Skip to main content

Tailscale Shared Node and ACL issue

·199 words·1 min
tailscale

A few months ago I started using Tailscale to wire all my infrastructure, it’s one of the biggest digital quality of life improvement I got this year. Anyway, after having an open-bar networking I decided to add ACLs to restrict communications between servers, nothing much crazy. I use Prometheus to scrape my servers metrics, and push them on one of my friend’s Cortex via a shared Tailscale node.

Everything was working nice until I started applying tags on my nodes. Now I can’t contact any of my friend’s shared nodes from any of my tagged nodes, even if ACL rules are open any-any.

I used my search-fu and found a thread on Tailscale forum explaining the situation1, here’s the quick explanation:

  • a node without tag is own by You, e.g. foo@github
  • a node with a tag is owned by the Tailscale Network
  • a node is shared to You (foo@github), not a Tailscale Network
  • you can’t remove tags from a node without removing/importing it
  • the whole thing is a Tailscale backend limitation

I can’t find a the issue on a tracker, but hope this limitation will be gone once sharing is no longer a beta feature2.

Happy networking

  1. https://forum.tailscale.com/t/shared-server-cannot-be-reached/3807/8 ↩︎

  2. https://tailscale.com/kb/1084/sharing/ ↩︎