Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale and Multi-WAN

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      andreas_e
      last edited by

      Hi!

      Is there a way to route Tailscale traffic over a secondary WAN connection? Has anyone done this and can point me into the right direction?

      I have tried setting a different gateway group in firewall rules and also playing with static routes, but haven't solved this yet.

      If there is an easy way to set a different gateway, it would be great. Because of my limited upload speed, I got a second WAN connection for offsite backups. Site-to-Site VPN with Tailscale is easy to set up and the router on the remote site only supports outdated/slow IPsec algorithms, so Tailscale would be preferred, but the traffic would need to go over the second WAN connection.

      E 1 Reply Last reply Reply Quote 0
      • E
        egates @andreas_e
        last edited by

        @andreas_e Did you ever find a way to do this? I am looking for the same solution.

        A 1 Reply Last reply Reply Quote 0
        • A
          andreas_e @egates
          last edited by

          @egates Kinda.

          After hours of watching Christian McDonald's videos about WireGuard + Tailscale, I just gave up because it is not easily doable to bind WireGuard to a specific interface. I switched back to IPSec (and OpenVPN in one scenario) which gives me more control over which interface to use.

          G 1 Reply Last reply Reply Quote 0
          • G
            Gblenn @andreas_e
            last edited by

            @andreas_e Have you tried to create a policy rule for the Tailscale subnet router?

            Simply create a LAN rule using the LAN IP (not the Tailscale IP) of the server running Tailscale.

            7dc3bc23-bce8-4378-ad24-6dacf5c4fad6-image.png

            Then expand the Advanced section and select your second WAN under Gateway.

            That's it, now all traffic to that entire node, including the Tailscale tunnel, will go via the second WAN.

            G 1 Reply Last reply Reply Quote 0
            • G
              Gblenn @Gblenn
              last edited by

              @andreas_e I just realized you are probably running Tailscale on pfsense, which is a different situation altogether...

              So what I suggested was based on having Tailscale installed on a separate machine, like a VM or a Raspberry Pi, and set up as a "Subnet Router". Then it is the IP of that machine which you set as the host (Alias) in the FW rule as shown in the picture above.

              All you need to do is to define and approve your subnet route for the pfsense LAN.

              I have tested towards our summer house where we have a second WAN (LTE) as failover, and can verify that it does indeed work...

              1 Reply Last reply Reply Quote 0
              • E
                egates
                last edited by

                I ended up setting up a tailscale LXC on proxmox to achieve this. Thanks for the suggestion @Gblenn!

                G 1 Reply Last reply Reply Quote 0
                • G
                  Gblenn @egates
                  last edited by

                  @egates Cool, glad that you got it working!

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.