TAILMON Routing question

[raptorjr08]

I'm totally new to this so I apologize if this is the wrong place to ask this question.

I have a a Unraid server with Emby on it, and I have Emby service exposed on the tailnet. Works fine for every device where I can/want to install tailscale and access it.
But when I travel to my mother I would like to do something else on her network. So I installed TAILMON on her AX68U router, and added it to my tailnet. I also added the subnet to the node. So now I should have access and be able to help her with any network/PC related stuff.

However, I would also make it possible for her to connect her TV to my Emby server. So my question is, can I make that possible without having to install tailscale on the TV? Can I add a route in the AX86U so it knows how to connect to the Emby node? Or some other similar thing?

 

[Viktor Jaep]

Since your Mom's router is acting like as a default gateway running Tailscale on it, it should know how to get back to your Unraid server? Have you tried connecting to it from your TV? If so, what were the results? @jksmurf may have some more advice for you as he has quite the Tailnet and may have gone through this himself?

Question... are the subnets different on your end vs. her end? Like, they're not both 192.168.50.x, right?

 

[jksmurf]

Since your router is acting like as a default gateway running Tailscale on it, it should know how to get back to your Unraid server? Have you tried connecting to it from your TV? If so, what were the results? @jksmurf may have some more advice for you as he has quite the Tailnet and may have gone through this himself?

@raptorjr08 I'd love to help but when I looked at the message yesterday I couldn't get my head around it, sorry about that. As Viktor said, I'm guessing you need to have the TV point to your mother's Tailscale capable router which then takes what it needs from the remote Emby server but I am really not sure, @ColinTaylor might be ablt to say in 2 seconds flat. I'm a wee bit snowed under with Router issues at the moment.

 

[raptorjr08]

Since your Mom's router is acting like as a default gateway running Tailscale on it, it should know how to get back to your Unraid server? Have you tried connecting to it from your TV? If so, what were the results? @jksmurf may have some more advice for you as he has quite the Tailnet and may have gone through this himself?

Question... are the subnets different on your end vs. her end? Like, they're not both 192.168.50.x, right?

Thank you for the reply. No the networks are different. 192.168.50.x at my mother, and 192.168.1.x at my home place, were the server are located.

Emby app on the TV can't connect, and I have tried to ping from a laptop on the 50.x network and don't get reply from either Emby or Unraid, using the tailscale IP address.

But I wonder do I need to do some more configuration in TAILMON to get this to work? Default gateway on TV and laptop is 192.168.50.1, router IP with TAILMON, but does that automatically mean that all traffic is through tailscale? Or do I need to add the tailnet IP as subnet?

 

[Viktor Jaep]

Are you able to ping the Embry locally? Just not sure if it's meant to respond to pings by default.

Also, try pinging the 100.x tailscale IP instead of the local IP. That might work instead?

 

[raptorjr08]

Are you able to ping the Embry locally? Just not sure if it's meant to respond to pings by default.

Also, try pinging the 100.x tailscale IP instead of the local IP. That might work instead?

That is true, I don't know either if Emby will respond to ping, but I did try to ping the Unraid server, and it don't work on the 100.x address.
I made a bad picture in Paint to show how it is connected, pictures always help.

And my thought was, although it could be wrong, that if Tailscale(TAILMON) is installed on a router, all devices on that network should be able to access a Tailnet node. Like my Unraid server, or Emby.

 

[rung]

If you have tailscale on both routers, there is a site to site configuration setting. That should allow what you are trying to do.

 

[raptorjr08]

If you have tailscale on both routers, there is a site to site configuration setting. That should allow what you are trying to do.

Yes, I can do that eventually. But then it is not possible for devices(without tailscale) connected to a Tailscale enabled router to access devices on the Tailscale network? It would just be interesting to know if that would have been possible?

