Comment by juhovh

3 days ago

This is using the subnet router functionality of Tailscale. However, instead of advertising subnets of the local physical network, as explained in the Tailscale docs, it's automatically parsing the given WireGuard config and advertising the subnets at the other end of the WireGuard tunnel.

It will also by default route traffic to the already advertised other subnets in the tailnet, but taking that into use requires a bit of manual configuration on the other end of the WireGuard tunnel. Each subnet needs to be routed through the WireGuard tunnel first to make it work.

2 comments

juhovh

Reply
benley  2 days ago

Interesting - this could actually be good functionality to add to tailscale-manager (https://github.com/singlestore-labs/tailscale-manager), which currently just handles AWS prefix lists and DNS lookups.

  • juhovh  2 days ago

    Thank you, wasn't aware of this project, but it makes total sense!

    Managing the advertised subnets manually is a bit of a pain, while the downsides of accidentally advertising a subnet are negligible, since you still have full control over them in the Tailscale console.