Comment by dankebitte

17 hours ago

> If you aren't comfortable with trusting them with control over your network

Wrt the possibility of Tailscale being compromised, there's the in-beta tailnet lock feature:

> Tailnet lock lets you verify that no node is added to your tailnet without being signed by trusted nodes in your tailnet. When tailnet lock is enabled, even if Tailscale infrastructure is malicious or hacked, attackers can't send or receive traffic in your tailnet. [1]

[1] https://tailscale.com/kb/1226/tailnet-lock

4 comments

dankebitte

cypherpunks01 16 hours ago

Thanks for the tip!

I've had the Device approval setting on, and wished there were more robust lock features, but not enough to want to run my own coordinator. So Tailnet lock seems like a good security upgrade.

ra 16 hours ago

The pricing page suggests this is only for the "enterprise" plan.

dankebitte 16 hours ago

Not sure which page you're referencing, but the linked page states it's available for Personal (free) as well:
> Tailnet lock is available for the Personal, Personal Plus, and Enterprise plans.
supermatt 13 hours ago

It is definitely on personal as I use it myself.