Tailscale is used for remote VPN connections.

Rather than doing things the “Tailscale-way,” I’ve chosen a more traditional approach using their “Subnet Routers” feature. This container exposes 10.0.0.0/16. Optionally, it may be used as an exit node by users with the appropriate permission.

ACL rules are configured within the Tailscale configuration and with firewall rules applied to VLAN 250.