subnetting                                            
** 2/17/25   Tailscale        
  Ver   subnetting        
  2/17/25                                            
   
  Home What are Subnet Routers ? 192.168.0.0/24
  Misc 192.168.3.0/24
  subnetting Subnet routers 192.168.7.0/24
  site-to-site
  Troubleshooting Set up a subnet router
  Visual Policy Ed
  Glossary 1 Install the Tailscale client.
    Download and install Tailscale
   
    2 Connect to Tailscale as a subnet router.
    After installing Tailscale, you need to configure the device to function as a subnet router by enabling IP forwarding and advertising the subnet routes you want to make available. 
    These steps transform a standard Tailscale node into a gateway for other networks.
   
    To use a Linux device as a subnet router, you need to complete two essential configurations: enabling IP forwarding and advertising subnet routes.
    Linux devices make particularly good subnet routers due to their stability and networking capabilities.
   
    1 Enable IP forwarding When enabling IP forwarding, ensure your firewall denies traffic forwarding by default.              
    This is the default setting for standard firewalls like ufw and firewalld. Blocking traffic forwarding by default prevents unintended routing of traffic.    
   
    IP forwarding is required to use a Linux device as a subnet router. 
    This kernel setting lets the system forward network packets between interfaces, essentially functioning as a router.
    The process for enabling IP forwarding varies between Linux distributions. However, the following instructions work in most cases
   
    If your Linux system has a /etc/sysctl.d directory, use:
    $ echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf  
    $ echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.d/99-tailscale.conf
    $ sudo sysctl -p /etc/sysctl.d/99-tailscale.conf      
   
    Otherwise, use:
    $ echo 'net.ipv4.ip_forward = 1' | sudo tee -a /etc/sysctl.conf  
    $ echo 'net.ipv6.conf.all.forwarding = 1' | sudo tee -a /etc/sysctl.conf
    $ sudo sysctl -p /etc/sysctl.conf        
   
      If your Linux node uses firewalld, you might need to allow masquerading due to a known issue. As a workaround, you can allow masquerading with this command:  
    $ firewall-cmd --permanent --add-masquerade                      
                                     
   
    2 Advertise subnet routes
    After you enable IP forwarding, run tailscale set with the --advertise-routes flag. It accepts a comma-separated list of subnet routes.
    $ sudo tailscale set --advertise-routes=192.168.0.0/24,192.168.3.0/24,192.168.7.0/24
   
    3 Enable subnet routes from the admin console. The admin console provides a centralized interface for approving and managing subnet routes advertised by your devices. 
    This step ensures that the routes you've configured on your subnet router become active in your tailnet.
    1 Open the Machines page of the admin console. Machines
    2 Locate the Subnets badge in the devices list 
    3 Select a device with the subnet property, then go to the Subnets section.
    4 Select Edit. This opens the Edit route settings.
    5 Under Subnet routes, select the routes to approve, then select Save.
   
    You can disable key expiry on your server to avoid having to periodically reauthenticate.
   
    4 Add access rules for advertised subnet routes. You can skip this step if you already have rules that allow access to your advertised subnet routes.    
    1 Open the Access controls page of the admin console to update your tailnet policy file. Access controls tailnet policy file Getting started with ACLs
    2 Create an access rule that lets access to the advertised subnet.
   
    5 Verify your connection.
    tailscale ip -4 get IP address
   
    6 Use your subnet routes from other devices. Once your subnet router is configured and verified, you need to ensure that other devices in your tailnet can discover and use the new routes. 
    This process varies slightly by operating system.
   
    Android, iOS, macOS, tvOS, and Windows automatically pick up your new subnet routes.
    By default, Linux devices only discover Tailscale IP addresses.  Tailscale IP addresses  ----> What are these 100.x.y.z addresses?
    To enable automatic discovery of new subnet routes on Linux devices, use the --accept-routes flag:
    $ sudo tailscale set --accept-routes
   
    7 Update subnet routes
    1 Connect to Tailscale as a subnet router.
    2 Enable subnet routes from the admin console.
    3 Add access rules for advertised subnet routes.
    4 Verify your connection.
    5 Use your subnet routes from other devices.
   
    8 Use advanced subnet routing After you set up a subnet router, you might consider:
    1 Route DNS lookups to an internal DNS server.
    2 Set up high availability for subnet routers.
    3 Use overlapping routes with different prefix lengths for granular routing control.
    4 Connect two or more subnets using site-to-site networking.
    5 Disable source NAT (SNAT).