I followed the instructions found here: [OpenWrt Wiki] Tailscale And here is my Firewall configuration:
But I am still unable to ping a device on my local network from a device connected to my tailnet.
I've done some searches (regular and AI based) and some say that I need to add configuration to /etc/sysctl.conf but I hesitate to do that since the official documentation does not mention doing anything like that.
Do I need to make any changes on this page to get the traffic forwarded? It looks to me like the answer might be yes, but the official documentation didn't say anything about it. (I don't want to create a mess!)
Any and all help in how to troubleshoot and resolve the issue is appreciated!
On the first screenshot:
Allow forward destination zones: WAN, WAN6(only if you have ISP IPv6)
Allow forward from source zones: LAN
You appear to have ntopng as another zone which I have ignored for the time being.
Tailscale CLI on the device is useful to get more information
tailscale help
tailscale status
Here is the output of tailscale status (redacted)
xxx.xxx.xxx.xxx openwrt xxxxxxxx@ linux -
xxx.xxx.xxx.xxx google-pixel-9-pro xxxxxxxx@ android idle, tx 13664440 rx 1351336
And here is the output of tailscale metrics (looks healthy to me)
# TYPE tailscaled_advertised_routes gauge
# HELP tailscaled_advertised_routes Number of advertised network routes (e.g. by a subnet router)
tailscaled_advertised_routes 1
# TYPE tailscaled_approved_routes gauge
# HELP tailscaled_approved_routes Number of approved network routes (e.g. by a subnet router)
tailscaled_approved_routes 1
# TYPE tailscaled_health_messages gauge
# HELP tailscaled_health_messages Number of health messages broken down by type.
tailscaled_health_messages{type="warning"} 0
# TYPE tailscaled_inbound_bytes_total counter
# HELP tailscaled_inbound_bytes_total Counts the number of bytes received from other peers
tailscaled_inbound_bytes_total{path="derp"} 35148
tailscaled_inbound_bytes_total{path="direct_ipv4"} 1152972
tailscaled_inbound_bytes_total{path="direct_ipv6"} 219752
# TYPE tailscaled_inbound_dropped_packets_total counter
# HELP tailscaled_inbound_dropped_packets_total Counts the number of dropped packets received by the node from other peers
# TYPE tailscaled_inbound_packets_total counter
# HELP tailscaled_inbound_packets_total Counts the number of packets received from other peers
tailscaled_inbound_packets_total{path="derp"} 282
tailscaled_inbound_packets_total{path="direct_ipv4"} 9529
tailscaled_inbound_packets_total{path="direct_ipv6"} 1714
# TYPE tailscaled_outbound_bytes_total counter
# HELP tailscaled_outbound_bytes_total Counts the number of bytes sent to other peers
tailscaled_outbound_bytes_total{path="derp"} 46756
tailscaled_outbound_bytes_total{path="direct_ipv4"} 437952
tailscaled_outbound_bytes_total{path="direct_ipv6"} 13225724
# TYPE tailscaled_outbound_dropped_packets_total counter
# HELP tailscaled_outbound_dropped_packets_total Counts the number of packets dropped while being sent to other peers
tailscaled_outbound_dropped_packets_total{reason="error"} 0
tailscaled_outbound_dropped_packets_total{reason="unknown_protocol"} 4
# TYPE tailscaled_outbound_packets_total counter
# HELP tailscaled_outbound_packets_total Counts the number of packets sent to other peers
tailscaled_outbound_packets_total{path="derp"} 268
tailscaled_outbound_packets_total{path="direct_ipv4"} 2290
tailscaled_outbound_packets_total{path="direct_ipv6"} 11012
There are two devices on your Tailnet, the Router and Google Pixel 9 pro.
What do you want to do?
This is a bit bizarre, but it is now working!
I'm able to access resources on the local network through my tailnet.
Good news, are you going to setup the Router as an Exit Node/Subnet Router?
Currently my use case is only a subnet router.
In the future may expand that to exit node but just don't have the need for that right now.