Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale client on public network can't access local domains defined in "Host Override"

    Scheduled Pinned Locked Moved Tailscale
    2 Posts 1 Posters 951 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bthovenB
      bthoven
      last edited by

      my domain: mydomain.com
      my home domain: home.mydomain.com

      Pfsense: DNS resolver enabled with forwarded DNS enabled, and use Quad9 as upstream DNS (specified in pfSense General)
      HAproxy on pfSense: handle public requests from public network (xxx.mydomain.com); and handle my home local domain (xxx.home.mydomain.com), by creating a Virtual IP, specifying all local subdomains (xxx.home.mydomain.com) in DNS-->Hosts Override pointing to the Virutal IP. So the same set of Haproxy acls/actions/backends is shared for both xxx.mydomain.com and xxx.home.mydomain.com

      Use scenarios with tailscale disconnected:
      - using public internet
      enter url: xxx.mydomain.com, success as expected
      enter url: xxx.home.mydomain.com, not success as expected
      - using home wifi
      enter url: xxx.mydomain.com or xxx.home.mydomain.com, all success as expected

      Now with Tailscale into the mixes
      Headscale server: a docker container on my unraid, serving tailscale client via: headscale.mydomain.com
      config: override_local_dns: true, nameservers: 192.168.1.1 (pfSense), magicdns: true

      Tailscale clients:

      • on pfSense: router subnet allowed to access 192.168.1.0/24
      • on debian vm (on Unraid, 192.168.1.2): as an exit node (not using pfSense as an exit node because I always lost internet connection when other tailscale clients use pfSense tailscale as an exit node)
      • other laptops, mobile phones, ipad
        Use scenarios with tailscale connected:
        - using public internet
        enter url: xxx.domain.com, success as expected
        enter url: hostname.local domain defined in pfSense General ui: working
        enter url: xxx.home.mydomain.com: not working
        - using home wifi: all scenarios above work

      My question is, when using public internet with tailscale connected, how can I access xxx.home.mydomain.com?
      Please note that when I use wireguard connected to my pfsense, I can access xxx.home.mydomain.com

      bthovenB 1 Reply Last reply Reply Quote 0
      • bthovenB
        bthoven @bthoven
        last edited by bthoven

        @bthoven I found that using Virtual IP for my home.mydomain.com was the issue. Instead, using LAN interface IP (for my pfSense setup--> 192.168.1.1) has solved the problem.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.