"Need Help Configuring Tailscale for LAN Access between Different Subnets in OpenWRT Setup"

Hi everyone,

In an OpenWRT setup three different networks with the three different address spaces are defined:

  • (A)
  • (B)
  • (C)

A PC ic connected to network A and it has the IP and a TV is connected to network C and it has the IP
Tailscale is installed on the PC and an "exit-node" with the option "exit-node-allow-lan-access" has been activated.
This should basically be like a wireguard VPN where the local LAN access is allowed.
However, in this setup the the TV can not connect to the PC as only devices in network A are allowed to connect to the PC (LAN access).
Is it possible to define some redirect that an IP address in C like is given to the TV and then the packets are sent from another IP address like to the PC? Something like this: (TV) --> --(redirection)--> --> (PC)

Does anyone know how this can be done? I am not sure how to do this, although I feel like it should not be difficult.

Thanks in advance for any help and tips!

if the A B C networks are managed by a single router the solution was already given to you, there is no need for "tailscale" unless the networks are distributed across various locations.

just create a rule that allows the PC to access (if the initial communication is created by the PC)
or vice versa (if the initial communication is created by TV)
you can try defining this rule(s) without specifying the source/destination port and verify the connection.

if instead you are talking about 3 different routers that independently manage the 3 different networks ignore this answer.

Thanks @ncompact for the quick reply. Yes, I am talking about one router and not multiple routers. I know that this functionality is built in, but I need the device to be connected to a VPN (in this case a tailscale exit-node with access to the local network). Is this achieved in stock OpenWRT using static routes? Or using something else?

It is not obvious how Tailscale (or, rather, WireGuard - Tailscale is merely a fancy front-end to WireGuard) plays a part here. You have a router which supplies three subnets. It is trivial to configure firewall rules to permit traffic between those three subnets, as confirmed in your original post from May 2023 (linked by @ncompact above).

If you also have a VPN (e.g. Tailscale) running on the same router, that shouldn't affect traffic between the three directly-connected subnets, unless you've got some sort of very odd routing metric which gives your VPN a higher priority (lower metric) than the directly connected routes.