I set up Headscale and Tailscale using Docker on a VPS, which I want to use as my public IPv4 and Reverse Proxy to route incoming traffic to my local network and e. g. my home server. I also set up Tailscale using Docker on my home server and connected both to my Headscale server.
I am able to ping on Tailscale container from the other and vice versa and set up –advertise-routes=192.168.178.0/24 on my home server as well as –accept-routes on my VPS, but I can’t ping local IP addresses from my VPS. What am I missing?
Both container are connected to the host network, I have opened UDP ports 41641 and 3478 on my VPS.
You must log in or # to comment.
I ran into a similar problem with tailscale. It looked like I needed to disable source NAT but that didn’t appear to be implemented in the FreeBSD package so it didn’t work for me. If you’re in Linux it might be worth a shot.
--snat-subnet-routes=false“Disables source NAT. In normal operations, a subnet device will see the traffic originating from the subnet router. This simplifies routing, but does not allow traversing multiple networks. By disabling source NAT, the end machine sees the LAN IP address of the originating machine as the source.”
Sometimes these issues happen because of the IP range you’re using. If your local network and your remote network both use the 192.168.x.x range, then there can be conflicts and issues like this. This is a thing that happens generally with VPNs, not sure how Tailscale specifically functions with this issue.
Even if that’s not what’s going on here, you might try setting up your remote node as an exit node, and configuring your local node to route all traffic through it. Theoretically that shouldn’t be necessary, and it will also slow down your traffic if you’re routing EVERYTHING through Tailscale. But it could work in a pinch.
Actually, I’m looking at Tailscale documentation now and I see that they recommend setting up subnet routers instead of exit nodes in most cases. Maybe go that route instead, that makes more sense to me. That way you’re only routing necessary traffic through the remote node, rather than everything.
Thanks, that’s what I’m trying to do. :)
And my VPS doesn’t have any IPs in the same range as my home server.
‘ip route show’ on all machines. Make sure they know how to get to each other.
How do I make sure of this? What am I supposed to see using the command?
You expect to see the subnet of the VPN network mentioned, and the wg0 interface as it’s gateway. Also might want to make sure your wg0 interface even exists and is up with ‘ip addr show’
Are you sure Tailscale in Docker is creating a wg0 interface? Because I got a working connection between my smartphone and my home server and the home server is not showing any interface related to Tailscale?
default via 192.168.178.1 dev ens18 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.178.0/24 dev ens18 proto kernel scope link src 192.168.178.178Are you running it in a container? Then you’ll be seeing the docker0 interface as you see there, and the container will route through that.
Yes I’m running it on Docker and therefore have the docker0 interface.
