I have setup Tailscale on my network and also set up my own cloud vpn service.
Unfortunately my tv that I want to route through this service does not have Tailscale options.
Is there a way to route this traffic through my Pfsence router or other local Tailscale machine?
I have searched for a solution on yt videos but have not found one with my basic knowledge of routing. Guidance would be greatly appreciated.
You want to do a one half of Tailscale’s site to site networking documentation and set a route for 100.64.0.0/10 on your router to go through the device that’s got tailscale installed.
Is there a way to route this traffic through my Pfsence router or other local Tailscale machine?
When you say you want to “route this traffic” are you asking how to force all the tv traffic on a different network through tailscale to your “own cloud vpn service”?
That’s actually somewhat vague. What specifically do you want to do?
So is what you’re asking…:
You want to let device A use device C as an exit node? I’d like to do something similar, and my device B is not my router, it’s just a linux VM on my LAN. Basically I’d like something where I can just set device A’s default route to device B’s local LAN IP (192.168.x.x) and then it’d automagically be routing all it’s traffic over tailscale and onto the internet via device C.
Yes, but you would actually be better of just changing the gateway on the device (e.g. TV)
My apologies for not being clear enough.
What I want is for my non-tailscale lan device to be able to connect my own cloud tailscale installed vpn server
Replying to myself…
Assuming what I described is what you want, I was able to do it with a VM on my home lan acting as a tailscale router, and a VM living on a VPS in the cloud. If you look below where I’m tinkering on a wholly separate Linux VM running vanilla debian, you’ll see my curl command with my default route set to my router (192.168.2.1) gives me my local IP in North Carolina. If I set it the default route to the VM on my home lan acting as a tailscale router (192.168.2.171) the same curl command shows me an IP in California. The “magic” was an iptables masquerade rule on that home VM tailscale router. I’ll have to tinker with it some, and I’m not entirely sure what other tweaks it needs, but as a basic POC it’s working. I redacted the 3rd and 4th octet of the public IPs
# ip r
default via 192.168.2.1 dev enp1s0
192.168.2.0/24 dev enp1s0 proto kernel scope link src 192.168.2.170
# curl canhazip.com
71.75.xxx.xxx
# ip route replace default via 192.168.2.171 dev enp1s0
# ip r
default via 192.168.2.171 dev enp1s0
192.168.2.0/24 dev enp1s0 proto kernel scope link src 192.168.2.170
# curl canhazip.com
104.237.xxx.xxx
OK, Could you enlighten me a little more? which Gateway is required? Where do I find it?
I also thought that you could simply use the device as a gateway.
Thanks, I’m gonna give this a go and see if I can get the same results
Set your gateway on the TV in IP settings to the IP address of a local Linux device with tailscale installed
Let me know what you find. I suspect I could move that MASQUERADE iptables rule around…maybe…it was just a quick ‘lemme try this’ but I wanna thoroughly understand what I did, and also see if there’s a better way. I’m also pondering doing the same setup with wireguard and not using tailscale. That WG setup I’m pondering is mostly so I can build it all from scratch to really understand what I’ve done.
Pity, it didn’t work for me.
On the TV I changed the ip gateway to be the same as the local ip address of the device with Tailscale. On that same local machine I also selected the vpn server as exit node.
This local machine did have a connection with the vpn server as required but my TV didn’t get any connection at all. The TV could NOT get any external connection.
What OS was the local machine running?