We started testing out <a target="_blank" href="https://tailscale.com/">tailscale</a> the other day to help us connect to instances in our private AWS VPC (<a href="https://tailscale.com/kb/1021/install-aws/" class="autolinkedURL autolinkedURL-url" target="_blank">tailscale.com/kb/1021/install-aws</a>). 
Note that Tailscale uses the 100...* range for devices (<a href="https://tailscale.com/kb/1015/100.x-addresses/" class="autolinkedURL autolinkedURL-url" target="_blank">tailscale.com/kb/1015/100.x-addresses</a>). Furthermore our VPC in AWS was using 10.0.0.0/16 range:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262473452/YSiiL-9jwr.png" alt="AWS Ranges" />
We then setup subnet routes from our jumpbox (<a href="https://tailscale.com/kb/1019/subnets/" class="autolinkedURL autolinkedURL-url" target="_blank">tailscale.com/kb/1019/subnets</a>):
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622261860896/g2AvYT5yP.png" alt="Subnet routes" />
Many folks were able to connect to machines in our AWS VPC when connected to tailscale but others were not. This was puzzling. For me I was able to connect to resources and saw a routing table as follows:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262548611/SsHWyx3tH.png" alt="My Routes" />
For one person who wasn't working we noticed the following:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262598631/Xcz1jTso4.png" alt="Bad Routes" />
We also noticed that there were many posts about VPN's not working with Xfinity wifi: <a href="https://forums.xfinity.com/conversations/your-home-network/urgent-vpn-not-working/602daf72c5375f08cd0c69d7" class="autolinkedURL autolinkedURL-url" target="_blank">forums.xfinity.com/conversations/your-home-..</a>
So it looked like Xfinity was using the 10...* which collided with our AWS VPC space. Indeed this is their default modem setup:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262355670/rk-fyjbME.png" alt="Base Setup" />
Now we can reconfigure it to use 192.168.*:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262378363/0W6cUYR2n.png" alt="New Setup" />
After reconfiguring their routes look as follows:
<img src="https://cdn.hashnode.com/res/hashnode/image/upload/v1622262281850/6bRzxamsq.png" alt="Working Routes" />
And finally we're able to access our AWS VPC space through tailscale. As an aside, I will no longer make any VPC as 10.0.0.0/16. I'll start at 10.175.0.0/16 at least.

We started testing out  [tailscale](https://tailscale.com/) the other day to help us connect to instances in our private AWS VPC (https://tailscale.com/kb/1021/install-aws/). 

Note that Tailscale uses the 100.*.*.* range for devices (https://tailscale.com/kb/1015/100.x-addresses/). Furthermore our VPC in AWS was using 10.0.0.0/16 range:

![AWS Ranges](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262473452/YSiiL-9jwr.png)

We then setup subnet routes from our jumpbox (https://tailscale.com/kb/1019/subnets/):

![Subnet routes](https://cdn.hashnode.com/res/hashnode/image/upload/v1622261860896/g2AvYT5yP.png)

Many folks were able to connect to machines in our AWS VPC when connected to tailscale but others were not. This was puzzling. For me I was able to connect to resources and saw a routing table as follows:

![My Routes](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262548611/SsHWyx3tH.png)

For one person who wasn't working we noticed the following:

![Bad Routes](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262598631/Xcz1jTso4.png)

We also noticed that there were many posts about VPN's not working with Xfinity wifi: https://forums.xfinity.com/conversations/your-home-network/urgent-vpn-not-working/602daf72c5375f08cd0c69d7

So it looked like Xfinity was using the 10.*.*.* which collided with our AWS VPC space. Indeed this is their default modem setup:

![Base Setup](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262355670/rk-fyjbME.png)

Now we can reconfigure it to use 192.168.*:

![New Setup](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262378363/0W6cUYR2n.png)

After reconfiguring their routes look as follows:

![Working Routes](https://cdn.hashnode.com/res/hashnode/image/upload/v1622262281850/6bRzxamsq.png)

And finally we're able to access our AWS VPC space through tailscale. As an aside, I will no longer make any VPC as 10.0.0.0/16. I'll start at 10.175.0.0/16 at least.

10.0.0.0/16 vs Comcast Xfinity