How Lewis IT Helps Businesses Connect Segmented Networks with Tailscale Site-to-Site VPN

In today’s hybrid IT environments, organizations often manage multiple segmented networks across offices, data centers, and cloud environments. The challenge? Securely connecting those networks without expensive MPLS circuits, complicated firewall rules, or legacy VPN appliances.
At Lewis IT, we’ve helped numerous customers solve this problem with Tailscale site-to-site VPN—a modern, zero-trust solution that uses WireGuard® technology to simplify secure connectivity.
In this article, we’ll explain how Tailscale enables site-to-site connections, why it’s ideal for segmented networks, and how Lewis IT can help your business implement it.
Why Businesses Need Secure Site-to-Site Networking
Many of our clients run segmented VLANs for servers, IoT devices, workstations, or cloud applications. While segmentation improves security, it often creates challenges:
- Remote teams need to access multiple networks.
- Branch offices require secure communication with headquarters.
- IT administrators want granular access controls without setting up complex firewall rules.
- Traditional VPNs introduce bottlenecks and single points of failure.
This is where Tailscale shines. Instead of forcing traffic through a central VPN appliance, Tailscale builds a peer-to-peer mesh VPN that’s faster, more resilient, and easier to manage.
What Is a Tailscale Subnet Router?
Tailscale typically connects individual devices. To extend connectivity to entire LAN segments, you use a subnet router. This is a lightweight Linux, Windows, or macOS host that:
- Advertises local subnets (e.g., 192.168.10.0/24).
- Securely routes traffic between remote sites.
- Applies zero-trust ACLs so only approved devices and users can access resources.
At Lewis IT, we often deploy subnet routers on small Linux VMs or edge devices. This allows us to connect entire networks—without touching every workstation or IoT device individually.
Example Use Case: Connecting Two Segmented Networks
Let’s say your organization has:
- Site A LANs:
192.168.10.0/24
– Servers192.168.30.0/24
– IoT Devices
- Site B LANs:
192.168.20.0/24
– Workstations
With Lewis IT’s implementation of Tailscale site-to-site, we can:
- Allow secure communication between servers in Site A and workstations in Site B.
- Restrict IoT traffic from accessing sensitive systems using fine-grained ACLs.
- Provide centralized management through the Tailscale Admin Console.
How Lewis IT Implements Tailscale Site-to-Site VPNs
When deploying Tailscale for our customers, Lewis IT follows a proven step-by-step methodology:
1. Install and Configure Subnet Routers
We provision Tailscale on dedicated subnet routers at each site:
sudo tailscale up \
--advertise-routes=192.168.10.0/24 \
--accept-routes \
--advertise-tags=tag:subnet-router
2. Approve Routes
Our engineers approve advertised routes in the Tailscale Admin Console, ensuring only authorized networks are reachable.
3. Enable IP Forwarding and Firewall Rules
We configure Linux forwarding and adjust iptables, firewalld, or UFW depending on the environment. This ensures bidirectional traffic flows securely.
4. Apply Zero-Trust Access Controls
Lewis IT customizes Tailscale ACLs for each client:
{
"acls": [
{
"action": "accept",
"users": ["*"],
"ports": [
"192.168.10.0/24:*",
"192.168.20.0/24:*"
]
},
{
"action": "deny",
"src": ["192.168.30.0/24"],
"dst": ["192.168.20.0/24:*"]
}
]
}
This ensures least-privilege access—one of the cornerstones of modern cybersecurity.
5. Test and Validate
We perform extensive testing:
- Ping and traceroute between sites.
- DNS resolution with MagicDNS.
- Service validation (e.g., RDP, SSH, database access).
Key Benefits of Tailscale Site-to-Site (with Lewis IT)
✅ Simplified Management – No complex IPsec configs or firewall headaches.
✅ Zero-Trust Security – Fine-grained ACLs for segmentation.
✅ Scalability – Connect multiple sites without new hardware.
✅ Cost Savings – No need for costly MPLS or VPN concentrators.
✅ Faster Performance – Direct peer-to-peer connections where possible.
✅ Auditability – Centralized logs and access tracking.
Real-World Results with Lewis IT
Over the past year, Lewis IT has helped customers across industries—MSPs, healthcare providers, manufacturers, and SaaS companies—implement Tailscale site-to-site VPNs.
In every case, clients saw:
- Reduced network complexity.
- Improved security posture.
- Significant cost savings over legacy VPN hardware.
One customer replaced a failing VPN appliance with a Tailscale + Lewis IT subnet router solution—achieving better uptime and faster throughput in under a day.
Why Choose Lewis IT?
- Proven Experience: We’ve deployed dozens of Tailscale site-to-site solutions across complex, segmented environments.
- Security-First Mindset: We design with zero-trust principles in mind.
- Ongoing Support: From initial design to ongoing monitoring, Lewis IT provides full lifecycle management.
- Vendor-Agnostic Expertise: We integrate Tailscale with firewalls, SIEMs, RMMs, and cloud platforms.
Get Started Today
If your business needs secure, reliable site-to-site connectivity, Lewis IT can help.
👉 Contact us to schedule a consultation and see how Tailscale site-to-site VPN can simplify your networking while strengthening security.
Lewis IT – Your trusted partner for modern networking, cybersecurity, and zero-trust connectivity.