Open ckiee opened 4 months ago
I’m also looking for a similar feature. It seems that Tailscale’s configuration might allow for merging tailnets. Do you have any updates on this?
Related resources:
Those two links seem to be running two tailscaled
's which while working around the problem does defeat the point of this (and you can see the two concurrent instances struggle a bit to both config the host)
Currently I am waiting for some validation from @juanfont, et al. before I dive in at some unknown point (^:
Use case
Hi! Currently I cannot use headscale, because I like to share my machines with friends who are on
controlplane.tailscale.com
. They are using a network effect, and it prevents me from accessing a good feature like infinite/automatic key expiry which I currently have to rotate every 90d even though I do not personally require this.Description
I would like headscale instances to be able to talk to eachother, and to the tailscale.com CP — specifically for device sharing across controlplanes.
Our control plane will be provided with an authkey for an another controlplane, which it will use to create "proxy machines", replicating our machines' view of the world, but on another instance.
Me, a
[headscale.]puppycat.house
tailnet/user will be able to talk totailscale.com
:headscale nodes share -i … --to tailscale.com
or[headscale-blub.]example.com
(another headscale)their-machine.their-tailnet.ts.net
, we would havetheir-machine.their-user.headscale.example.com
)cookiemonster.ckie.headscale.puppycat.house
anddeep-space-probe.snake-beaver.controlplane.tailscale.com
are happy because they just connected to eachother (Note: We have to ensure we have intersections in the two instances' DERP lists, otherwise it will be sad and randomly fail when we have to fallback.)Contribution
Drawbacks to consider
Alternatives to consider
We could extend the controplane↔client protocol to allow for more on-band network management and make this bridge a separate component that can be ran anywhere. This would keep headscale lean but introduce a bazillion other considerations that we wouldn't need when we are the controlplane. Still, it is possible.