WORTHY BLOG

外观

Tailscale Subnet Router & Exit Node:Complete Setup Guide

约 732 字大约 2 分钟

2026-02-09

Tailscale is often praised for its "it just works" philosophy, but using a Windows machine as a subnet router or exit node requires a bit more manual configuration than its Linux or macOS counterparts.

If you’ve been trying to route traffic through your Windows PC or access your local LAN devices remotely and hit a wall, this guide is for you. We’ll cover how to enable routing, verify your settings, and fix the dreaded "I can't access my local gateway" issue.

Part 1: The Setup (Subnet Routers & Exit Nodes)

Unlike Linux, Windows does not enable IP forwarding by default. Before you can route a single packet, you need to tell the OS it’s allowed to act as a router.

Step 1: Enable IP Forwarding

You must edit the Windows Registry to allow IP routing.

  1. Open PowerShell as Administrator.
  2. Run the following command:
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "IPEnableRouter" -Value 1

Crucial: You must restart your computer for this change to take effect.

Step 2: Advertise Your Routes

Once your PC reboots, you need to tell the Tailscale network what this machine is offering.

To access your home network remotely (Subnet Router): Open a command prompt and advertise your local subnet (replace the IP with your actual range):

tailscale up --advertise-routes=192.168.1.0/24

To route all internet traffic through this PC (Exit Node): Run this command instead:

tailscale up --advertise-exit-node

Step 3: Approve in the Admin Console

The last step is often forgotten. Tailscale requires you to explicitly approve these routes for security.

  1. Go to the Tailscale Admin Console.
  2. Find your Windows machine in the list.
  3. Click the three dots (...) > Edit route settings.
  4. Toggle the switch for your subnet or "Use as exit node" to On.

Part 2: Verifying Your Configuration

Did the registry edit actually work? If things aren't behaving, you should verify that Windows is actually routing traffic.

Option A: Check via PowerShell

Run this command to see the current registry value:

Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "IPEnableRouter"
  • Result 1: Setup is correct.
  • Result 0: The command failed; try running PowerShell as Administrator again.

Option B: Check via IPConfig (The "Real World" Check)

Registry settings only matter if the OS has loaded them. To confirm routing is currently active:

ipconfig /all

Look at the top section under Windows IP Configuration. You should see:

IP Routing Enabled . . . . . . . . : Yes

If it says No but the registry says 1, you haven't restarted your computer yet!

Part 3: Troubleshooting "I Can't Access My Local Gateway"

A common scenario: You turn on Tailscale, and suddenly you can no longer visit your local router page (e.g., http://192.168.88.1/).

This usually happens because Tailscale is trying to be helpful by routing everything through the tunnel, effectively cutting off your local LAN. Here is how to fix it.

Fix 1: The "Allow LAN Access" Toggle (For Exit Nodes)

If you are using an Exit Node (routing your internet through another machine), Windows sends all traffic to that remote machine—including traffic meant for your printer or router sitting right next to you.

  1. Click the Tailscale icon in your system tray.
  2. Hover over the Exit Node menu.
  3. Ensure "Allow LAN Access" is CHECKED.

Fix 2: The Subnet Overlap

If you are physically sitting on a network (e.g., 192.168.88.x) and your Tailscale network is also advertising that same route via another device, your PC gets confused. It will prioritize the Tailscale route over your physical Ethernet/Wi-Fi connection.

To solve this:

  1. Open the Tailscale menu.
  2. Go to Preferences.
  3. Uncheck Use Tailscale Subnets.

This forces your PC to use its physical connection for local addresses, restoring access to your gateway.

Final Tip: The Sleep Killer

Windows loves to save power. If your Windows PC goes to sleep, it stops routing traffic. If you are using a desktop or laptop as a permanent Subnet Router or Exit Node, go to Power & Sleep Settings and set "Put the computer to sleep" to Never.