Question on routing other devices via Tailscale device

Hi,

I have a Tailscale setup on 2 Macs, let’s call them Mac (Home) and Mac (Away):

• Mac (Away) is currently set as the exit node
• Mac (Home) connects to Mac (Away) using Tailscale VPN Exit Node

I would like to extend this to other devices in my network (without having to install Tailscale client).

I used to do this with pfctl rules on other VPN such as ExpressVPN. However the same rules don’t seem to work with Tailscale.

Let’s say iPad wants to connect via VPN to Mac (Away), I apply the rules using pfctl on Mac (Home) and then set the Router IP on iPad to be the Mac (Home) IP address.

These are the rules I used:

rdr pass on en0 from any to any -> utun3
nat pass on utun3 from en0:network to any -> (utun3)

or

scrub in all
nat on utun3 from en0:network to any -> (utun3)
pass out on en0 from en0:network to any
pass out on utun3 from utun3 to any

Where utun3 is the virtual tunnel for Tailscale and en0 is the wifi connection.

Any ideas what I could be doing wrong?

Thanks a lot in advance!

Let’s say iPad wants to connect via VPN to Mac (Away), I apply the rules using pfctl on Mac (Home) and then set the Router IP on iPad to be the Mac (Home) IP address.

Im confused, what does pfctl have to do with this? Just install tailscale on the ipad and utilize the exit node. Easy

Pfctl allows me to route internet connection through: iPad → Mac Home → VPN (Mac Away)

I gave an iPad as an example but let’s say I am unable to use Tailscale on such device (due to limitations), I want it to be using native networking controls (setting Mac Home as IP Gateway)