Force drop TailScale connection for all user in organisation

Tailscale version: 1.38.2

Does TailScale support automatic drop connection for users in the organization?

Users in my organization can connect to a virtual VPN server and I want to create a mechanism that will drop their connection when they do not need VPN. For example, every 30 minutes you should re-connect to the TailScale node.

Can I do this with tailscale CLI or maybe with tailscale policy?

Thank you in advance for your recommendation!

You mean something like if the device is connected on the local/organization network, the Tailscale client would automatically disconnect? I think it would be cool to have. Maybe have a simple agent on a device in the local/organization network and if the client is able to connect to this agent, the tailscale client would automatically disconnect. If there was any changes to the network link, the tailscale client would check again, and if the agent cannot be detected (aka outside of the local/organization network), it would reconnect back to tailscale.

If I am not wrong, there was a rather long thread on this a while back. But I think quite a lot of users are against this idea, because users can then bypass any ACLs. Of course, if you ask me, users can just simply disconnect the client anyway.

Yes, of course, you are right! Users can disconnect from TailScale network by yourself, but sometimes they forget to do it. For example, after working hours start to watch films using TailScale network, which is why I get enormous billing for data transfer. I think I can not force install a special agent to the user devices.

I am not sure why this feature will break ACL policy and users will have permission to overwrite them.
I mean ACL policy that for example: allows 1GB traffic for group dev in 1 hour. And users who are in the dev group and use more than 1GB of traffic will be unconnected from TailScale network.

Or for example, every hour all devices that connect to TailScale will be unconnected. I’ve tried to create this functionality with cronjob that executes tailscale logout && tailscale login every hour, but it looks like when the node goes down and then goes up, users who were previously connected to this node will use this node after TailScale node goes up.