Comment by pmarreck
3 years ago
tailscale user here.
the tailscale devices you see are only accessible by other devices on the same tailscale network.
S/he's talking about accessing those machines from OUTSIDE that network. That's what would require admin intervention. So for example if I have a webserver on my home LAN that has Tailscale installed and authenticated, then sure, I can access that webserver from any of my other Tailscale devices from anywhere. But if I want a friend to be able to access that webserver without first being authenticated to the Tailscale network... Do you see the problem, yet?
I clearly understand that problem. but I'm just going to assert its not what you actually want. nor is it related to accessing ssh where you most definitely don't want to expose the port.
for starters, what you're describing is a load balancer. those already exist and are trivial to setup.