Tailscale doesn't give me visibility to remote IP addresses

I’m trying to replace Wireguard with Tailscale. Installed Tailscale on a remote Home Assistant and my local computer. On remote HA, I’ve enabled “Subnet routes” for 192.168.1.0/24, as well as enabled “exit node” so I should be able to see my remote router when I type 192.168.1.1 into a browser.
It doesn’t work, I only see my local IP addresses in AngryIPscanner. Also weird, every single IP address shows a return ping! 192.168.1.1->192.168.1.254 all shows a ping for some reason.
I thought Tailscale could replace Wireguard as a point to point VPN?

This won’t work. Take a look at Tailscale integration documentation:

Have you installed Tailscale on HA as Integration? As you can see this integration just allows to monitor status of Tailscale network, using their API, but does not provide Tailscale network functionality.
Personally I have Tailsacale node installed on Synology NAS with Subnet routes enabled and have no issues with accessing HA using local IP (from my home LAN address rande), while on the road. No need to enable Exit node - this works the other way around, it allows other devices on the network to use gateway node as gateway to Tailscale network.

No I installed it as an addon. This should have worked. So how does it work? With wire guard I can access all local ip addresses directly via browser using my local 192.xxxxx format. Using tail scale on the pc, how does it work?

I see! I was not aware about Tailsacale being also available as add-on!
OK, so this should work fine. However what I noticed is that the node constantly goes off on its own almost instantly after authentication. Yet enabling Subnet routing allowed to access HA remotely.
One check point; Subnets seems to be configured automatically, but yet need to be enabled manually to work:


Afterwards I switched my mobile phone to LTE only and was able to access HA using its local IP and Tilescale client on phone…
Now, please consider, that not everything work flawlesly over Tailscale. For example for my router I only get to warning message about wrong certificate and cannot move forward. For my access points I get to login page, but I cannot past this point… Seems there is something specific in how the device web interface is build that prohibits it from working properly. Have you tried with any other devices on your LAN with web interfaces enabled?

You have to enable exit node in order to see beyond the device.
As I’ve been saying, I’m trying to access all remote devices on my remote network via browser.
There must be a bug in the windows software, because it works perfectly using my iPhone!! All I have to do is select the exit node in the iOS app, and I can browse to any subnet endpoint.
Is there anyone who has successfully setup tailscale that can explain this?

Well, I’m using it mainly from windows laptop to acces home network from work. No issues (beside these listed above). I can access most of web interfaces, I can map network drives to my NAS, use remote desktop… Exit node disabled… And it is running on top of quite well hardened corporate windows image. But again; I run it on Synology and only briefly tested (in very limited environment) from my phone. I’ll try to make some more tests on Wednesday/Thursday, when I’ll work from the office.

From documentation: The exit node feature lets you route all non-Tailscale internet traffic through a specific device on your network. The device routing your traffic is called an “exit node.”

Means that if you want to access internet from your local device using Tailscale Exit Node, traffic is routed to your home network (encrypted connection) and then exits to public internet from Exit node via your hone internet connection. This is how I understand documentation.

OK, working from the office today and had some time to check how it works from really remote network and windows PC. So… no issues, working as expected equally well comparing to previous installation on Synology. Here is my config on HA:
image

and on laptop:
image

So perhaps some other network setings (firewall, some security software, etc) on your Windows mchine are causing setup not to work as expected…

It’s not clear what you are doing-- if you are simply accessing the remote node then yes that works fine. But if you are browsing all the IP addresses beyond that node, you need to select “exit node”.