undefined | Better HN

0 pointsmiki1232112mo ago0 comments

Now I wish there was some kind of global, single-network version of Tailscale...

TS is cool if you have a well-defined security boundary. This is you / your company / your family, they should have access. That is the rest of the world, they should not.

My use case is different. I do occasionally want to share access to otherwise personal machines around. Tailscale machine sharing sort of does what I want, but it's really inconvenient to use. I wish there was something like a Google Docs flow, where any Tailscale user could attempt to dial into my machine, but they were only allowed to do so after my approval.

0 comments

josecodea2mo ago

Tailscale Funnel, no?

For the permissions, just add basic auth in the reverse proxy and choose whom to share the passwd with.

Now if you want OAuth or something like that... well tough luck, you need to set up OIDC or whatever and that's going to be taking you some time, but it still works how you want.

fartfeatures2mo ago

Take a look at Zrok it might be what you want: https://zrok.io

PLG882mo ago

You have more or less described OpenZiti. Just mint a new identity/JWT for the user, create a service, and viola, only that user has access to your machine. Fully open source and self-hostable.

j / k navigate · click thread line to collapse