• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Tailscale - Site B can access Site A, but Site A cannot access Site B

Scheduled Pinned Locked Moved Tailscale
2 Posts 2 Posters 534 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    twcory
    last edited by Feb 12, 2023, 7:47 AM

    Hello everyone,
    I am new to Tailscale and have been wanting to set it up for a Site-to-Site VPN essentially. I followed the tutorial videos from Christian McDonald and Lawrence Systems.

    • I have the routes advertised on both ends
    • I added the Outbound NAT mappings for the interfaces (on both sides)
    • I added the pass all traffic rule for the Tailscale interface group

    The problem that I am having is that my Site B can access everything on my Site A, but my Site A cannot. Mainly devices behind the Site A firewall cannot access anything on Site B, but the Site A firewall itself can ping everything on Site B.

    I have checked on both sides and both firewalls have the routes in their respective routing table, I have no firewall rules on the interfaces used for testing that would block the interfaces.

    Here is my Site A configuration:
    Screenshot_650.png
    Screenshot_651.png Screenshot_652.png Screenshot_653.png
    The above screenshot is of a machine behind the Site A firewall.

    Here is from Site B's perspective:

    Screenshot_654.png Screenshot_655.png Screenshot_656.png Screenshot_657.png
    This screenshot shows Site B pinging Site A's management interface just fine.

    I still haven't found anything that would be causing this, I checked the states while trying to ping some site B devices which all ended up with SYN_SENT:CLOSED, which I think means that no traffic was sent.

    If there is anything else I can do to try and figure this out, let me know. I'll provide more info if I missed something. Thanks!

    P 1 Reply Last reply Apr 11, 2023, 6:48 AM Reply Quote 0
    • P
      periko @twcory
      last edited by Apr 11, 2023, 6:48 AM

      @twcory I got the same issue.

      Wondering is this is related to free version that just allow 1 subnet?

      The firewall rules interface don't have any function, I had establish some tunnels and no rules on that interface and I can access the network behind pfsense(home office).

      Regards!!!

      Necesitan Soporte de Pfsense en México?/Need Pfsense Support in Mexico?
      www.bajaopensolutions.com
      https://www.facebook.com/BajaOpenSolutions
      Quieres aprender PfSense, visita mi canal de youtube:
      https://www.youtube.com/c/PedroMorenoBOS

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        [[user:consent.lead]]
        [[user:consent.not_received]]