Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale no longer allowing Outbound NAT

    Scheduled Pinned Locked Moved
    NAT
    2
    5
    146
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      Zali
      last edited by

      Hello, I have a netgate 4100 that was recently upgraded from 23.05.1 to 24.11
      Prior to the upgrade, Tailscale was configured for a site-to-site VPN, however after the upgrade the VPN no longer allows the Outbound NAT that was previously set to the other locations. There was also the option to choose the Network interface in the NAT translation, but it now seems to be removed. I've attempted the following but have not been successful.
      https://redmine.pfsense.org/issues/14987

      The devices on the other end of the VPN are netgate 2100s that are on 23.05.1with the exception of one which was updated to 23.09.1, however the NAT and traffic passing over the Tailscale VPN seems to be working on that one. I did notice that the interface was replaced by a Tailscale IP alias, but it doesn't map to a virtual IP.

      Any assistance would be appreciated.

      E 1 Reply Last reply Reply Quote 0
      • E
        elvisimprsntr @Zali
        last edited by elvisimprsntr

        @Zali

        I added my Tailscale config to a 2.6.X release a long time go before the problem surfaced. I had followed @cmcdonald video with the outbound rules near the end of the video.

        https://www.netgate.com/blog/tailscale-on-pfsense-software

        It still works, but if I try to edit the outbound rule under 2.7.2, it will not save.

        In theory, you could hand edit the XML file to create the hybrid outbound rule.

        		<outbound>
			<mode>hybrid</mode>
			<rule>
				<source>
					<network>192.168.69.0/24</network>
				</source>
				<sourceport></sourceport>
				<descr></descr>
				<target>Tailscaleip</target>
				<interface>Tailscale</interface>
				<poolopts></poolopts>
				<source_hash_key></source_hash_key>
				<destination>
					<any></any>
				</destination>
				<created>
					<time>1687359440</time>
					<username><![CDATA[admin@192.168.69.31 (Local Database)]]></username>
				</created>
				<updated>
					<time>1687359465</time>
					<username><![CDATA[admin@192.168.69.31 (Local Database)]]></username>
				</updated>
				<target_subnet></target_subnet>
			</rule>
		</outbound>
        Z 2 Replies Last reply Reply Quote 0
        • Z
          Zali @elvisimprsntr
          last edited by

          @elvisimprsntr Is it that your Tailscale package version is 2.7.2?

          1 Reply Last reply Reply Quote 0
          • Z
            Zali @elvisimprsntr
            last edited by

            @elvisimprsntr so I edited the xml with the same format you have but no dice. Any other suggestions?

            1 Reply Last reply Reply Quote 0
            • Z
              Zali
              last edited by

              I resolved the issue but factory resetting the Netgate device and restoring the config.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.