dataprolet

So to confirm your behavior, you can tailscale ping each other fine and tailscale ping to the internal network. You cannot however ping from the OS to the remote internal network?

Exactly.

Have you checked your routing tables to make sure the tailscale client added the route properly?

How do I do this? I use Headscale and headscale routes list shows the following:

ID | Machine | Prefix           | Advertised | Enabled | Primary
1  | server  | 0.0.0.0/0        | false      | false   | -
2  | server  | ::/0             | false      | false   | -
3  | server  | 192.168.178.0/24 | true       | true    | true

Also have you checked your firewall rules? If you’re using ipfw or something, try just turning off iptables briefly and see if that lets you ping through.

I'm not using a firewall, but the VPS is hosted on Hetzner, which has a firewall. But I already allowed UDP port 41641 and 41641. The wg0 rule is from the Wireguard setup I want to replace using Tailscale.

# iptables --list-rules
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A INPUT -s 100.64.0.0/10 -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 81 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9090 -j ACCEPT
-A DOCKER -d 172.17.0.5/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER -d 172.17.0.6/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9001 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

Yes, both clients can tailscale ping each other and after doing so the status shows active; relay "ams".

Using tailcale ping 192.168.178.178 also works for some reason.

Not sure what to do with the output of netmap.

No, I'm not using ACLs.

Doesn't seem to work.

Thanks, that's what I'm trying to do. :)

And my VPS doesn't have any IPs in the same range as my home server.

How do I make sure of this? What am I supposed to see using the command?

I'm using Headscale, but yes.

Of what?

It's not my website, but you can contact the owner here: https://selfh.st/contact/.

Haganah actually fought against Irgun and Lehi.
https://en.wikipedia.org/wiki/The_Saison

"The Haganah, the largest Yishuv paramilitary, was a Labor Zionist organization; on occasion, it partook in military action (such as during The Saison) against certain radical right-wing Jewish political opponents and militant groups, sometimes in cooperation with the British Mandate administration."
https://en.wikipedia.org/wiki/Labor_Zionism#History

And the Irgun split from Haganah, because they were presumably too defensive.
https://en.wikipedia.org/wiki/Haganah#1931_Irgun_split

Ah, the good old comparison of Israel and Nazis. Please be antisemitic somewhere else.

The Kibbutz movement is heavily influenced by Anarchism for example: https://en.wikipedia.org/wiki/Anarchism_in_Israel.