Comment by tailscaletom
3 years ago
Userspace mode might be an option (runs without a TUN or doing any system network wiring, at the expense of performance): https://tailscale.com/kb/1112/userspace-networking/
Running Tailscale without privileges is a challenge because tailscaled needs to be able to configure your network, and if you enable Tailscale SSH it also needs to be able to create sessions for configured users. For people who dont need SSH and accept this challenge + maintenance burden, it is possible: https://tailscale.com/kb/1279/security-node-hardening/
Thanks!
I assume for DNS it also needs to modify resolv.conf as root when needed.
Yepp! Strong recommend on using systemd-resolvd, we've observed the least bugs and issues there.