I have set up a VPN on my home network using Tailscale. I would like to use my TrueNAS as an exit node for my phone. I have enabled the exit node in the settings but it says
Help: Advertise Exit Node
Advertise exit node
Same as --advertise-exit-node flag.
Needs enabled IP forwarding on the host via System > Advanced Settings > Sysctls.
Please make sure you read and understand the warnings displayed when adding Sysctls
See also Subnet routers · Tailscale Docs
What do I need to enter in the Sysctls GUI to enable this functionality?
I have tried to make my OPNsense firewall the exit node but the traffic does not go through the unboundDNS subsystem. I need this as it is configured to assign a domain to my TailScale IP address of Vaultwarden in my network to enable SSL certificate functionality.
I have tried searching for this info and using AI chatbots but I cannot find the answer. Lots of warnings that if I input the wrong thing my NAS will brick.
The IP forwarding is enabled on TrueNAS by default, nothing you should have to do there.
Once you run the --advertise-exit-node on the Tailscale instance within TrueNAS, then you need to log into your TailScale UI and make sure you mark the exit node as accepted in their management UI.
I use the same for my home network, tailscale is now my VPN into my local net. You can do this on 2 or more TrueNAS systems (if you have them) to have redundant paths as well, so while one system is down, your tailscale clients will fall back to the other TrueNAS as the default exit node.
Thank you tailscale up --advertise-exit-node --accept-dns=false --hostname=truenas-scale
worked to get the exit node flag on tailnet. But I am still unable to reach my server over cellular data. Do I want to do accept-dns=true?
You’ll need to specify more about “unable to reach my server”.
What address are you testing? Try pinging other devices on your local subnet? Did you disconnect / reconnect your tailscale clients? Some of them don’t pick up the change automatically.
I can ping my truenas server tailnet ip from my phone no problem.
Unbound DNS has an override to point https://myservice.mydomain.uk:30032/ to the tailnet IP. nothing loads other than a message the site cannot be reached. Over wifi it works no problem.
I am assuming that the data will go from the TrueNAS server to OPNsense via Unbound DNS .
I have checked my phones IP address and it matches my WAN, so its going through the tailnet. I cannot access any Web GUI’s on my phone via tailnet…except on wifi.
Edit: I am now able to get to the GUI of my web apps by Tailnet IP address via my phone. My assigned host name is not getting resolved on my phone by Unbound DNS.
I’m trying to set this up so I can access my Plex server and when I enable the checkbox in the deployed app it doesn’t seem to have any affect as the option in the Tailscale website never lets me check it.
