Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Subnet routing, Tailscale, and Pfsense

    Scheduled Pinned Locked Moved
    Tailscale
    2
    3
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jeff3820
      last edited by jeff3820

      My network firewall is Pfsense. My goal is to allow NAS access located at 192.168.150.200 from a cell phone when I’m not at home. I setup the tailscale package on Pfsense and configured Pfsense as an exit node. Went smoothly. I can browse the internet remotely and the internet on my phone is showing my home IP address so the exit node is working. I also setup Pfsense/tailscale, to subnet route to 192.168.150.0/24. I approved the route in Tailscale under machines and the route appears to be active.

      However, I cannot ping or reach any device on the 192.168.150.x network. If I change the advertised subnet route on Pfsense, I first delete the 192.168.150.0/24, to 192.168.150.200/32, approve in Tailscale, then I can remotely reach the NAS! In fact any IP address on the home network can be advertised and reached if I put in the specific IP address with a /32 subnet. So why won’t this work when I use 192.168.150.0/24?? From reading on the web, folks feel this is related to Pfsense. I tried using NAT-PMP on Pfsense but that didn’t work. This is really frustrating.

      Also, while the specific IP addresses can be reached and made functional by using /32 remotely, ping does not work. Ideas why pings fail? I can reach the NAS and connect but pings fail. Is this by design with tailscale?

      Another interesting point of data...A tailscale app for Apple TV has been released with the capability to act as an exit node and to do subnet routing. I disabled tailscale in Pfsense. I setup the apple TV and configured it as an exit node and configured it to do subnet routing....same as before. Same result! Subnet routing fails with 192.168.150.0/24 but I can pass traffic on the home LAN with IP address/32. Pings fail as before to the /32 clients. However, I can ping if I use the 100.x.x.x tailscale addresses.

      Any ideas??

      H 1 Reply Last reply Reply Quote 0
      • H
        harshness @jeff3820
        last edited by

        @jeff3820 Do you have "accept subnet routes" enabled on your phone?

        J 1 Reply Last reply Reply Quote 0
        • J
          jeff3820 @harshness
          last edited by

          @harshness FYI, a tailscale update fixed this for both Pfsense and the Apple TV. All has been working fine for quite some time now.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post