• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Tailscale client on public network can't access local domains defined in "Host Override"

Scheduled Pinned Locked Moved Tailscale
2 Posts 1 Posters 961 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    bthoven
    last edited by Feb 6, 2024, 11:41 AM

    my domain: mydomain.com
    my home domain: home.mydomain.com

    Pfsense: DNS resolver enabled with forwarded DNS enabled, and use Quad9 as upstream DNS (specified in pfSense General)
    HAproxy on pfSense: handle public requests from public network (xxx.mydomain.com); and handle my home local domain (xxx.home.mydomain.com), by creating a Virtual IP, specifying all local subdomains (xxx.home.mydomain.com) in DNS-->Hosts Override pointing to the Virutal IP. So the same set of Haproxy acls/actions/backends is shared for both xxx.mydomain.com and xxx.home.mydomain.com

    Use scenarios with tailscale disconnected:
    - using public internet
    enter url: xxx.mydomain.com, success as expected
    enter url: xxx.home.mydomain.com, not success as expected
    - using home wifi
    enter url: xxx.mydomain.com or xxx.home.mydomain.com, all success as expected

    Now with Tailscale into the mixes
    Headscale server: a docker container on my unraid, serving tailscale client via: headscale.mydomain.com
    config: override_local_dns: true, nameservers: 192.168.1.1 (pfSense), magicdns: true

    Tailscale clients:

    • on pfSense: router subnet allowed to access 192.168.1.0/24
    • on debian vm (on Unraid, 192.168.1.2): as an exit node (not using pfSense as an exit node because I always lost internet connection when other tailscale clients use pfSense tailscale as an exit node)
    • other laptops, mobile phones, ipad
      Use scenarios with tailscale connected:
      - using public internet
      enter url: xxx.domain.com, success as expected
      enter url: hostname.local domain defined in pfSense General ui: working
      enter url: xxx.home.mydomain.com: not working
      - using home wifi: all scenarios above work

    My question is, when using public internet with tailscale connected, how can I access xxx.home.mydomain.com?
    Please note that when I use wireguard connected to my pfsense, I can access xxx.home.mydomain.com

    B 1 Reply Last reply Feb 7, 2024, 3:00 AM Reply Quote 0
    • B
      bthoven @bthoven
      last edited by bthoven Feb 7, 2024, 3:08 AM Feb 7, 2024, 3:00 AM

      @bthoven I found that using Virtual IP for my home.mydomain.com was the issue. Instead, using LAN interface IP (for my pfSense setup--> 192.168.1.1) has solved the problem.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received