How Lewis IT Helps Businesses Connect Segmented Networks with Tailscale Site-to-Site VPN

How Lewis IT Helps Businesses Connect Segmented Networks with Tailscale Site-to-Site VPN
image source: https://unsplash.com/photos/a-bunch-of-blue-wires-connected-to-each-other-PSpf_XgOM5w

In today’s hybrid IT environments, organizations often manage multiple segmented networks across offices, data centers, and cloud environments. The challenge? Securely connecting those networks without expensive MPLS circuits, complicated firewall rules, or legacy VPN appliances.

At Lewis IT, we’ve helped numerous customers solve this problem with Tailscale site-to-site VPN—a modern, zero-trust solution that uses WireGuard® technology to simplify secure connectivity.

In this article, we’ll explain how Tailscale enables site-to-site connections, why it’s ideal for segmented networks, and how Lewis IT can help your business implement it.


Why Businesses Need Secure Site-to-Site Networking

Many of our clients run segmented VLANs for servers, IoT devices, workstations, or cloud applications. While segmentation improves security, it often creates challenges:

  • Remote teams need to access multiple networks.
  • Branch offices require secure communication with headquarters.
  • IT administrators want granular access controls without setting up complex firewall rules.
  • Traditional VPNs introduce bottlenecks and single points of failure.

This is where Tailscale shines. Instead of forcing traffic through a central VPN appliance, Tailscale builds a peer-to-peer mesh VPN that’s faster, more resilient, and easier to manage.


What Is a Tailscale Subnet Router?

Tailscale typically connects individual devices. To extend connectivity to entire LAN segments, you use a subnet router. This is a lightweight Linux, Windows, or macOS host that:

  • Advertises local subnets (e.g., 192.168.10.0/24).
  • Securely routes traffic between remote sites.
  • Applies zero-trust ACLs so only approved devices and users can access resources.

At Lewis IT, we often deploy subnet routers on small Linux VMs or edge devices. This allows us to connect entire networks—without touching every workstation or IoT device individually.


Example Use Case: Connecting Two Segmented Networks

Let’s say your organization has:

  • Site A LANs:
    • 192.168.10.0/24 – Servers
    • 192.168.30.0/24 – IoT Devices
  • Site B LANs:
    • 192.168.20.0/24 – Workstations

With Lewis IT’s implementation of Tailscale site-to-site, we can:

  • Allow secure communication between servers in Site A and workstations in Site B.
  • Restrict IoT traffic from accessing sensitive systems using fine-grained ACLs.
  • Provide centralized management through the Tailscale Admin Console.

How Lewis IT Implements Tailscale Site-to-Site VPNs

When deploying Tailscale for our customers, Lewis IT follows a proven step-by-step methodology:

1. Install and Configure Subnet Routers

We provision Tailscale on dedicated subnet routers at each site:

sudo tailscale up \
--advertise-routes=192.168.10.0/24 \
--accept-routes \
--advertise-tags=tag:subnet-router

2. Approve Routes

Our engineers approve advertised routes in the Tailscale Admin Console, ensuring only authorized networks are reachable.

3. Enable IP Forwarding and Firewall Rules

We configure Linux forwarding and adjust iptables, firewalld, or UFW depending on the environment. This ensures bidirectional traffic flows securely.

4. Apply Zero-Trust Access Controls

Lewis IT customizes Tailscale ACLs for each client:

{
"acls": [
{
"action": "accept",
"users": ["*"],
"ports": [
"192.168.10.0/24:*",
"192.168.20.0/24:*"
]
},
{
"action": "deny",
"src": ["192.168.30.0/24"],
"dst": ["192.168.20.0/24:*"]
}
]
}

This ensures least-privilege access—one of the cornerstones of modern cybersecurity.

5. Test and Validate

We perform extensive testing:

  • Ping and traceroute between sites.
  • DNS resolution with MagicDNS.
  • Service validation (e.g., RDP, SSH, database access).

Key Benefits of Tailscale Site-to-Site (with Lewis IT)

Simplified Management – No complex IPsec configs or firewall headaches.
Zero-Trust Security – Fine-grained ACLs for segmentation.
Scalability – Connect multiple sites without new hardware.
Cost Savings – No need for costly MPLS or VPN concentrators.
Faster Performance – Direct peer-to-peer connections where possible.
Auditability – Centralized logs and access tracking.


Real-World Results with Lewis IT

Over the past year, Lewis IT has helped customers across industries—MSPs, healthcare providers, manufacturers, and SaaS companies—implement Tailscale site-to-site VPNs.

In every case, clients saw:

  • Reduced network complexity.
  • Improved security posture.
  • Significant cost savings over legacy VPN hardware.

One customer replaced a failing VPN appliance with a Tailscale + Lewis IT subnet router solution—achieving better uptime and faster throughput in under a day.


Why Choose Lewis IT?

  • Proven Experience: We’ve deployed dozens of Tailscale site-to-site solutions across complex, segmented environments.
  • Security-First Mindset: We design with zero-trust principles in mind.
  • Ongoing Support: From initial design to ongoing monitoring, Lewis IT provides full lifecycle management.
  • Vendor-Agnostic Expertise: We integrate Tailscale with firewalls, SIEMs, RMMs, and cloud platforms.

Get Started Today

If your business needs secure, reliable site-to-site connectivity, Lewis IT can help.

👉 Contact us to schedule a consultation and see how Tailscale site-to-site VPN can simplify your networking while strengthening security.


Lewis IT – Your trusted partner for modern networking, cybersecurity, and zero-trust connectivity.

Subscribe to Lewis IT Bin

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe
DigitalOcean Referral Badge