I dont have much experience with tailscale but enough to be dangerous. I was tasked by a security company on getting this to work (see image). long story short we have 2 sites not connected. I can place two NUCs with Tailscale installed at each location. I would like to be able get the server at site 1 to see the node at site 2. I dont belive an exit node would work, but a route maybe? if so does it need to be something on both NUCs setup or just one? If it wont do what i want it to, any other recommendations?
- Do both sites have static public IP’s?
- Do you have access to the firewalls?
- Do both firewalls support IPsec?
If you could load on each NUC then Tailscale would create an extra adapter as an overlay network.
another long story but to keep it short the current IT department wont setup a site-2-site vpn mainly because they dont know how and wont let me do it either. I do contract work for a security company and thats how i got into this mess lol
Little confused by this. i have tailscale on each nuc. Nuc at site 1 can talk to Subnet on site 2 and vice versa. however, i need the subnet (or IP) on site 1 to talk to the subnet (or IP) on site 2. Something similar to port forwarding would work. IE- when an IP on site A communicates with the NUC on site A, it know to push to an IP on the subnet at site B. My apologies if i’m speaking jibberish
WAIT i think this may work. going to try it tomorrow Site-to-site networking · Tailscale
You need to add some routes to the mix.
Besides your NUC’s, nothing else on the two networks know about each other. Both network’s default gateways are also handled by the existing Site 1 & Site 2 routers, who also know nothing (I’m assuming) about the Tailscale networks & routes.
Lot’s of ways to go about it, but quickest to initially test might be to just add static routes on the following hosts:
- PDK Server
add a route to 192.168.8.0/24 via 192.168.1.199 - PDK Node
add a route to 192.168.1.0/24 via 192.168.8.199
Once those are working, decide how and where to manage your routing per subnet. Managing static routes per host will quickly become untenable.