To enable subnet routing through machine 1, the machine 1 must have tailscale installed. Then on machine 1 console, issue following command to advertise a subnet:
tailscale up --advertise-routes=192.168.2.0/24 --login-server=http://headscale.yourdomain.com:8080
After that, you have to authorize it with a headscale command. To do that, first, to check which route id to authorize:
headscale routes list
You'll see a list of tailscale client(s) which is/are advertising. In the screenshot, it is number 3 which you have to authorize, so issue below command
headscle routes enable -r 3
all right, I am not using `tailscale up` like people do, but `set` instead, what is the difference?
Using up forces me to pass the auth and login server all the time and apparently using set works, I ask because I don't want to start stop the client every time just adjust settings.
And thanks, that worked, the issue I linked was wrong when I checked the --help from the command line I imagined it was obsolete.
Thank you, this helped me.
One question, is there a way to block a client from accessing the LAN network?
It makes sense to use ‘set’ command when your node is already up and running. My example above is what I did when I initially setup my pfSense as a tailscale client and also as a subnet router.
Subnet routing for Headscale is two parts
Telling Tailscale Client to Route a particular subnet
Authorizing the Route on Headscale Control Plane
Thanks for confirming that seems to be the case.
More replies
To enable subnet routing through machine 1, the machine 1 must have tailscale installed. Then on machine 1 console, issue following command to advertise a subnet:
tailscale up --advertise-routes=192.168.2.0/24 --login-server=http://headscale.yourdomain.com:8080After that, you have to authorize it with a headscale command. To do that, first, to check which route id to authorize:
headscale routes listYou'll see a list of tailscale client(s) which is/are advertising. In the screenshot, it is number 3 which you have to authorize, so issue below command
headscle routes enable-r 3all right, I am not using `tailscale up` like people do, but `set` instead, what is the difference?
Using up forces me to pass the auth and login server all the time and apparently using set works, I ask because I don't want to start stop the client every time just adjust settings.
And thanks, that worked, the issue I linked was wrong when I checked the --help from the command line I imagined it was obsolete.
Thank you, this helped me.
One question, is there a way to block a client from accessing the LAN network?
More replies More replies
It makes sense to use ‘set’ command when your node is already up and running. My example above is what I did when I initially setup my pfSense as a tailscale client and also as a subnet router.