Project

General

Profile

Actions

Bug #15100

open

Tailscale IPv6 Exit Node uses first LAN interface when WAN is set to Only Request Prefix

Added by Kris Phillips about 1 year ago. Updated 8 months ago.

Status:
New
Priority:
Low
Category:
Tailscale
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
23.09
Affected Architecture:
All

Description

When Tailscale on pfSense Plus is being used as an exit node for IPv6 connectivity and the WAN interface is set to "Only request an IPv6 prefix, do not request an IPv6 address", it will use the first sequential LAN interface's IPv6 address for outbound connectivity instead. We should probably add an option to Tailscale to select which interface for WAN connectivity is used for the NAT address for IPv4 and IPv6 for outbound connectivity, because this resulted in my internal, secure work VLAN address being used when I had routing policies in Tailscale to only allow access to my home VLAN instead (due to the fact that the work VLAN was the first sequential LAN). Not being able to choose the interface that is used for NAT on the exit node could lead to certain situations where access to resources that shouldn't be is possible under certain circumstances.

Actions

Also available in: Atom PDF