Setting up subnet routes on Linux relays

Tailscale’s subnet routing feature facilitates incremental deployment by allowing a single agent to grant access to entire subnets (and not just a single machine). For instance, a relaynode deployed on the NAT Instance (from above) could provide access to all machines running on both the private and public subnets.

To define available subnets that you wish a relaynode to provide access to, use the --routes=... switch.

For the NAT Instance described above, use --routes=10.0.0.0/24,10.0.1.0/24 to permit access to both subnets.

Then, in the admin console, activate them by selecting the Enable Subnet Routes option in the relaynode’s entry: