router 1 has subnet routes accepted. But it seems that doesnt work going out?
You need to adjust your ACLs to allow traffic over Tailscale.
On the router or on server 2?
For all traffic. Tailscale ACLs deny by default. If you’ve never changed them, you need to do that.
Does subnet only work for incoming not outgoing?
I’m not sure what you mean. You either need to post a lot more details and information about your setup, or you need to read and understand the Tailscale docs.
I have this set { “action”: “accept”, “src”: [“group:admin”], “dst”: [“:”], },
Can you ping server 1 from the subnet router?
Make sure to check if you have a firewall blocking ICMP packets on server 1 or somewhere between.
Maybe run traceroute from both serves and compare the route taken and where it stops.
