Any Tailscale gurus here on [H]?

V

Vermillion

Supreme [H]ardness
Joined
Apr 5, 2007
Messages
4,417
So i need some help. Currently I have a working Wireguard VPN into my OPNsense router which works perfectly and I can access my entire network properly when away from the house.

I want Tailscale because I want my wife to be able to leave the house without having to enable the VPN (stupid iOS with no way to auto-connect).

OPNSense runs on a 4 port Protectli.

My OPNsense sits on x.x.1.x I have a Vaultwarden system on x.x.2.x. My main network is x.x.3.x. DHCP and DNS is controlled by my Pi-hole.

I have tailscale installed on the following devices: OPNsense, Pi-hole, Plex, Nextcloud, Vaultwarden, and my Android phone.

OPNsense is an exit node with no advertised routes. Only my phone uses the exit node.

Here's what I'm up against though. When I'm away from the house my phone gets filtered by Pi-hole correctly and my IP address is the house address. However, I can't access Vaultwarden and I can't access Plex.

When I'm home with LAN access enabled on my phone and using the exit node I can access Plex but not Vaultwarden and my phone doesn't get filtered by the Pi-hole.

If I don't use OPNsense as my exit node on my phone I can access Plex and Vaultwarden.

Everything can ping each other so I'm at a loss.

What am I doing wrong here? Any help would be greatly appreciated.

EDIT: I have it corrected so that now the only thing I can't do is access Plex when away from the house. I needed to added an extra subnet route to fix the other stuff.
 
Last edited:
Vermillion said:
So i need some help. Currently I have a working Wireguard VPN into my OPNsense router which works perfectly and I can access my entire network properly when away from the house.

I want Tailscale because I want my wife to be able to leave the house without having to enable the VPN (stupid iOS with no way to auto-connect).

OPNSense runs on a 4 port Protectli.

My OPNsense sits on x.x.1.x I have a Vaultwarden system on x.x.2.x. My main network is x.x.3.x. DHCP and DNS is controlled by my Pi-hole.

I have tailscale installed on the following devices: OPNsense, Pi-hole, Plex, Nextcloud, Vaultwarden, and my Android phone.

OPNsense is an exit node with no advertised routes. Only my phone uses the exit node.

Here's what I'm up against though. When I'm away from the house my phone gets filtered by Pi-hole correctly and my IP address is the house address. However, I can't access Vaultwarden and I can't access Plex.

When I'm home with LAN access enabled on my phone and using the exit node I can access Plex but not Vaultwarden and my phone doesn't get filtered by the Pi-hole.

If I don't use OPNsense as my exit node on my phone I can access Plex and Vaultwarden.

Everything can ping each other so I'm at a loss.

What am I doing wrong here? Any help would be greatly appreciated.

EDIT: I have it corrected so that now the only thing I can't do is access Plex when away from the house. I needed to added an extra subnet route to fix the other stuff.
Click to expand...

So I got it figured out. The Plex wasn't showing up in my Tailscale services list like Pi-hole or Vaultwarden was. So I correctly assumed there was a firewall issue. I was right. Just gotta figure out exactly what is being blocked because the Plex port was already allowed so this is something different.
 
Does Plex need broadcast discovery or is it accessed by entering a direct IP?
 
Meeho said:
Does Plex need broadcast discovery or is it accessed by entering a direct IP?
Click to expand...
Direct IP over a specific port. On my old pure Wireguard setup it worked perfectly. But on Wireguard it was directly hitting the Plex server IP. So http://plex.ip:port You can set additional IPs in the Plex config. So I set it to the Tailscale IP and the corresponding port but while it worked over a browser it didn't work in the app. So the app is doing something else that was blocked in the firewall. Not 100% sure yet. Will dig in later.
 
Vermillion said:
Direct IP over a specific port. On my old pure Wireguard setup it worked perfectly. But on Wireguard it was directly hitting the Plex server IP. So http://plex.ip:port You can set additional IPs in the Plex config. So I set it to the Tailscale IP and the corresponding port but while it worked over a browser it didn't work in the app. So the app is doing something else that was blocked in the firewall. Not 100% sure yet. Will dig in later.
Click to expand...
OPNsense has a great live view for the firewall that should give a clue where the problem is.
 
You must log in or register to reply here.
Back
Top