Best way to expose a tailscale subnet on opnsense

I currently have the tailscale plugin installed on opnsense(10.254.1.0/24) and would like clients on that network to be able to route to clients at a remote site that has machine with subnet routing enabled(10.32.1.0/24).

My first thought was to create a route in opnsense but this requires you to select a gateway and the tailnet does not appear on this list.

Should I proceed with adding a new gateway or just connect to my tailnet using the VPN client similar to how Tome did it in this video https://www.youtube.com/watch?v=P-q-8R67OPY&t

Have you tried to configure the equivalent on OPNsense that Christian McDonald did for pfSense?

I have not, that assumes you have connected to the tail net as a VPN client instead of the Tailscale plug-in

I have the Tailscale plug-in installed at two pfSense sites, one behind double NAT. I can access any client from either site without running the client app on any device. I only use the client to remotely access my Tailnet from the pub to stream live games or access my TrueNAS appliances. Seems like OPNsense would work the same if configured correctly. I simply followed Christian McDonald’s tutorial and had it up and running in 30 minutes. Works automagically!

Im getting somewhere now, the interface is a little different on opnsense…all of the options that you get in PF under VPN>Tailscale are command line flags on OP

Hosts at site B can route to site A but not vice versa, any tips?

Site A

Site B

  • 10.31.1.0/24
  • Subnet router is running on a server and exposing 10.32.1.0/24, it has been approved on the tailscale console
  • I can remote into a machine on site B and hit the opnsense webUI