top | item 44025294

(no title)

dankebitte | 9 months ago

> If you aren't comfortable with trusting them with control over your network

Wrt the possibility of Tailscale being compromised, there's the in-beta tailnet lock feature:

> Tailnet lock lets you verify that no node is added to your tailnet without being signed by trusted nodes in your tailnet. When tailnet lock is enabled, even if Tailscale infrastructure is malicious or hacked, attackers can't send or receive traffic in your tailnet. [1]

[1] https://tailscale.com/kb/1226/tailnet-lock

discuss

cypherpunks01|9 months ago

Thanks for the tip!

I've had the Device approval setting on, and wished there were more robust lock features, but not enough to want to run my own coordinator. So Tailnet lock seems like a good security upgrade.

ra|9 months ago

The pricing page suggests this is only for the "enterprise" plan.

dankebitte|9 months ago

Not sure which page you're referencing, but the linked page states it's available for Personal (free) as well:

> Tailnet lock is available for the Personal, Personal Plus, and Enterprise plans.

supermatt|9 months ago

It is definitely on personal as I use it myself.