Let’s say you have an existing tailnet you want to connect a new device to. However, you can’t install tailscale on the device for some reason.
But you happen to have a fancy travel router, like the beryl-ax, running OpenWrt and tailscale, you can turn it into a subnet router.
A subnet router just connects two subnets on two different networks. As far as I can tell, this is intended to be a one way connection. The devices in my tailnet with a real tailnet address could ping a device in the non-tailnet subnet.
My problem though is that I wanted the connection in the other direction: I have a device I can’t install tailscale on and wanted to be able to ssh to a device in my tailnet.
The perk of having the travel router is that it could be added to my tailnet as a bonafide node. And on top of that, I can ssh to it.
But more important that than: I can ssh through it.
The pre-req to all of this is using ssh-copy-id to store my ssh key on the router in ~/.ssh/authorized_keys. I’m not sure if this is strictly necessary for the proxy command I’m trying to set up, but I’m pretty sure it only helps.
OpenSSH’s ssh client has a ProxyJump option. So you can just do something like
ssh -J jump-user@jumpserver remote-user@remote-server
You can simplify the jump server config by pointing to another entry in your SSH config. Like
ssh -J my-jump-server remote-user@remote-server
But if you’re going to go that far, just make a new config entry for your remote server, so that you can simplify it down to
ssh my-remote
Resources referenced: