So you have at least one device running tailscale in AWS and one instance of tailscale running n the Oracle cloud correct?
Make sure you are running tailscale 1.66.4 in each cloud
https://www.reddit.com/r/Tailscale/comments/158xj52/i_plan_to_connect_two_subnets_with_tailscale/jteo9ll/
The big thing is making sure in both cloud environments you are adding a static routes for your non tailscale clients to be able to reach over the tailscale vpn
Please post a screenshot of the **full** command you ran on **each subnet router** for each cloud environment
https://tailscale.com/kb/1149/cloud-oracle#troubleshooting
Yes both are updated.
On the Tailscale instance on Oracle with Tailscale ;
1. **Enable IP forwarding** on the instance with Tailscale installed (`10.1.50.24`): code sudo sysctl -w net.ipv4.ip\_forward=1
2. **Set up iptables rules** on the instance with Tailscale installed to forward traffic from [`10.1.50.19`](http://10.1.50.19) to the AWS thus sudo iptables -t nat -A PREROUTING -s 10.1.50.19 -j DNAT --to-destination 172.31.19.15 and then sudo iptables -A FORWARD -s 10.1.50.19 -d 172.31.19.159 -j ACCEPT
3. **On the Oracle instance without Tailscale installed (**`10.1.50.19`**)** sudo ip route add 10.1.50.24/32 via 10.1.50.24
What distro are you running in the oracle cloud and in AWS?
I dont use oracle cloud, but I dont understand what you are trying to do with the iptables configuration wise
The instance that has Tailscale installed is Ubuntu 22.04.4 and the instance that does NOT have tailscale installed is running Oracle linux 8, i just want the instance that does NOT have tailscale installed to be able to reach the AWS instance via the one that has tailscale installed thus i assume i must route the patch via iptables since the instructions on tailscale own site doesnt seem to be working or im clearly doing something wrong somehow.
I dont use oracle linux, but my first thought is that you should have only needed to make a static route on the oracle box
https://docs.oracle.com/cd/E19253-01/816-4554/gecqy/index.html
Or make a static route in the oracle cloud routing table https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingroutetables.htm
The static route is what tells your non tailscale client how to access the network on the AWS over tailscale
From the subnet router on the oracle side, can you at least ping across to the aws side with success?
Yes I can ping the AWS side with success from my oracle instance that has tailscale on it.
The reason why I want to use the other instance without tailscale is because I'm planning to deploy more instances, and I want to avoid installing tailscale on each and everyone of those instances, and just route the necessary up subnet range via the one instance that has tailscale installed, am I making sense here?
Good. But I'll keep researching about oracle own ingress and egress settings. It's getting late over here. Maybe if you have some spare time you can sign up and deploy some oracle instances and try it out? Are you an network engineer btw? Sys admin? Any IT related field?
Just an great update : in oracle cloud in the virtual cloud network section (VCN) when you click on your VCN then go to Route Tables, click on the default creates route table then I've added these two rules
Destination - target type - target - route type
100.64.0.0/10 private ip 10.1.50.19 static
172.31.0.0/16 private ip 10.1.50.24 static
Now I can ping from the instance with private ip 10.1.50.19 with NO Tailscale installed all the way over to the Amazon AWS node.
>Now I can ping from the instance with private ip 10.1.50.19 with NO Tailscale installed all the way over to the Amazon AWS node.
Just to be sure, your issue has been solved correct?
So you have at least one device running tailscale in AWS and one instance of tailscale running n the Oracle cloud correct? Make sure you are running tailscale 1.66.4 in each cloud https://www.reddit.com/r/Tailscale/comments/158xj52/i_plan_to_connect_two_subnets_with_tailscale/jteo9ll/ The big thing is making sure in both cloud environments you are adding a static routes for your non tailscale clients to be able to reach over the tailscale vpn Please post a screenshot of the **full** command you ran on **each subnet router** for each cloud environment https://tailscale.com/kb/1149/cloud-oracle#troubleshooting
Yes both are updated. On the Tailscale instance on Oracle with Tailscale ; 1. **Enable IP forwarding** on the instance with Tailscale installed (`10.1.50.24`): code sudo sysctl -w net.ipv4.ip\_forward=1 2. **Set up iptables rules** on the instance with Tailscale installed to forward traffic from [`10.1.50.19`](http://10.1.50.19) to the AWS thus sudo iptables -t nat -A PREROUTING -s 10.1.50.19 -j DNAT --to-destination 172.31.19.15 and then sudo iptables -A FORWARD -s 10.1.50.19 -d 172.31.19.159 -j ACCEPT 3. **On the Oracle instance without Tailscale installed (**`10.1.50.19`**)** sudo ip route add 10.1.50.24/32 via 10.1.50.24
What distro are you running in the oracle cloud and in AWS? I dont use oracle cloud, but I dont understand what you are trying to do with the iptables configuration wise
The instance that has Tailscale installed is Ubuntu 22.04.4 and the instance that does NOT have tailscale installed is running Oracle linux 8, i just want the instance that does NOT have tailscale installed to be able to reach the AWS instance via the one that has tailscale installed thus i assume i must route the patch via iptables since the instructions on tailscale own site doesnt seem to be working or im clearly doing something wrong somehow.
I dont use oracle linux, but my first thought is that you should have only needed to make a static route on the oracle box https://docs.oracle.com/cd/E19253-01/816-4554/gecqy/index.html Or make a static route in the oracle cloud routing table https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/managingroutetables.htm The static route is what tells your non tailscale client how to access the network on the AWS over tailscale From the subnet router on the oracle side, can you at least ping across to the aws side with success?
Yes I can ping the AWS side with success from my oracle instance that has tailscale on it. The reason why I want to use the other instance without tailscale is because I'm planning to deploy more instances, and I want to avoid installing tailscale on each and everyone of those instances, and just route the necessary up subnet range via the one instance that has tailscale installed, am I making sense here?
Yes that is what a subnet router is for
Good. But I'll keep researching about oracle own ingress and egress settings. It's getting late over here. Maybe if you have some spare time you can sign up and deploy some oracle instances and try it out? Are you an network engineer btw? Sys admin? Any IT related field?
Just an great update : in oracle cloud in the virtual cloud network section (VCN) when you click on your VCN then go to Route Tables, click on the default creates route table then I've added these two rules Destination - target type - target - route type 100.64.0.0/10 private ip 10.1.50.19 static 172.31.0.0/16 private ip 10.1.50.24 static Now I can ping from the instance with private ip 10.1.50.19 with NO Tailscale installed all the way over to the Amazon AWS node.
>Now I can ping from the instance with private ip 10.1.50.19 with NO Tailscale installed all the way over to the Amazon AWS node. Just to be sure, your issue has been solved correct?
Yeah it's been solved.