Pfsense is installed with the Tailscale plugin as my home router. When I try to connect to two different computers (which have Tailscale installed) at the same time, I can’t.
Home Network:
Desktop (Tailscale not installed) 192.168.1.10
Laptop (Tailscale not installed) 192.168.1.100
Pfsense Router (Tailscale package is installed and connected) 192.168.1.1
Work Network:
Raspberry PI (Tailscale is installed) 10.10.10.253
Debian 12 Server (Tailscale is installed) 10.10.10.252
I got the pfsense/tailscale configuration to the point of being able to ping and ssh from 192.168.1.10 into the RPi using the ip 10.10.10.253. I set up the the RPi with a subnet route of 10.10.10.0/24 before I installed Tailscale on the Debian 12 server, but this did not allow me to ping or ssh from 192.168.1.10 into 10.10.10.252.
So, I installed Tailscale on the Debian 12 Server, and also gave it the subnet route of 10.10.10.0/24, and then I could access the Debian 12 server at 10.10.10.252 from 192.168.1.10 or 192.168.1.100 but now I couldn’t access the RPi at 10.10.10.253. I could ping and ssh using the Tailscale IP assigned to the RPi. Once I shutdown the Debian 12 server, I could access the RPi again at 10.10.10.253.
How do I set things up so I can access both of the work machines using their Network assigned IP’s in the 10.10.10.0/24 range from any computer on my home network that is behind the pfsense router?
Okay, fantastic video by @LTS_Tom, but in his video he had two pfsense boxes talking to each other. I can do most of what Tom lays out. Refer to my first post for references of where each box is located.
I can from the work RPi ping and ssh into any box on my home network which are behind pfsense, but non have tailscale installed on them. I seem to be able to go from either my home Desktop or Laptop to either the RPi or the Debian 12 server at work, but I can’t connect to both at the same time using their 10.10.10.0/24 addresses even though both have tailscale installed and both are on the same subnet route of 10.10.10.0/24. I thought that if on the RPi, that if I had it acting as a subnet router of the 10.10.10.0/24 that I should be able to access the Debian 12 server without installing tailscale on the Debian 12 server, but that didn’t work.
I can’t install another pfsense router on the work network so that the two pfsense routers are talking to each other, but would like to access all devices on the 10.10.10.0/24 subnet route. I’m guessing that I got some setting messed up on the RPi.
[SOLVED] Okay, I finally figured out why the RPi failed to act as a “subnet router” even though I had used the right commands, and enabled the route in the Tailscale admin interface.
It all came back to the /etc/sysctl.conf file.
At some point, when I was trying to get site to site working using straight Wireguard using pi-VPN on this RPi I had uncommented the line net.ipv4.ip_forward = 1.
When I attempted to get Tailscale working as my site to site solution, I followed the documentation and appended the lines:
Apparently having net.ipv4.ip_forward = 1 twice in the same file prevented ip forwarding from working. As soon as I commented one of those lines, and rebooted the RPi I can now access all my machines on the 10.10.10.0/24 network.
I’m not sure why having that line twice in sysctl.conf file messed up the system but it did.
