juanfont / headscale

An open source, self-hosted implementation of the Tailscale control server
BSD 3-Clause "New" or "Revised" License
23.09k stars 1.26k forks source link

Inter-controlplane federation #1973

Open ckiee opened 4 months ago

ckiee commented 4 months ago

Use case

Hi! Currently I cannot use headscale, because I like to share my machines with friends who are on controlplane.tailscale.com. They are using a network effect, and it prevents me from accessing a good feature like infinite/automatic key expiry which I currently have to rotate every 90d even though I do not personally require this.

Description

I would like headscale instances to be able to talk to eachother, and to the tailscale.com CP — specifically for device sharing across controlplanes.

Our control plane will be provided with an authkey for an another controlplane, which it will use to create "proxy machines", replicating our machines' view of the world, but on another instance.

Me, a [headscale.]puppycat.house tailnet/user will be able to talk to tailscale.com:

Contribution

Drawbacks to consider

Alternatives to consider

We could extend the controplane↔client protocol to allow for more on-band network management and make this bridge a separate component that can be ran anywhere. This would keep headscale lean but introduce a bazillion other considerations that we wouldn't need when we are the controlplane. Still, it is possible.

nadongjun commented 2 months ago

I’m also looking for a similar feature. It seems that Tailscale’s configuration might allow for merging tailnets. Do you have any updates on this?

Related resources:

ckiee commented 2 months ago

Those two links seem to be running two tailscaled's which while working around the problem does defeat the point of this (and you can see the two concurrent instances struggle a bit to both config the host)

Currently I am waiting for some validation from @juanfont, et al. before I dive in at some unknown point (^: