top | item 45245128

(no title)

juhovh | 5 months ago

I have heard not so great things about Forti VPNs, sorry to hear you have to work with those.

In theory, as long as the Forti VPN does not overlap with the Tailscale IP address range, the simplest solution is to just run Tailscale and openfortivpn on a single node. You can then advertise the Forti VPN subnets within Tailscale, that's effectively what my image does as well in a nutshell, except that it's parsing the WireGuard config and setting up firewall rules for convenience.

Tailscale does NAT automatically by default, so it will look like all traffic is coming from the openfortivpn client itself.

discuss

standard_indian|5 months ago

When I just try to run tailscale and forticlient together naively, tailscale does not like it very much heh. Looks like I'll need to study what your image is doing in depth