenshot_654.png Screenshot_655.png Screenshot_656.png Screenshot_657.png
      This screenshot shows Site B pinging Site A's management interface just fine.

      I still haven't found anything that would be causing this, I checked the states while trying to ping some site B devices which all ended up with SYN_SENT:CLOSED, which I think means that no traffic was sent.

      If there is anything else I can do to try and figure this out, let me know. I'll provide more info if I missed something. Thanks!

      perikoP 1 Reply Last reply Reply Quote 0
      • perikoP
        periko @twcory
        last edited by

        @twcory I got the same issue.

        Wondering is this is related to free version that just allow 1 subnet?

        The firewall rules interface don't have any function, I had establish some tunnels and no rules on that interface and I can access the network behind pfsense(home office).

        Regards!!!

        Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
        www.bajaopensolutions.com
        https://www.facebook.com/BajaOpenSolutions
        Quieres aprender PfSense, visita mi canal de youtube:
        https://www.youtube.com/c/PedroMorenoBOS

        1 Reply Last reply Reply Quote 0
        • First post
          Last post