tl;dr
Copy paste - don't rely on typing correctly...
The Issue
I use tailscale at home and generally love it. One thing I use it for is whitelisting - so I have some apps publically available and my homelab ones have DNS with SSL certs by LE but I whitelist to only my private IPs so that I can use https at home basically. However I have had a few issues with a couple apps, and I kind of chaulked it up to "network protocol this" "need to figure out that header that" but ultimately I was being lazy and the issues weren't catastrophic... it was things like:
- couldn't get to my NVR by DNS, so I'd have to use tailscale_ip:port
- couldn't login with my user in jellyfin cause I lock me down to LAN only since I dont' use a password
- gotify wouldn't connect using DNS
These things aren't huge but they are annoying and today I decided to figure it out.
Typo!
I'm not an expert yet but I think the main problem was the CIDR block I was using in my traefik config.
This'll shock some of you but 10.64.0.0/10 and 100.64.0.0/10 are not the
same blocks!
Check your CIDRs
It's always DNS, and even when it's not, it's still probably networking