FR: allow using "best available" Mullvad exit node when using tailscale CLI

[2rs2ts]

What are you trying to do?

I saw on iOS that it is possible to choose the "best available" exit node when using the Mullvad VPN extension. Great! Why isn't that available on my Linux, macOS (via go install,) or even my FreeBSD machines? I can't find anything in the CLI that lets me do this. I tried tailscale set --exit-node=USA to see if I could set it to be based on the region, but nope, I get this error: invalid value "USA" for --exit-node; must be IP or unique node name

I could try any number of magic strings, but I get the feeling that since tailscale set doesn't mention any special values and tailscale exit-node list doesn't show anything that looks like a special value to set to, it's unsupported on the CLI, and is something only the GUI app does.

How should we solve this?

Either make a tailscale set flag for exit nodes that chooses the best one, or add a subcommand to tailscale exit-node that handles that. Whatever UX you think is best, it doesn't really matter to me. Using this option should make tailscale pick the exit node based on whatever criteria the GUI app apparently uses. In fact, it'd be great if the implementation had a common core, so that any future improvements you make to that experience–such as an ability to choose a priority of servers, like "some-specific-server, or else best-available"–should be propagated to the CLI too.

What is the impact of not solving this?

If the exit node is down on a configured host, then you have to manually update its exit node settings. You also don't get to find out which exit node will actually give you the best performance, you just have to make educated guesses and maybe adjust as needed. IME when setting this up on a few machines, setting an exit node incorrectly can require a system reboot just to get your internet connection back, so, I view it as a pretty important usability win that y'all obviously also value, given that you baked this feature into the GUIs.

Anything else?

I have tried this on both 1.62.1 and 1.64.0. I have not tried installing the GUI on macOS, because (as I understand it) it's incompatible with the iCloud Private Relay which helps befuddle email tracking when using Mail.app, and honestly, I'm wary of trying to juggle two install methods just to test this more thoroughly when it's quite likely y'all will know exactly what I am talking about when I say the CLI doesn't seem to support this.

Related, but basically in the opposite direction: #10464. It's asking for the GUI to let you select specific hosts; if you're refactoring code related to how you pick hosts, there might be overlap and it might be good to tackle both at once.

[agottardo]

cc @clairew and @catzkorn, related to exit nodes work

[l0gge]

When I use tailscale exit-node list, I also get the city Any for countries that have several servers to choose from; I have assumed until now that the best server is automatically selected here. I would be really interested to know what criteria are used to select the server here.

[agottardo]

When I use tailscale exit-node list, I also get the city Any for countries that have several servers to choose from; I have assumed until now that the best server is automatically selected here. I would be really interested to know what criteria are used to select the server here.

The location with the highest Priority value is used.