This approach largely works, with the caveat that it then requires you to always be on the tailnet. If someone wants to connect locally AND via tailnet using the same URL, they’ll need to push/advertise routes (or do some other hacky thing)
- 0 Posts
- 5 Comments
Joined 2 years ago
Cake day: August 3rd, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Right now, I’ve only got the spoons to provide rough guidance, not details. In order to use non-tailnet IPs, you’ll need to configure your tailnet host to “advertise routes/push routes”. In more laymen terms, tailnet needs to say, “hey network client, I do know where 192.168.0.69 is! So I can route that request”. By default, each tailnet host only advertises the other tailnet hosts. Anything else fails.
Also, I really appreciate how detailed your question is!
2·3 months agoTo add, here’s an example of my OpenVPN config addition to ensure 192.168.3.* is accessible over VPN
verb 5 push "route 192.168.3.0 255.255.255.0 vpn_gateway"
Awesome! Thanks for the detailed update, and I’m glad it worked well for you!
I agree that straight up using Tailscale would likely be easier. But to answer your question, you’re looking to “push routes” because what you actually want to do is “route” but that’s kinda hard to Google haha. This looks maybe promising: https://forums.freebsd.org/threads/wireguard-how-to-route-another-subnet-through-it.89744/