In case this helps in any way: your videos are astonishingly good. Even though they tend to be above the level I can process, they are very clear and have a good rhythm. It's like a better version of me (more knowledgeable) prepared the content I was looking for: sometimes it's almost shocking, I even laugh at the jokes! Anyway, congratulations!
why did it take this long to make this video? omg, this should have been one of if not THE FIRST video tutorial...This really helped me understand sooooo much, I'm kinda sour about it. Thank you 🙏🏽
Thank you! Ten minutes of this video and I have my first rule active and working (src - dst:port range) - managed to achieve this early morning hours while drinking first mugs of coffee for the day.
Useful video but would have liked to seen an example around having a remote cloud machine not having access to rest of tailnet but been accessible to manage. So cloud device been untrusted if someone else had access they cold not access the rest of tailnet.
This is exactly what I need to do. This video helped a LOT however I'm not sure how to do this due to the lack of a deny rule. I want to have free reign in my home lab but protect myself from an exit node on the public internet being compromised. I would need to disable the allow * rule and tag every device in order to create explicit allow rules. This would become tedious quickly especially when using containerised applications. Allow * to * but block tag:internet to * would be my solution but I understand from your video that the least permissive architecture makes this impossible. This is not a typical enterprise use case where I could more effectively use multiple users and groups. Perhaps I'm underthinking it. An example would be nice.
@@Tailscale As long as the world I wake up in still has Tailscale as a VPN solution, I suppose either would be fine! Me to my friend: "Hey you should really use Tailscale!" My friend: "Wait, you mean it just runs in the background and everything just works?" Me: "He's beginning to believe...."
Great video, I learned a lot. I would respectfully request a video on limiting clients or subnets behind routers (pfsense), with other subnets behind other routers. Very vexing as I don’t see syntax for networks/subnets. Again thank you for the excellent video!
Hi Alex, Tailscale ACL is so good to use. However, I have some advice. Like Tailscale SSH, I believe Tailscale can implement a file server inside it, and then Tailscale ACL can control which one can access which storage resources. In the practical scenario especially in a team, SMB is very essential.
A particularly good video, this. (I was wondering why the hostnames wouldn't work in the ACL - that makes perfect sense, but I'm pleased to discover the 'hosts' clause!)
Hi Alex and Tailscale team, is there any plans on giving a tutorial for creating custom DERP server? I love your ts tutorials theyre easy to understand. It would be great if you guys cover the custom DErp server as well since it’s very hard and theres little documentation about it
I would prefer to have a configuration wizard on the tailscale admin page for the intial configuration, this would server for 90 percent of the users . The profile could then be manually editet if required
Give a tailscale for root Android too so we no need to use it through VPN client. It's works seamless by that way we can use our own VPN client app's. I hope you understand thanks for the great services .
Nice Video, but why don't you update your online manuals with good examples, so I do not need waste time by watching videos. The profiles is very powerfull, but how many people are capable of doing that ?
I’ve been desperately waiting this video. This has been the thing I’ve struggled to get my head round. Thanks Alex for this and all the other videos.
In case this helps in any way: your videos are astonishingly good. Even though they tend to be above the level I can process, they are very clear and have a good rhythm.
It's like a better version of me (more knowledgeable) prepared the content I was looking for: sometimes it's almost shocking, I even laugh at the jokes!
Anyway, congratulations!
why did it take this long to make this video? omg, this should have been one of if not THE FIRST video tutorial...This really helped me understand sooooo much, I'm kinda sour about it. Thank you 🙏🏽
Good things come to those who wait. =)
-Alex
Thank you! Ten minutes of this video and I have my first rule active and working (src - dst:port range) - managed to achieve this early morning hours while drinking first mugs of coffee for the day.
Thank you for this video on ACL's cause chatty geeps was not helping much !! It kept tring to make it more complex then it need to be.
This is gold. Thank you for sharing this!
Would love to see the gitops vid! Nice video about acls, ty Alex
Such a good explanation.
Please make a video about gitups.
Great Video, Alex!
Do the ACLs support IPv6 Addresses?
Is the hosts list in the ACLs used to assign IP-addresses to clients?
Useful video but would have liked to seen an example around having a remote cloud machine not having access to rest of tailnet but been accessible to manage. So cloud device been untrusted if someone else had access they cold not access the rest of tailnet.
This is exactly what I need to do. This video helped a LOT however I'm not sure how to do this due to the lack of a deny rule.
I want to have free reign in my home lab but protect myself from an exit node on the public internet being compromised. I would need to disable the allow * rule and tag every device in order to create explicit allow rules. This would become tedious quickly especially when using containerised applications.
Allow * to * but block tag:internet to * would be my solution but I understand from your video that the least permissive architecture makes this impossible.
This is not a typical enterprise use case where I could more effectively use multiple users and groups. Perhaps I'm underthinking it. An example would be nice.
Formal petition for “unimatrix -s 92” to be running on the monitor behind Alex! Great video as always cheers m8
Blue pill or red pill?
@@Tailscale As long as the world I wake up in still has Tailscale as a VPN solution, I suppose either would be fine!
Me to my friend: "Hey you should really use Tailscale!"
My friend: "Wait, you mean it just runs in the background and everything just works?"
Me: "He's beginning to believe...."
the reset to default and being able to see a git diff of changes is great
Great video, I learned a lot. I would respectfully request a video on limiting clients or subnets behind routers (pfsense), with other subnets behind other routers. Very vexing as I don’t see syntax for networks/subnets. Again thank you for the excellent video!
much needed video.
Loved this video!
Can you please make video regarding GitOps approach?
We are using GiOps with flux
Hi Alex, Tailscale ACL is so good to use. However, I have some advice. Like Tailscale SSH, I believe Tailscale can implement a file server inside it, and then Tailscale ACL can control which one can access which storage resources. In the practical scenario especially in a team, SMB is very essential.
Thanks for making this video.
Thanks @alex
By chance, is Tailscale considering a UI for basic/common ACL features?
Maybe 🚀
🤓🤘🏻🙏
A particularly good video, this. (I was wondering why the hostnames wouldn't work in the ACL - that makes perfect sense, but I'm pleased to discover the 'hosts' clause!)
Now you can disrupt the status quo
I have a user who I want to access a machine on my Tailnet but only for using it as an exit node, is there a way I can do that?
It would be great to to see the GitOps follow-up you teased.
Can you make a video on how to connect 2 proxmox clusters over the tailscale, please?
Thank you for explanations
Hi Alex and Tailscale team, is there any plans on giving a tutorial for creating custom DERP server? I love your ts tutorials theyre easy to understand. It would be great if you guys cover the custom DErp server as well since it’s very hard and theres little documentation about it
Could you give me some information on what you would like to create a custom DERP server for? Thanks !
I would prefer to have a configuration wizard on the tailscale admin page for the intial configuration, this would server for 90 percent of the users . The profile could then be manually editet if required
Do the Tailscale IP addresses ever change?
long waited..
Would love to see a gitops video that ties everything together.
Nicely explained. I am a no expert in this syntax. I wish Tailscale uses GUI to set ACLs as we see in netbird and the commercial option twingate.
I'd like to see vid on GitOps Alex 😇
Give a tailscale for root Android too so we no need to use it through VPN client. It's works seamless by that way we can use our own VPN client app's.
I hope you understand thanks for the great services .
Nice Video, but why don't you update your online manuals with good examples, so I do not need waste time by watching videos.
The profiles is very powerfull, but how many people are capable of doing that ?
Just make a user friendly version already, ACLs are such so dev focused