 

[rung]

Yes, I can do that eventually. But then it is not possible for devices(without tailscale) connected to a Tailscale enabled router to access devices on the Tailscale network? It would just be interesting to know if that would have been possible?

Sorry, I don't know. I know that a server behind a tailmon-enabled router can be accessed by any tailscale client (what I use it for), but don't know if it works the other way around.

 

[Viktor Jaep]

Sorry, I don't know. I know that a server behind a tailmon-enabled router can be accessed by any tailscale client (what I use it for), but don't know if it works the other way around.

I agree with @rung ... You would have to assume that all devices (not running tailscale) should be able to access other devices (not running tailscale) on both networks when both routers are running tailscale with site-to-site networking enabled. Make sure this setting is enabled on both sides? See what happens?

 

[raptorjr08]

Thank you for all the help so far.

I'm now back home, and have installed TAILMON on my home router. So now both routers have TAILMON, both accept routes and both advertise their own subnets. And everything approved in Tailscale dashboard, 192.168.50.x and 192.168.1.x. And the Access controls section in Tailscale have the starndard allow all traffic, as I understand it. So that shouldn't be a restriction.
"grants": [
// Allow all connections.
// Comment this section out if you want to define specific restrictions.
{"src": ["*"], "dst": ["*"], "ip": ["*"]},

// Allow users in "group:example" to access "tag:example", but only from
// devices that are running macOS and have enabled Tailscale client auto-updating.
// {"src": ["group:example"], "dst": ["tag:example"], "ip": ["*"], "srcPosture":["posture:autoUpdateMac"]},
]

Trying to connect to my mothers router at 192.168.50.1 does nothing, from a non Tailscale device. I tried to ping from home router to mother router, no reply, but don't know if the router answers to ping command. (Tried to ping home router from desktop computer, and it answers to ping. So mother router should probably answer also if the traffic gets through.)

From home router I also try to ssh to mother router, both with local IP and Tailnet IP, no connection. And that should be communication between two Tailscale devices. So it should work on the Tailnet IP.

I'm probably missing something obvious, because everyone else seems to get this working.

Is there a log or something I can look at and maybe see the attempts being blocked or something, and then get some clue to what goes wrong? As I can see the TAILMON log only shows information about its process.


EDIT:
Is there some IP forwarding that needs to be done in the router? I saw it in the Tailscale docs, but don't know if I need to do it or how/where to do it?

 

[rung]

Have you tried talking between two non-tailscale clients, one on each subnet? Also, I couldn't tell if you have "site-to-site" enabled on each version of Tailmon.

Also, this page may offer some clues:
https://tailscale.com/kb/1214/site-to-site

 

[Viktor Jaep]

Have you tried talking between two non-tailscale clients, one on each subnet? Also, I couldn't tell if you have "site-to-site" enabled on each version of Tailmon.

Also, this page may offer some clues:
https://tailscale.com/kb/1214/site-to-site

This does sound like a great way to bring it down to basics, and start at a lower level of the troubleshooting process, @raptorjr08. Ensuring site-to-site is enabled on both ends/both routers, and test between 2 non-tailscale clients on each end. Hope you have a good remote desktop solution in place!

Another option would be to describe in exquisite detail what your problem is, what you have tried, and dump it into claude.ai or gemini, and see what sort of solution it spits out? Sometimes AI has a way of coming up with the right solution at times.

 

[raptorjr08]

Thank you very much for all the help.

But I think I have to give up. When I found Tailscale everything just worked with devices talking to each other, of course with the client installed. And I thought installing it on two routers and advertise the subnets would connect the two networks, everything would work no matter if Tailscale was installed on a client or not. Maybe it should work like that but I can't get it to work. And even with all the help it feels a little bit over my head to try and find the problem.

I need to search for another solution to connect both networks.

But I really appreciate everyone trying to help me. Great forum!!!

 

[rung]

Sorry it didn't work out. If both networks have a public IP, you may want to look into Openvpn. I understand site to site is possible with that protocol.