Tailscale Services - Hacker News

Posted by xd1936 2 days ago

Video walkthrough: https://www.youtube.com/watch?v=mELAg50ljSA

154 points | 33 commentspage 2

EKSolutions 1 day ago|

I wonder if that architecture screenshot's "MagicDNS" value is a nod to Pangolin, since they are currently working on a new Clients feature that should eventually replicate some of the core Tailscale functionality.

alexktz 1 day ago|

I'm afraid it's much more sophisticated. A Pangolin has both a Tail and Scales.

bicepjai 1 day ago||

I recently found Tailscale when searching to control my home lab when traveling and have been amazed by how simple it is we can create a private network.

SOLAR_FIELDS 15 hours ago|

I normally am one to not recommend proprietary services, especially for homelab use but their solution is just so far above all of the alternatives in terms of usability that I make an exception here.

peter_d_sherman 1 day ago||

I did not intuitively understand what Tailscale does, so I visited the following related page:

https://tailscale.com/blog/how-tailscale-works

Ah! OK, now I get it! :-)

But, what found particularly interesting on that page was the following:

>" Some especially cruel networks block UDP entirely

, or are otherwise so strict that they simply cannot be traversed using STUN and ICE. For those situations, Tailscale provides a network of so-called DERP (Designated Encrypted Relay for Packets) servers. These fill the same role as TURN servers in the ICE standard, except they use HTTPS streams and WireGuard keys instead of the obsolete TURN recommendations."

DERP seems like one interesting solution (there may be others!) to UDP blockages...

setheron 2 days ago||

Is this like a more robust funnel?

rhjensen79 2 days ago||

Fantastic. So many posibilities

preisschild 1 day ago||

I just wish tailscale would allow you to use long-lived tokens for ephemeral nodes...

Short lived tokens is not always an option

DomBlack 1 day ago||

You can use oauth tokens with the permissions of auth_key write to use long lived tokens to permission ephemeral nodes

DominoTree 22 hours ago||

I have a GitHub action that uses an OAuth token to provision a new key and store it in our secrets manager as part of the workflow that provisions systems - the new systems then pull the ephemeral key to onboard themselves as they come up

It can get especially interesting when you do things like have your GitHub runners onboard themselves to Tailscale - at that point you can pretty much fully-provision isolated systems directly from GitHub Actions if you want

Daviey 22 hours ago||

I'm curious, which situations are short-lived tokens not an option?

preisschild 58 minutes ago||

I want to give every node in my kubernetes cluster a tailscale key to join the cluster via the cloud-config / userdata. But this key is enforced by tailscale to be short lived, so if the server is reset and it boots again from cloud-config it has the expired key and can't join the tailscale network again.