Routing Tailscale Exit Node traffic via non-default gateway in PfSense

Is there a way to get TailScale exit node traffic destined for the WAN to use a gateway other than the default?

Use case is that I’d like to have the convenience of being able to connect to my home network with the security of my NordVPN while travelling. I have a Nord Gateway set up within PfSense that I route select clients through using an Alias list, but can’t figure out how to route Tailscale Exit Node traffic via this gateway. TIA :slight_smile:

Under the interface rules if you open up the advanced tab you can specify the gateway.

Tried that, and that’s exactly how I used to do it with Wireguard, it doesn’t appear to work the same way with Tailscale though.

Anybody? Surely there must be a way?

I’ve watched that video before, and can’t see anything in it relating to my issue :man_shrugging:

Bumping this up. I too am trying to set this up with TailScale. I’ve seen references to setting up this via VLANs. Tailscale doesn’t have interface.

I also tried the same and failed to implement it.

If modifying the routing table doesn’t work, have you guys tried pf pre/post routing rules?

I do something similar for special users on a restricted vlan, where I want those users to use the DNS config from another less restricted vlan. This saves me from creating a whole new vlan just for those one or two users. Removing the DNS specific filters (just tie it to the interface) would make the rule simpler.

I would post my config but I do this in nftables. But the principle should be the same and work similar in pf. I imagine the trick I did above is relatively common for a few guys in this forum, they should be able to show configs.