#Is tailscale site-to-site supported with the official HA addon?

I've been struggling for a while to set up site-to-site connection between my two networks.

Both networks run HAOS with tailscale addon installed. The first network runs on 192.168.0.0/24 and the second one on 192.168.1.0/24 (non-overlapping)

On both networks I set up a static route for the other network to go through the IP of HAOS. So on default gateway 192.168.0.1 I set up a static route that forwards all traffic pointing to 192.168.1.0/24 to go through home assistant running on 192.168.0.10.

When I traceroute, the traffic goes to the HAOS IP as defined in the static routes, but doesn't get forwarded through the tailscale network over the tailscale CGNAT.

On the other hand, when I traceroute from within home assistant (using the Terminal ssh addon), the packets successfully arrive at the remote subnet.

So there must be an issue of home assistant forwarding the packets from devices on the local network through the tailscale tunnel.

I checked out the following docs and as I understand it, everything should be set up correctly, except the sysctl.conf, which I'm unsure whether home assistant changes and even whether it does what I need.

https://tailscale.com/kb/1214/site-to-site

This is my addon config in HA

userspace_networking: false
accept_dns: true
accept_routes: true
advertise_exit_node: true
advertise_connector: true
share_homeassistant: disabled
snat_subnet_routes: false
taildrop: false
stateful_filtering: false

I just hope I didn't just kill two evenings trying to achieve the impossible.

the addon does not listen on the host interface. addons are docker containers. so maybe you could put a route in on the haos base OS to redirect to the internal container ip.

but honestly... There are probably better ways to do this...
you are likely better off doing this on the network routers, what routers are you using?

doing this via haos setups is probably in theory possible but its not really a good idea and updates are likely to break stuff.

Putting routes into the base OS is likely to break on HAOS updates. And do not carry over when restoring from backup.

I use consumer grade Asus routers flashed with MerlinWRT. They only allow me to set up static routes. I can't really install tailscale on it.

Docker containers can use the host network if I'm not mistaken. So it should be possible for tailscale to listen on host interface even when running in docker.

This is what I thought userspace networking was doing.

It seems like the addon is connected to the host network and not behind a docker internal network

https://github.com/hassio-addons/addon-tailscale/blob/main/tailscale/config.yaml

your right doing stuff on base os will break stuff on updates
i am not sure on the specifics of how supervisor handles host networking

tbh if your this deep into stuff. change the routers our for mini pcs running OPNSense and do the site to site on the routers. there is a plugin for it to use TS

Kinda out of my budget. Also no real reason to get high-grade routers when one of my networks is 1Gbit and the other one is still stuck with 100mbit