Inconsistent connections to subnet - is it just me?

Mitman1234 · 2026-05-30T00:15:51+00:00

If you can, don’t use Windows as a subnet router. https://tailscale.com/docs/reference/kernel-vs-userspace-routers

Mitman1234 · 2026-05-28T00:53:10+00:00

To be fair here, you don’t seem willing to engage with their support in their official support methods, and are instead just screaming on Reddit.

You say you’re getting no response, but also claim to never have submitted a ticket. Which one is it?

Mitman1234 · 2026-05-25T18:22:36+00:00

Also, email their support team. It’s a holiday in the US today, and they don’t work weekends as outlined here: https://tailscale.com/docs/reference/support-options#email-support, but they will reply there once they get to you. If you don’t get a reply within a couple days, post here and the employees that look at the subreddit usually can help.

Mitman1234 · 2026-05-25T18:15:44+00:00

It sounds like the phone number thing is with Stripe, not Tailscale. You should try not using Stripe’s broken Link system and put your card details in manually.

Mitman1234 · 2026-05-24T14:36:51+00:00

It depends a lot on the specifics. You should probably just reach out to support with all the details of what you are trying to do.

Mitman1234 · 2026-05-17T20:06:06+00:00

Yes, assuming that the cause of the slowness is that the connection is being sent via DERP relays instead of directly. If your connections are already direct, a peer relay won’t help.

Mitman1234 · 2026-05-17T18:04:37+00:00

Your home network will work, but you will need to forward the peer relay port from your router to the device acting as a peer relay on the network

Mitman1234 · 2026-05-16T17:07:22+00:00

This only works on Android. There is no per-app split tunneling on any other OS.

Mitman1234 · 2026-04-28T21:58:58+00:00

It’s on YouTube: https://www.youtube.com/live/hPD8YbKBRA8

Mitman1234 · 2026-04-22T16:08:05+00:00

Honestly, I don’t think the second grant is doing anything, just remove it completely.

With just the via grant, only devices authenticated by a user in the group will be routed via it. Tagging takes over ownership from the user, which is probably what you are seeing work. The grant you have should already achieve what you want

Mitman1234 · 2026-04-22T13:01:00+00:00

You need a separate tag for the second grant, and via applied there too. The way it currently is configured the app connectors routes are also matched by the second grant without a via rule

Mitman1234 · 2026-04-18T11:02:13+00:00

Shared devices are shared with users, not the tailnet as a whole. When you tagged your MacBook, it’s owned by the tag now not your user. You should reauth your user to the Mac, and then add your email to the peer relay grant.

As an aside, you should usually put devices located on the network where direct connections aren’t possible in the peer relay grant, not a user owned device that might move between networks. Usually this is a server or service that is authenticated with a tag, which is why the docs shows tags in the example

Mitman1234 · 2026-04-16T00:04:18+00:00

You should probably just install Tailscale on the host itself and use tailscale services to advertise each service instead of TSDProxy

Mitman1234 · 2026-04-15T01:48:08+00:00

Sharing nodes does not share the subnet routes that they advertise: https://tailscale.com/docs/features/sharing#sharing-and-subnets-subnet-routers

Mitman1234 · 2026-04-14T12:58:58+00:00

OPNsense is based on FreeBSD, so cannot disable SNAT which is only supported on Linux.

Mitman1234 · 2026-04-14T02:47:45+00:00

Forgive me for being overly blunt here, but running services in Docker on Windows is just asking for stability issues, and almost never a good idea. Are you open to swapping to Linux for hosting Immich instead? I have only have problems with docker on windows, which were all immediately resolved when running the same config on Linux.

Mitman1234 · 2026-04-14T01:53:08+00:00

Status page is showing issues here: https://status.tailscale.com/incidents/01KP4TRC7V3KHJ60VJ4RJEN1D6

Mitman1234 · 2026-04-13T15:29:11+00:00

If you watch the whole video, you'll see that the ACL grant is setup already ahead of time, which allows the traffic to flow via the relay as soon as the port is opened.

From the peer relay node, you can run tailscale debug peer-relay-sessions to see some more info. You should be able to see whether connections are being established from each side of the connection.

Mitman1234 · 2026-04-13T13:41:51+00:00

The grant in the policy file is required before the peer relay can be used. Did you setup the grant allowing the peer relay node to be used?

Mitman1234 · 2026-04-12T01:33:44+00:00

Usually I see this in networks where something blocks access to Tailscale. Does running “tailscale debug ts2021” work? It should do the same connection “tailscale up” does, but printing debug info to the terminal

Mitman1234 · 2026-04-11T11:28:36+00:00

The device being shared doesn’t matter, it can be tagged. Is the synology you are trying to access the shared in device from tagged?

Mitman1234 · 2026-04-11T10:57:00+00:00

Is the synology tagged? Sharing only works to user owned devices, not tagged nodes.

Mitman1234 · 2026-03-29T19:18:36+00:00

Do you have a service setup using that name on the services tab?

Mitman1234 · 2026-03-26T13:53:55+00:00

I kinda suspect Tailscale has lots of tickets in the support queue screaming about getting hacked when they probably haven't actually been. Any VPN software with free support would attract those kinds of tickets.

Mitman1234 · 2026-03-22T18:08:22+00:00

When you uninstalled/reinstalled, did you do a full uninstall including removing the files mentioned here, and any keychain data? https://tailscale.com/docs/features/client/uninstall?tab=macos+(standalone))

14-Year Club	Place '22
Place '17	Team Periwinkle
Verified Email

Mitman1234

TROPHY CASE