Open lyc8503 opened 1 year ago
loprima-l
commented
1 year ago Hi, I think that's not the priority now, plus adding this type of key is useful if you can't trust the server, but you can't trust the client, as you are using your own Headscale instance, if your server is compromised probably your clients are compromised too, because if you secure your network well the risk is almost none.
codethief
commented
1 year ago @loprima-l I'm afraid I can't follow you. Would you mind rephrasing your comment?
Back to the topic at hand: I agree with @lyc8503, Tailscale Lock would be great. Otherwise, IIUC if the Headscale server gets compromised, the entire Tailnet will be, too. (Unless, of course, you've deployed further authentication measures beyond Tailscale.)
loprima-l
commented
1 year ago My point is : Yes it'll be an enhancement. But Headscale is not actually suitable for a sensitive environnement, and even if the point is to avoid security issues, securing more the product is not the current step. We can't take tail scale as an example, they introduced it only recently.
Maybe this would be a nice feature when Headscale is stabilized as for now the performances don't made it suitable for a large/sensitive environment. Headscale is fun to experiment or if you don't actually have the choice, your network shouldn't be exposed only by connecting to your instance, it's always necessary to have a secure infrastructure at all the levels.
juanfont
commented
1 year ago I might do this at a later stage, as I am very curious about the implementation of Tailnet Lock. Because of this curiosity-driven development, for the time being I won't be accepting contributions on it.
Please consider Tailscale's SaaS if your use-case really requires this kind of security feature.
nokados
commented
1 month ago @juanfont So, a year and a half later, are there any plans to implement this critical feature in the near future?
And it is really important, because in a private network, where all devices do not have a public IP and access from the outside, the coordinating server is the most vulnerable part. Moreover, many people have it located in a VPS (https://github.com/juanfont/headscale/issues/1072 ) that have root access to all their virtual machines. Without the ability to sign nodes, the network is completely open to the VPS provider and all his "friends", not to mention the possible hacking of the server itself through any vulnerabilities.
If you are still not ready to implement it yourself, maybe you will give it to contributors?
juanfont
commented
1 month ago @nokados I have to admit that some of my (happy) life events prevent me from spending time on this.
If anyone is interested, please proceed with a design doc proposal + subsequent implementation? 😄
Feature request
The official Tailscale server introduced https://tailscale.com/blog/tailnet-lock/ feature. I think implementing this feature could protect my private tailnet from being accessed even if the hosting server was compromised or there were undiscovered vulnerabilities in my setup. The feature can further improve the security and privacy of our tailnets through cryptographic means.