QNAP unreacheable by rest of LAN if included in subnet

[Chasethecheese]

Tailscape 1.36.1-1 set up on QNAP NAS, Raspberry pi 4 and Android phone. QNAP NAS and Raspberry pi are set up as exit nodes.

Everything works well.

If I now create a subnet on the Raspberry pi for 192.168.1.0/24 the QNAP NAS on IP 192.168.1.63 can only be accessed from a device connected to Tailscape.
It cannot be connected to directly from any other device on the Lan (neither ping, ssh nor http) The Raspberry pi and all other machines on the network can be accessed normally on the lan with or without Tailscape

If I disallow subnet access from the Tailscale Machines page, then QNAP NAS can be accessed normally by LAN machines.

Seems like something in the QNAP NAS Tailscale setup seems to be interfering with access if another Tailscale machine is advertising its local IP address as part of a subroute.

I have also confirmed this on Raspberry 3B+

[groenator]

I am encountering the same issue as well. Today, I installed tailscale on my QNAP, ssh onto my NAS and started the daemon with the following command: sudo ./tailscale --socket=/tmp/tailscale/tailscaled.sock up --accept-routes

The NAS is no longer available via the local network, I have to use the tailscale IP to connect to it. I have another node where I am exporting the local network (192.168.1.0/24) routes.

Is there a way to check the logs of tailscale?

[wingcomm]

This behavior is consistent with how Tailscale operates and not exclusive to QNAP since you are telling the QNAP to route all traffic destined to 192.168.1.0/24 through the exit node. You may want to open this issue on the standard issue tracker.

[groenator]

Thank you, I will open an issue on tailscale.

[gzxiexl]

I also encountered the same problem where I don't know how to set the default parameters. When there are devices in the local area network that have enabled routing notifications, additional policies should be added to avoid conflicts.

[andycjw]

I don't understand why advertising subnet on other tailscale node will cause other machines in the same subnet not able to access the qnap NAS on that exact subnet,

I already set --accept-routes to false on the machine I use to access the NAS, it should be able to access on the same LAN

is the qpkg tailscaled binary is running with accept-routes = true by default?

edit: I ssh into the qnap nas and did the following

./tailscale up --accept-routes=false

and it is working now, but stilll why accept-routes is true while the nas system is basically linux system, while the official documentation says it should be false https://tailscale.com/kb/1072/client-preferences/#use-tailscale-subnets

[Xuntar]

In my case --accept-routes was defaulted to false on the QNAP, but I still have the same issue that I can't connect to its normal IP anymore.