Unable to desactivate SNAT in Tailscale package

Hello,

I’m using tailscale package 2024-08-29-86e6c88ad1-1 on a RUTX11. I need to identify who is trying to connect to devices in the LAN from Tailscale network.
But packets source adress are always replaced by the one of the RUTX when going to the LAN, so I always see the RUTX11 address and can’t apply policies on my devices based on the source address.
Firewall rule Masquerading Tailscale > LAN is desactivated.
Is there any way to activate --snat-subnet-routes=false when launching tailscale up? Can you add an option to activate or not snat-subnet-routes option or do not replace SNAT when Masquerading option is desactivated?

Maybe I did the thing wrong but I don’t see how to make it work.

Thank you for your help,
Benoit.

The soure IP address when packets are leaving the RUTX11 are not replaced so I don’t understand why it is replaced when they are entering as Masquerading is desactivated.

Is it a bug? Any help is welcome,
Thanks.

Hello,
Anyone is facing the same problem as me?
Thanks.

This topic was automatically closed after 15 days. New replies are no longer allowed.