Comment by beckler
3 years ago
I love Tailscale, but it’s not really designed for public tunnels. You can do it, but you typically need to provision some kind of proxy with a static IP (most likely cloud based) to handle your public stuff.
3 years ago
I love Tailscale, but it’s not really designed for public tunnels. You can do it, but you typically need to provision some kind of proxy with a static IP (most likely cloud based) to handle your public stuff.
what do you mean by public channels? if I was trying to ssh into my machines it works wonderfully for dns resolution.
Cloudflare tunnels expose ports publicly.
Tailscale must be properly configured on your client machine to access machines/ports on their respective private Tailscale network(s), setup of which typically requires administrative intervention. Without bridging to a public network, services exposed to the Tailscale network are not accessible publicly.
Tailscale does offer user-mode clients so it can be used similarly to SSH by those allowed to connect (I don't know how difficult user-mode Tailscale is without admin setup on various operating systems).
not sure where you're getting the idea you need admin intervention for tailscale. I've never needed to do anything beyond authenticate the machine with my account. tailscale has NAT traversal built into it.
If your network firewall is preventing the tunneling process, then that's on you. and if its not on you and its a company decision then its VERY unlikely they'd be okay with cloudflare's publicly exposed ports.
5 replies →
I mean if I wanted to host a public blog on my private infrastructure, Tailscale alone isn’t going to cut it. I would have to make a instance on a cloud provider to allow public ingress, and I have to setup and configure Tailscale on it to allow it to punch a hole into my walled garden. If I just want plain VPN access to my instances from wherever, then that’s when Tailscale really shines.
you want a load balancer for that use case. not a VPN. this article is about SSH not a public blog.
A core offering of Cloudflare Tunnel is the ability to host web servers through tunnels. Tailscale requires you to run your own reverse proxy on a publicly-accessible node in order to accomplish this.
This is not my experience having recently set up web servers in a cloud virtual network with no inbound ports open. I can tailscale in and connect to web servers behind traefik configured to use the dns-01 challenge. The only way to access these webaps is through tailscale.
1 reply →