if your tailscale is on latest version then you shouldn’t face such issue. but anyway, try disabling it explicitly. try snat-subnet-routes to false as well.
No, I’m running 1.64.2
Sorry, I am by no means an expert. How can I achieve this? Could you be more specific on the section and the content?
Can you post a screenshot of what you are talking about because im looking at an asus firewall and dont see anywhere to make a rule to allow incoming internal connections to the firewall
Do you by chance have a static route for 100.64.0.0/10 on your router pointing to your subnet router ip?
Update to 1.66.4, there was some stateful-filtering things that were implemented with 1.66.0 that broke subnet routers, it was undone in 1.66.4
Stateful filtering is now off by default. Stateful filtering was introduced in 1.66.0 as a mitigation for a vulnerability described in TS-2024-005, and inadvertently broke DNS resolution from containers running on the host. Most vulnerable setups are protected by other mitigations already, except when autogroup:danger-all is used in ACLs.
How could I check that?
I just updated to the latest stable docker image, which is 1.66.3-1
So you would go into the static route section, add a route for 100.64.0.0/10 and point the gateway ip address to the local ip address of your subnet router
It is still not working after the update
I don’t have multiple routers. I mean, I have one router in router mode and two other routers in access point mode. Is this for my current use case?
fully remove tailscale and redeploy it with arguments --stateful-filtering=false --snat-subnet-routes=false
Not sure what is 1.66.3-1 or what updates were applied to it.