Tailscale - Site B can access Site A, but Site A cannot access Site B

twcory

Hello everyone,
I am new to Tailscale and have been wanting to set it up for a Site-to-Site VPN essentially. I followed the tutorial videos from Christian McDonald and Lawrence Systems.

• I have the routes advertised on both ends
• I added the Outbound NAT mappings for the interfaces (on both sides)
• I added the pass all traffic rule for the Tailscale interface group

The problem that I am having is that my Site B can access everything on my Site A, but my Site A cannot. Mainly devices behind the Site A firewall cannot access anything on Site B, but the Site A firewall itself can ping everything on Site B.

I have checked on both sides and both firewalls have the routes in their respective routing table, I have no firewall rules on the interfaces used for testing that would block the interfaces.

Here is my Site A configuration:


The above screenshot is of a machine behind the Site A firewall.

Here is from Site B's perspective:

This screenshot shows Site B pinging Site A's management interface just fine.

I still haven't found anything that would be causing this, I checked the states while trying to ping some site B devices which all ended up with SYN_SENT:CLOSED, which I think means that no traffic was sent.

If there is anything else I can do to try and figure this out, let me know. I'll provide more info if I missed something. Thanks!

periko

@twcory I got the same issue.

Wondering is this is related to free version that just allow 1 subnet?

The firewall rules interface don't have any function, I had establish some tunnels and no rules on that interface and I can access the network behind pfsense(home office).

Regards!!!