Connecting to different tailscale networks

Network topology

I have following two networks that I want to configure them can access each other.

Network A

Gateway_1
192.168.10.1
subnet "192.168.10.0/24"
tailscale_1
192.168.10.2
client1_1
192.168.10.105
client1_2
192.168.10.120

Network B

Gateway_2
192.168.20.1
subnet "192.168.20.0/24"
tailscale_2
192.168.20.2
client2_1
192.168.20.158

Both gateway and tailscal_* was running openwrt. What I want to do is I want in client2_1 can ping 192.168.10.105. And I was planning to run tailscale on tailscale_*.

Steps to make this work

Install

Openwrt has tailscale package, though it's not up to date, it works fine. Since tailscale requires iptables to work, but since openwrt 22.0x, openwrt uses nftables instead of iptables, we need to also install iptables-nft.
So on each tailscale_* device.

opkg update
opkg install iptables-nft tailscale

configure tailscale

Next, we need to let the other network know what network we want to expose. Since we have seperate network, though the commands are the same, arguments are differnt.

on tailscale_1:

tailscale up --advertise-routes=192.168.10.0/24 --netfilter-mode=off --accept-routes

on tailscale_2:

tailscale up --advertise-routes=192.168.20.0/24 --netfilter-mode=off --accept-routes

arguments:

  • --advertise-routes tells tailscale and other clients know what subnet we want to expose.

  • --netfilter-mode=off was required for openwrt.

  • --accept-routes tells the tailscale instance know we can access networks that other tailscale clients has exposed for us.

After this command, a url will be provided for us to login, which will grant access for the device to tailscale network. We need to also turn on the advertise routes for each clients in the admin console.

firewall

on each tailscale_* device, we can see a new network interface with a 100.*.*.* ip was added, in order to grant access from and to tailscale, we need to configure firewall for that interface.

Open openwrt's luci, in network->interfaces, create a new interface:

  • name: tailscale

  • protocol: unmanaged

  • device: tailscale0

Then in network->firewall, create a new firewall:

  • covered networks: tailscale

  • allow forward destination: lan

  • allow forward source: lan

Click apply and save. Don't forget, this is require on both tailscale_* devices.

After configuration applied, tailscale might go offline, when this happens, issue command:

/etc/ini.d/tailscale restart

then it should go back online.

configure route

then on each Gateway_*, we will create route for each other
Open gateway's luci, in network->routing, create a new route:

Gateway_1:

  • intearface: lan

  • route type: unicase

  • target: 192.168.20.0/24

  • gateway: 192.168.10.2

Gateway_2:

  • interface: lan

  • route type: unicast

  • target: 192.168.10.0/24

  • gateway: 192.168.20.2

Save and apply.

Done

Then we should have a giant network with tailscale as the bridge.

Openwrt Tailscale