Use Tailscale subnet routing.
Untrusted devices can sit on a separate VLAN or get WAN blocked, you can still reach them internally, and from any other device on Tailscale. You just need to expose the subnet via Tailscale subnet routing.
Use Tailscale subnet routing.
Untrusted devices can sit on a separate VLAN or get WAN blocked, you can still reach them internally, and from any other device on Tailscale. You just need to expose the subnet via Tailscale subnet routing.
Yes that is how you arrange how the device can be reached through Tailscale.
What I was wondering was: In order to get the device to talk to Tailscale to be able to reach it you need to give it access to the internet to reach Tailscale. But now I understand your answer and it is to let the device sit somewhere in an enclosed network and then through another trusted Tailscale node route any traffic to it using subnet routing. Thanks!