Comment by SuperShibe
1 day ago
Every few months I come back to this repo to check if they finally got Tailnet lock running or if someone security audited them in the meanwhile. Unfortunately neither of these things seem to make any progress and thus, I’ve grown uncertain in how much I can trust this as a core part of my infrastructure.
The entire premise of Tailscale SaaS builds on creating tunnels around your firewalls, then enabling the user to police what is allowed to be routed through these tunnels in a intuitive and unified way.
Headscale seems to have nailed down the part of bypassing the firewall and doing fancy NAT-traversal, but can they also fulfill the second part by providing enough of their own security to make up for anything they just bypassed, or will they descend to just being a tool for exposing anything to the internet to fuck around with your local network admin? To me, not giving your Tailscale implementation any way for the user to understand or veto what the control server is instructing the clients to do while also not auditing your servers code at all sure seems daring…
> Headscale seems to have nailed down the part of bypassing the firewall and doing fancy NAT-traversal
Did they really roll-their-own for those functions? I thought this was just a control layer on top of Tailscale’s stock services on the backend, are they facilitating connections with novel methods? Apologies if I’m asking obvious questions, I use ZeroTier pretty regularly, but I am not too familiar with Tailscale.
They have a really great in-depth blog post describing how they do it: https://tailscale.com/blog/how-nat-traversal-works
This is a fascinating read!
i think they mean headscale's implementation specifics
Can you share why you use ZeroTier over Tailscale? I run several headscale control planes and it really is nice to self-host. But, I'm curious about other options.
Not OP but I'm on ZeroTier because it was one of the best free tiers available before Tailscale could run as a Windows service.
Also I believe it implements a lower layer of the network stack so more options are supported, though I haven't needed to investigate in detail.
1 reply →
tailnet lock seems way way less important for headscale than tailscale, given you personally control the headscale infra.
Depends on your threat model. Mine definitely includes one of my servers getting compromised. (Which, tbh, is probably more likely than Tailscale getting hacked.)
only until someone finds a zeroday in headscale (remember, it never got audited) or until the server running headscale itself gets compromised. Especially in countries where getting a dedicated public IPv4+IPv6 from your ISP is hard-impossible and you‘d have to rely on a server hosted externally (unless you’re large enough to make deals with the ISP) some company hosting your server still retains at minimum physical control over your headscale infra. For why this is a problem, see the recent Oracle cloud breach.
This is my thought as well, if you are in control then you also control which nodes go on your tailnet
One of the maintainers work for tailscale now.
maintainer's employment != security audit
My thinking is their time is divided now and could lead to less efforts spent on headscale.
2 replies →
c.f. https://github.com/juanfont/headscale/issues/2416