Hi - got an MT3000 which i wanted to use at the cottage to connect a bunch of IoT (non Tailscale devices) back to home network which is running Tailscale on a Windows Server box. I'm not super strong on networking but can follow instructions. Currently i'm running a basic test at home before i deploy to cottage and connect get the Subnet routing to work.
Where i am stuck right now is non tailscale devices cannot ping each other so suspect routing/firewall issue.
Test environment situation:
Tailscale is running behind Home ISP modem on the MT3000 with MT3000 configured in router mode using WAN port connected to home network. Pretty much an out of box config with latest FW update download and tailscale update script executed
TEST SETUP:
Home LAN - 192.168.2.x connected to ISP modem
MT3000 Connected to HOME LAN as router grabbing 192.168.2.149 IP, LOCAL LAN on MT3000 of - 192.168.8.x
Test windows laptop behind MT3000: 192.168.8.183 - works perfect with Tailscale turned on - can be pinged by other tailscale clients outside the Local Lan
Disable Tailscale on 192.168.8.183 (effectively turning it into a non TS node/dumb node) and use a dumb node on 192.168.2.x network and they cannot ping each other. On the dumb node on 192.168.2.x i added a temp route to route 192.168.8.x to the WAN interface of MT3000 (192.168.2.149)
When i Tracert the attempt to reach 192.168.8.183 from the 192.168.2.x network, i see it route the MT3000 and die there.
I should add that all the Tailscale config flags in MT3000 config screen are all turned on and Tailscale portal has the subnet routing approved.
What am i missing to enable the seamless connection of two subnets? Thank you in advance!
Test environment of the laptop and MT3000 is supposed to put in different Internet network, like laptop connect to cellular data over your phone hotspot, the MT3000 keep connecting the Home router, to simulate different places/location to access.
Hi - great suggestion! I didn’t think of using phone to simulate the cottage network.
I guess in this test lab setup the 192.168.8.x is the local. I simply want to tie this two subnets together and have non Tailscale devices see each other on both sides
I suspect I have a routing/fw issue? I haven't touched any of the firewall/routing/NAT configs on the MT3000. Is there any extra routing configs needed to tell the non Tailscale devices where to go for the subnet on other side? my initial thought was that since tailscale is running locally on MT3000 it would be smart enough to take care of this routing.
I read the post - I made the advanced firewall change in luci.
Interesting, the PC that isn't running tailscale on 192.168.8.x CAN now ping a Tailscale device on 192.168.2.x but only with it's "100.x tailscale IP" not with it's private 192.168.2.x address. So packets are partially flowing I guess, just don't know for the life of me why it can't ping 192.168.2.x and get a response. I must be missing something else.
BTW Tailscale client updated to latest version using GitHubscript
So interesting twist to this! The 192.168.2.x network/subnet is currently exposed via a Windows Server 2019 tailscale node.
For giggles, i had an old Edgerouter ER-X kicking around and loaded the Tailscale package with subnet routing turned on. I can ping both ways between non TS nodes now!!
This router was assigned to a 192.168.0.x LAN. I guess with Tailscale installed on the ER-X which is also the default gateway the routing is already handled. With Tailscale sitting on a Windows 2019 node that isn't the default gateway on 192.168.2.x, perhaps the routing is breaking?
Would love to figure this out and complete the picture! My ISP does not support custom routes so i can't redirect all the TS subnets back to the Tailscale node. However i can customize the routing table on a few of the nodes that i need access to.
Well now i'm doubly confused. The test of pinging from behind MT3000 on the 192.168.8.X network to 192.168.0.X network worked only in one direction. When i went on the 192.168.0.X network and tried to ping that same host behind MT3000 it dies. Both of these hosts are not running Tailscale locally. Help?
I was really hoping to drop a mt3000 at home and one at cottage and have Tailscale make all this automagically work. It seems to be the case if every device is running Tailscale but when non Tailscale nodes get introduced it quickly becomes complex. I think it is the routing/firewall side where things are falling down for me - non TS nodes don’t know how to traverse back and forth using the local subnet addresses.
closing this thread off, i actually abandoned tailscale and went with OpenVPN client back to house. That seems to be working fine now. Thanks everyone.
