Tailscale network

Routes

Advertise routes on node:

tailscale set --advertise-routes=192.168.223.20/32,192.168.223.21/32,192.168.223.28/32

This route advertisement needs to get approved in the Headscale UI!

All other nodes need to accept routes advertised by other routes:

sudo tailscale set --accept-routes

Subnet router

In cases where you can't install Tailscale on every device on your physical network, you can set up a subnet router to access these devices from your tailnet. Subnet routers respect features like access control policies.

• Docs: Subnet routers
  • Quick guide: Configure a subnet router Setup:

echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
sudo sysctl -p /etc/sysctl.d/99-tailscale.conf

## nftables

- [Suppor nftables is still WIP](https://github.com/tailscale/tailscale/issues/391)
  - [nftables support just got merged](https://github.com/tailscale/tailscale/commit/80b912ace038ca5420059d62cbb7952949c7e3dd)

> This commit adds nftable rule injection for tailscaled.
> If tailscaled is started with envknob
> `TS_DEBUG_USE_NETLINK_NFTABLES = true`,
> the router will use nftables to manage firewall rules.