Mastodawn

Tailscale serve and sharing devices

https://sh.itjust.works/post/56860823

Tailscale serve and sharing devices - sh.itjust.works

I am wondering what people’s solutions are for this conundrum. The simplest solution would be to just add this person as a user to my tailnet and have them access my sites that way, perhaps I could also limit access to certain cites by ACL e.g. the Cockpit web-management interface. I would, however, much prefer being able to just share-out my server node, and pick which services are served on their tailnet. Is this a plausible route to go?

Show thread

rtxn Mar 15

If the other person has a Tailscale account, it sounds like the most expedient method is to simply invite them to the tailnet as a non-admin user with strict access control.

You could share a node with an outside user, but I don’t know how much the quarantine would affect its functionality. You could also use Funnel to expose the node to the internet (essentially like a reverse proxy), but there are obvious vital security considerations with that approach.

Share your machines with other users · Tailscale Docs

Learn how to give a Tailscale user on another tailnet access to a private machine within your tailnet, without exposing the machine publicly.

Tailscale

Show thread

Whooping_Seal

That is what it seems like based on what I have read :/

I guess the best option in my case then is likely to add them as a non-admin user to my tailnet. The only concern I have is with the potential of one user deactivating the VPN connection unkowingly, which is probably where Funnel comes in as a better option, but I would prefer to avoid serving stuff on the web when possible. (It is specifically a FreshRSS instance for now)