Pfsense Tailscale Connection Issues

Pfsense is installed with the Tailscale plugin as my home router. When I try to connect to two different computers (which have Tailscale installed) at the same time, I can’t.

Home Network:

  • Desktop (Tailscale not installed)
  • Laptop (Tailscale not installed)
  • Pfsense Router (Tailscale package is installed and connected)

Work Network:

  • Raspberry PI (Tailscale is installed)
  • Debian 12 Server (Tailscale is installed)

I got the pfsense/tailscale configuration to the point of being able to ping and ssh from into the RPi using the ip I set up the the RPi with a subnet route of before I installed Tailscale on the Debian 12 server, but this did not allow me to ping or ssh from into

So, I installed Tailscale on the Debian 12 Server, and also gave it the subnet route of, and then I could access the Debian 12 server at from or but now I couldn’t access the RPi at I could ping and ssh using the Tailscale IP assigned to the RPi. Once I shutdown the Debian 12 server, I could access the RPi again at

How do I set things up so I can access both of the work machines using their Network assigned IP’s in the range from any computer on my home network that is behind the pfsense router?

Okay, fantastic video by @LTS_Tom, but in his video he had two pfsense boxes talking to each other. I can do most of what Tom lays out. Refer to my first post for references of where each box is located.

I can from the work RPi ping and ssh into any box on my home network which are behind pfsense, but non have tailscale installed on them. I seem to be able to go from either my home Desktop or Laptop to either the RPi or the Debian 12 server at work, but I can’t connect to both at the same time using their addresses even though both have tailscale installed and both are on the same subnet route of I thought that if on the RPi, that if I had it acting as a subnet router of the that I should be able to access the Debian 12 server without installing tailscale on the Debian 12 server, but that didn’t work.

I can’t install another pfsense router on the work network so that the two pfsense routers are talking to each other, but would like to access all devices on the subnet route. I’m guessing that I got some setting messed up on the RPi.

[SOLVED] Okay, I finally figured out why the RPi failed to act as a “subnet router” even though I had used the right commands, and enabled the route in the Tailscale admin interface.

It all came back to the /etc/sysctl.conf file.

At some point, when I was trying to get site to site working using straight Wireguard using pi-VPN on this RPi I had uncommented the line net.ipv4.ip_forward = 1.

When I attempted to get Tailscale working as my site to site solution, I followed the documentation and appended the lines:

 net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1

Apparently having net.ipv4.ip_forward = 1 twice in the same file prevented ip forwarding from working. As soon as I commented one of those lines, and rebooted the RPi I can now access all my machines on the network.

I’m not sure why having that line twice in sysctl.conf file messed up the system but it did.