2

This is a Docker setup that runs a Tailscale node, routes traffic through Gluetun with NordVPN connected, and advertises the Tailscale node as an exit node.

services: gluetun: image: qmcgaw/gluetun restart: unless-stopped cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun environment: - VPN_SERVICE_PROVIDER=nordvpn - VPN_TYPE=openvpn - OPENVPN_USER=${NORDVPN_OPENVPN_USER} - OPENVPN_PASSWORD=${NORDVPN_OPENVPN_PASSWORD} - SERVER_COUNTRIES=${NORDVPN_SERVER_COUNTRIES} ports: - 41641:41641 # tailscale port - 3478:3478 # stun port tailscale: image: tailscale/tailscale:latest network_mode: "service:gluetun" restart: unless-stopped cap_add: - net_admin - sys_module volumes: - ${PWD}/tailscale:/var/lib/tailscale - /dev/net/tun:/dev/net/tun environment: - TS_AUTHKEY=${TAILSCALE_AUTHKEY} - TS_EXTRA_ARGS=--advertise-exit-node - TS_STATE_DIR=/var/lib/tailscale - TS_USERSPACE=true - TS_HOSTNAME=${TAILSCALE_HOSTNAME} depends_on: gluetun: condition: service_healthy

The problem is that it seems only relayed connection's through DERP are happening. Is it possible to establish direct connection to the exit node, considering NordVPN doesn't allow port forwarding?

Improve this question

1 Answer 1

Reset to default
0

Try adding Tailscale's default WireGuard port (41641) to FIREWALL_INPUT_PORTS and Tailscale's address range (100.64.0.0/10) to FIREWALL_OUTBOUND_SUBNETS in the environment variables for Gluetun.

FIREWALL_OUTBOUND_SUBNETS=192.168.1.0/24,100.64.0.0/10 FIREWALL_INPUT_PORTS=41641
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.