Tailscale and firewall

Dash · September 28, 2023, 9:48pm

Hello everybody, I was hoping to get some assistance from someone with regards to Tailscale and Freepbx 16.

I have successfully installed the subnet feature on one of the servers and can Access the internal devices of that network for example 192.168.100.1/24 behind this PBX, without any issues. This is an old server, and I don’t remember changing anything in the firewall, besides allowing Tailscale to be trusted.

I have tried a similar installation on a clients machine so that I could troubleshoot issues. However, firewall seems to be blocking the subnets.

If I reboot the machine, which puts the firewall into a suspended state for five minutes I can access the submit and the machines behind it however, as soon as those five minutes are over I’ll lose connection.

If anyone can assist, please let me know

dicko · September 28, 2023, 10:41pm

Dash · September 28, 2023, 10:57pm

Hi there yes this is correct however I cannot understand why subnets will work if the pbx has been restarted and the firewall is temporarily disabled.

dicko · September 28, 2023, 11:00pm

Because the iptables will change between those states

before iptables -L -n > a after iptables -L -n > b then diff a b

adell4444 · September 28, 2023, 11:09pm

It works because your firewall is disabled. If your firewall is turned on, then you need to add the exceptions in order for it to work.

Dash · September 28, 2023, 11:17pm

Thank you for this can you advise on how to go about adding this rule.

dicko · September 28, 2023, 11:18pm

Which rule?, there are apparently several in that link I posted, what firewall are you using ?

Dash · September 28, 2023, 11:19pm

How to add the rule port 443 to Tailscale

dicko · September 28, 2023, 11:21pm

in your iptables list of rules

Dash · September 28, 2023, 11:26pm

@dicko I really appreciate your extreme knowledge and understanding of Freepbx and I am know way as cleeed up as you are. May I kindly ask you to brake it down please.

Conectivity / firewall / rules for example

adell4444 · September 28, 2023, 11:37pm

Well if you are using the firewall module then you can start here - https://wiki.freepbx.org/display/FPG/Firewall+Permissions

Dash · September 28, 2023, 11:49pm

Thanks just like the other machine Tailscale is set to be a trusted network. I am able to reach the machine on both the Tailscale address and local network one. What it won’t allow me to do is to access other devices once firewall is running

dicko · September 29, 2023, 12:54am

where are the ´ other devices’ ,network wise

Dash · September 29, 2023, 5:38am

Hi. On the same subnet

Dash · September 29, 2023, 12:09pm

Hi guys
Anyone got any ideas? Really need to find a way to get this to work.

Dash · October 1, 2023, 1:17am

Hi guys just checking if any one got any suggestions here.

system · November 1, 2023, 1:18am

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.