Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tailscale Routes not working on pfsense

    Scheduled Pinned Locked Moved Tailscale
    2 Posts 2 Posters 443 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TravisH
      last edited by

      Hi All,

      I am sure I am doing something really silly, but I am having very little luck getting Tailscale properly working on pfsense. I have installed it, authenticated and so on, and I can see in the status it is all Online and has IP addresses, as well as the other clients.

      From pfsense, I can see that routes exist for the various subnets, not just the subnet router ones (when I had them), but more importantly the tailscale IP address routes:

      100.89.148.4 link#14 UHS 13 1280 tailscale0
      100.89.148.6 link#6 UH 15 16384 lo0
      100.89.148.7 link#14 UHS 13 1280 tailscale0
      100.89.148.8 link#14 UHS 13 1280 tailscale0
      100.89.148.9 link#14 UHS 13 1280 tailscale0
      100.89.148.10 link#14 UHS 13 1280 tailscale0
      100.89.148.12 link#14 UHS 13 1280 tailscale0
      100.89.148.13 link#14 UHS 13 1280 tailscale0
      100.89.148.14 link#14 UHS 13 1280 tailscale0
      100.89.148.15 link#14 UHS 13 1280 tailscale0
      100.89.148.16 link#14 UHS 13 1280 tailscale0
      100.89.148.17 link#14 UHS 13 1280 tailscale0
      100.89.148.18 link#14 UHS 13 1280 tailscale0
      100.89.148.19 link#14 UHS 13 1280 tailscale0
      100.89.148.20 link#14 UHS 13 1280 tailscale0
      100.89.148.21 link#14 UHS 13 1280 tailscale0
      100.89.148.22 link#14 UHS 13 1280 tailscale0
      100.89.148.23 link#14 UHS 13 1280 tailscale0
      100.89.148.24 link#14 UHS 13 1280 tailscale0
      100.100.100.100 link#14 UHS 13 1280 tailscale0

      From the pfsense web UI, I can ping the respective hosts on the Tailnet (e.g. 100.89.148.23) but from within the network I can't actually ping any of these hosts. The pfsense Tailscale plugin has accept routes set as true, so I would have thought that I would do this but no luck.

      I made a silly mistake earlier of assigning tailscale to an interface, and putting a static route in which got it working however, next time I rebooted it gave me interface mismatch errors so that is not the right approach.

      I tried NAT as well, where I NAT the destination address as any in 100.89.148.0/24, and send that through NAT address 100.89.148.6/32 (my tailscale pfsense machine) on the WAN or LAN but that did not work either.

      is there a different approach I should be taking to get this to work, so that I can communicate with the 100.89.148.x addresses from within my pfsense network?

      Many thanks!

      1 Reply Last reply Reply Quote 0
      • M
        maxpol
        last edited by

        Unfortunaetly I don't have much to add in a solution, but I seem to be in the same boat as you are. This only seems to happen on pfSense+ from what I can tell though. Have 3 boxes on CE and those work great with the NAT rule, but I can't seem to have anything behind the plus box route through the tailnet. Hopefully someone has some info no this.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.