#Having issues connecting locally through tailscale.

Tldr (i can connect just fine from outside my home network and inside my network with tailscale turned off but i cannot connect reliably connect though tailscale while on my home wifi) (also i consider myself to be a newb at best. Im learninng and putting in the reasearch but this has flat stumped me i can find docs about this issue anywhere)

For this example we are going to use my instance of Grocy to test byt please understand that this is not app dependent. Immich, joplin, you name it same issue.

I have a laptop I am running ubuntu on.
It has tailscale on it. Not in docker. I put it on bare metal to try resolving this which obviously didnt work.

I have a reverse proxy pointed at 127.0.0.1:thePort for grocy.tail.mysite.party
I have a Cloudflare Website i bought
I have a DNS A record pointing at 100.x.x.x to *.tail.mysite.party
If im on my moblie data it works... seeming perfectly.
Hop onto the wifi.... it loads one maybe page, you click a button and maybe your lucky and it gets that one too... then it "site took to long" "site didnt respond.

I have a second DNS A Recod for ^.local.mysite.party
Its set up exactly the same except except it points at 198.×.×.×
As long as you are on the wifi it works

I need i need a site that works both locally and in the wild and instead i have 2 sites that work in their reslective place and im rather confused.

I was told it was a dns issue and that my devices needed set to look at 1.1.1.1 and 100.100.100.100. This seems to have worked in my mobile device (maybe) but my computer is still failing.

Am i asking it to do something its not supposed to? Is there something wrong with my istance of tail? How are there no docs about this?
Any help will be greatly appreciated. Thank you.

Do you necessarily need to have the split dns working on different Domains? I use tailscale's subnet router feature so that <service>.mydomain.net works whether I'm on my home network or accessing it through tailscale.

The way I set this up for me, is :

• Setup tailscale as a subnet router for the LAN subnet

• Setup a local DNS server (or use cloudlfare) that can serve class A records for the services you wish to host. Unbound, pihole and adguard home can do this. Point your FQDN to your internal LAN IP addresses. I use unbound.

• Use the DNS Admin page on tailscale to point to your local DNS server. Step 3 of https://tailscale.com/kb/1114/pi-hole is a good demonstration on how to do this. Instead of this, you could just point something like Cloudflare DNS to your local LAN IP addresses.

This allows me to use <service>.domain.net whether I'm on tailscale or on my LAN with tailscale off. I just have to remember one set of domains.

So your suggesting j pull npm out of this loop and instead use the subnet router to host all the ips and cloudflare to carry them individually?

Im not sure how that helps. Can you explain to me what the issue im having is first. I think that will help a lot because i logially cannot find what the problem is. I just keep getting told to try this or try that with no explanation as to why its supposed to work

I'm trying to take some of the complification you've gotten yourself into with trying to run multiple of the same sites whether your'e on tailscale or not.

The *.local.mysite.party and *.tail.mysite.party just seems like an over complication to me. I like to decomplify things first then get to the heart of the issue.

You'd have to at least run a CNAME mapping one to the other ,and well.. CNAMEs have some problems depending on what device you're on. Otherwise, you might run into issues where you configure an app to use one domain and it's being looked up as another.

For instance, I run mealie -- I've configured it to run as recipes.domain.net . All the links it generates are based on recipes.domain.net. If I were to do it your way, you'd need CNAME records I think to fix your issue.

Really advocating for some simplification here.

When I request <something>.mydomain.net, tailscale sees that I'm requesting something for mydomain.net queries my internal dns server, which gets the LAN address of my reverse proxy, and the reverse proxy handles it.

Im here for the simplfy but unless removing it is going to help the tailscale connect locally somehow im not interested jndoing that right now.

The two systems in my understanding arent touching each other.

If i was to successfully be able to connect locally i would remve the local addres but for now its just staigght up easier that remembering ips for quick connection.

Its a backdoor not a complication in my opinion.

You might then want to leverage the tailscale CLI: tailscale dns query <some domain> and see what it yields to help you further troubleshoot.

https://tailscale.com/kb/1080/cli#dns

Good luck!

The one other thing I could possibly think of is if you have a subnet router and you've configured that linux machine to accept-routes through tailscale . You could then be running into https://tailscale.com/kb/1023/troubleshooting#lan-traffic-prioritization-with-overlapping-subnet-routes

My server is the only thing hosting anything and i dont have a subnet router set up.

*.tail.mysite.party should be connectable from everywhere and instead i cant reach it on the same network its hosted on. Only everywhere else.

I actually caught it in the terminal! these two command were run back to back while changing Absolutly nothing.

So i dont think that this was the right answer as i had to add a whole extra step but i ended up sorting this with a pihole. Now nothing leaves the house if i am home and i it swaps to tailscale when though cloudflare when i leave the house