Tailscale

83 readers
1 users here now

A community for the Tailscale WireGuard-based VPN. https://tailscale.com/

founded 9 months ago
MODERATORS
1
8
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/[email protected]
 
 

Hey all!

I'm trying to ssh into my tailnet-hosted (through tailscale serve) gogs instance and I can't seem to figure out how. Has anyone tried doing this? Will I need to add a user to the sidecar container and add a shim like they do in the regular gogs setup? I appreciate any insight.

Edit: Modified title for clarity

2
3
4
5
6
7
8
6
TS-2024-004 (tailscale.com)
submitted 6 months ago* (last edited 6 months ago) by [email protected] to c/[email protected]
 
 

Description: Unclear network flow logs collection status for alpha testers.

What happened?

When network flow logs first entered private alpha, tailnet admins who were interested in testing out the feature had to request to be manually opted into the alpha testing track. When we subsequently introduced admin console settings for self-serve network flow logs for the public beta launch, these settings were not properly connected to the alpha testing track. As a result, for the small number of tailnets that volunteered for alpha testing, the admin console interface did not show that logs were still being collected as initially requested.

We fixed this bug on April 25, 2024 and the admin console now correctly shows the status of network flow logs for all users.

Who was affected?

15 tailnets were opted into network flow log collection through the alpha testing track that did not re-enroll through the admin console. We notified security contacts for the affected tailnets about this bug.

What was the impact?

The admin panel did not reflect the correct status for network flow log collection for affected tailnets, and admins of these tailnets may not have realized that network flow logs were still being collected.

What do I need to do?

No action is needed at this time.

9
 
 

@tailscale Hello headscale users! Did anyone get headscale working in a non standard port? E.g. https://hs.example.com:8443 ? For me It does not work and I think the tailscale clients still send some of the requests to the default port 443

10
11
 
 

Linux

  • (New) Send load balancing hint HTTP request header

Windows

  • (Fixed) Do not allow msiexec to reboot the operating system

macOS

  • (Fixed) Issue that could cause the Tailscale system extension to not be installed upon app launch, when deploying Tailscale using MDM and using a configuration profile to pre-approve the VPN tunnel (applies to standalone variant only)

Synology

  • (Fixed) IPv6 routing

Kubernetes operator

  • (Fixed) Kubernetes operator proxies should not accept subnet routes
12
13
 
 

I'm looking into ways to access my home network which is behind a CGNAT. Tailscale looks like the best solution so far. I would like to clarify a doubt on Tailscale

I have a domain name registered with one of the popular services out there. I saw that Tailscale uses MagicDNS. But I wanted to use my personal domain. My doubt is if I want to use my custom domain with Tailscale, the following will be the procedure,

  1. Setup Tailscale account and add machines.
  2. My device inside the home network will get a Tailscale IP assigned. From 100.xx.xx.xx pool
  3. Use this IP to configure an A record in my Domain registrar.

Now when I try to access this domain what will happen is,

  1. DNS server will resolve the Tailscale IP.
  2. The outside client will try to connect to my machine in the home network.
  3. Tailscale takes care of the CGNAT part and helps to establish a direct connection.
  4. Clients will use the public keys to establish trust and will communicate with each other.

If there is anything wrong in my understanding please correct me. I could not get a clear cut answer on this through searching.

14
15
16
 
 

Users page of the admin console updated to provide more context around user invitations, user approval, and your tailnet’s identity provider

17
18
 
 

Tailscale auto-updates are now Generally Available (GA), with a number of usability and control improvements. Today's update builds on our previously announced beta release.

19
20
21
22
23
24