Tailscale looks really nice but as far as I understand you have to trust tailscale.com
no to create and inject new network members in your private network.
This is a nogo for our company.
I can’t find any honest/helpful information on your website explaining this risk.
I hope I’m wrong and you can explain how we can use Tailscale in a safe way.
I don’t mind creating/verifing every key myself etc. (50 devices)
But is there a safe way to use Tailscale without this injection risk?
I don’t mind if it’s less convenient (adding a new machine manually to all
existing servers instead of using group permission…)
Right now, you’re pretty much right. The coordination server is currently part of the trusted envelope for a network, in that it controls what your machines are willing to talk to. If that’s a deal-breaker for you, right now there’s not much we can do, but I’ll mention a couple of options:
- For enterprise users, we offer an on-premises deployment option. In that setup, you run your own coordination server, which we don’t get access to, and all your Tailscale clients talk directly to it. This is only for fairly large deployments, because the support burden for us is high with on-premises deployments, so we charge accordingly.
- For small deployments, you could try running GitHub - juanfont/headscale: An open source implementation of the Tailscale coordination server , an third-party coordination server implementation. We don’t maintain it so no promises that it does what you need, but that’s a way you could use Tailscale’s meshing without involving us at all.
In the longer term, we have some ideas on how to remove the coordination server from the trust base. The details are vague still, but some way for clients to verify that the coordination server didn’t tamper with the intended configuration. In the end, we want the coordination server to be an untrusted data drop-box for nodes, but we’re not there yet.
Thanks for your detailled and honest answer!
We’ll give Nebula a try and will watch how Tailscale grows…