Hey all!
With the new Tailscale package for pfSense I got al excited and started to work on my Tailscale network. Now I bump in some issues and I was wondering how to fix them or if it is even possible.
The devices I have:
- pfSensebox, let’s call this one “home”
- pfSensebox, “parents”
- pfSensebox, “work”
- My iPhone
- My Windows laptop
What I want:
Pfsensebox home (tag:home)
- Is allowed to access everyting in the Tailnet
- Must use his own DNS
- Advertises his routes
- acts as exit node for laptop and iPhone
→ Runs a Pihole on 192.168.x.x
Pfsensebox parents (tag:parents)
- Is not allowed to access anything
- must use his own DNS
- Advertises his routes
Pfsensebox work (tag:work)
- Is not allowed to access anything
- must use his own DNS
- Advertises his routes
iPhone
- is allowed to access anything
- must use Pihole DNS from home
Laptop
- is allowed to access anything
- must use Pihole DNS from home
What I tried:
Set the DNS in Tailscale to the Pihole address 192.168.x.x
This works for iPhone and laptop, when in the ACL is set:
{“action”: “accept”, “users”: [““], “ports”: [”:"]}, but not when set:
{“action”: “accept”, “src”: [“tag:iphone”], “dst”: ["tag:home:”]},
Also, i have to override the local DNS settings to get this to work on the iPhone, because there are nog manual settings in the Tailscale app. The problem is that when I set it to override, all the devices use that DNS server. I don’t want that to happen.
How do I tackle these problems and is it even possible?
Thanks in advance!