This is very related to the SNAT option for subnet routers on Tailscale. Though it’s enabled by default, I ran into issues with some services when I’d left it turned off by accident at one point.
In theory the “clean” way to do is to not use SNAT but then the network router needs to do some extra work to bridge the gap in the connection. Personally I was a dealing with a strict service on a device that wouldn’t accept regular non-SNAT traffic (the service was smart enough to say “no, I’m only running on 192.x.x.x and refuse to send traffic to Tailscale”).
This is very related to the SNAT option for subnet routers on Tailscale. Though it’s enabled by default, I ran into issues with some services when I’d left it turned off by accident at one point.
In theory the “clean” way to do is to not use SNAT but then the network router needs to do some extra work to bridge the gap in the connection. Personally I was a dealing with a strict service on a device that wouldn’t accept regular non-SNAT traffic (the service was smart enough to say “no, I’m only running on 192.x.x.x and refuse to send traffic to Tailscale”).
Thanks will try