search

coreweave / tailscale-derp

2 stars 0 forks source link

Client verification #70

Open Munsio opened 5 days ago

Munsio commented 5 days ago

Hi,

Found this repository while searching for a ready to use Helm Chart for running a custom DERP inside Kubernetes.

While checking it I found that it does not support the --verify-client flag as there is no tailscale client installed inside the image. I guess you folks are probably deploying it with some IP verification on a reverse proxy etc.

So I thought I ask if adding the tailscaled service to the image and enable the client verification is something viable for this repo or if I should just fork it as you wouldn't accept the PR.

Thanks in advance!

ChandonPierre commented 4 days ago

While checking it I found that it does not support the --verify-client flag as there is no tailscale client installed inside the image. I guess you folks are probably deploying it with some IP verification on a reverse proxy etc.

We don't use verify clients in our setup; we relay a number of different Tailnets.

So I thought I ask if adding the tailscaled service to the image and enable the client verification is something viable for this repo or if I should just fork it as you wouldn't accept the PR.

That's reasonable - I can't say I'm thrilled it uses the local socket API, but it would certainly make this implementation one step closer to "feature complete".

71 is up for this. I hope it works for your use case.

Munsio commented 4 days ago

Oh wow nice, that was quick.

To be honest didn't know it will be done that fast, as I am currently blocked by a coworker to continue on this matter I will hopefully be able to test it next week and report back to you.