In case this helps in any way: your videos are astonishingly good. Even though they tend to be above the level I can process, they are very clear and have a good rhythm. It's like a better version of me (more knowledgeable) prepared the content I was looking for: sometimes it's almost shocking, I even laugh at the jokes! Anyway, congratulations!
Thank you! Ten minutes of this video and I have my first rule active and working (src - dst:port range) - managed to achieve this early morning hours while drinking first mugs of coffee for the day.
why did it take this long to make this video? omg, this should have been one of if not THE FIRST video tutorial...This really helped me understand sooooo much, I'm kinda sour about it. Thank you 🙏🏽
Great video, I learned a lot. I would respectfully request a video on limiting clients or subnets behind routers (pfsense), with other subnets behind other routers. Very vexing as I don’t see syntax for networks/subnets. Again thank you for the excellent video!
Hi Alex, Tailscale ACL is so good to use. However, I have some advice. Like Tailscale SSH, I believe Tailscale can implement a file server inside it, and then Tailscale ACL can control which one can access which storage resources. In the practical scenario especially in a team, SMB is very essential.
A particularly good video, this. (I was wondering why the hostnames wouldn't work in the ACL - that makes perfect sense, but I'm pleased to discover the 'hosts' clause!)
@@Tailscale As long as the world I wake up in still has Tailscale as a VPN solution, I suppose either would be fine! Me to my friend: "Hey you should really use Tailscale!" My friend: "Wait, you mean it just runs in the background and everything just works?" Me: "He's beginning to believe...."
Useful video but would have liked to seen an example around having a remote cloud machine not having access to rest of tailnet but been accessible to manage. So cloud device been untrusted if someone else had access they cold not access the rest of tailnet.
This is exactly what I need to do. This video helped a LOT however I'm not sure how to do this due to the lack of a deny rule. I want to have free reign in my home lab but protect myself from an exit node on the public internet being compromised. I would need to disable the allow * rule and tag every device in order to create explicit allow rules. This would become tedious quickly especially when using containerised applications. Allow * to * but block tag:internet to * would be my solution but I understand from your video that the least permissive architecture makes this impossible. This is not a typical enterprise use case where I could more effectively use multiple users and groups. Perhaps I'm underthinking it. An example would be nice.
Hi Alex and Tailscale team, is there any plans on giving a tutorial for creating custom DERP server? I love your ts tutorials theyre easy to understand. It would be great if you guys cover the custom DErp server as well since it’s very hard and theres little documentation about it
Give a tailscale for root Android too so we no need to use it through VPN client. It's works seamless by that way we can use our own VPN client app's. I hope you understand thanks for the great services .
I’ve been desperately waiting this video. This has been the thing I’ve struggled to get my head round. Thanks Alex for this and all the other videos.
In case this helps in any way: your videos are astonishingly good. Even though they tend to be above the level I can process, they are very clear and have a good rhythm.
It's like a better version of me (more knowledgeable) prepared the content I was looking for: sometimes it's almost shocking, I even laugh at the jokes!
Anyway, congratulations!
Thank you! Ten minutes of this video and I have my first rule active and working (src - dst:port range) - managed to achieve this early morning hours while drinking first mugs of coffee for the day.
why did it take this long to make this video? omg, this should have been one of if not THE FIRST video tutorial...This really helped me understand sooooo much, I'm kinda sour about it. Thank you 🙏🏽
Good things come to those who wait. =)
-Alex
the reset to default and being able to see a git diff of changes is great
Thank you for this video on ACL's cause chatty jeeps was not helping much !! It kept tring to make it more complex then it need to be.
This is gold. Thank you for sharing this!
Would love to see the gitops vid! Nice video about acls, ty Alex
Such a good explanation.
Great video, I learned a lot. I would respectfully request a video on limiting clients or subnets behind routers (pfsense), with other subnets behind other routers. Very vexing as I don’t see syntax for networks/subnets. Again thank you for the excellent video!
Hi Alex, Tailscale ACL is so good to use. However, I have some advice. Like Tailscale SSH, I believe Tailscale can implement a file server inside it, and then Tailscale ACL can control which one can access which storage resources. In the practical scenario especially in a team, SMB is very essential.
Thank you for explanations
It would be great to to see the GitOps follow-up you teased.
Please make a video about gitups.
A particularly good video, this. (I was wondering why the hostnames wouldn't work in the ACL - that makes perfect sense, but I'm pleased to discover the 'hosts' clause!)
Now you can disrupt the status quo
Great Video, Alex!
Do the ACLs support IPv6 Addresses?
Is the hosts list in the ACLs used to assign IP-addresses to clients?
Thanks for making this video.
Loved this video!
much needed video.
Formal petition for “unimatrix -s 92” to be running on the monitor behind Alex! Great video as always cheers m8
Blue pill or red pill?
@@Tailscale As long as the world I wake up in still has Tailscale as a VPN solution, I suppose either would be fine!
Me to my friend: "Hey you should really use Tailscale!"
My friend: "Wait, you mean it just runs in the background and everything just works?"
Me: "He's beginning to believe...."
Can you please make video regarding GitOps approach?
We are using GiOps with flux
Would love to see a gitops video that ties everything together.
Nicely explained. I am a no expert in this syntax. I wish Tailscale uses GUI to set ACLs as we see in netbird and the commercial option twingate.
Can you make a video on how to connect 2 proxmox clusters over the tailscale, please?
Useful video but would have liked to seen an example around having a remote cloud machine not having access to rest of tailnet but been accessible to manage. So cloud device been untrusted if someone else had access they cold not access the rest of tailnet.
This is exactly what I need to do. This video helped a LOT however I'm not sure how to do this due to the lack of a deny rule.
I want to have free reign in my home lab but protect myself from an exit node on the public internet being compromised. I would need to disable the allow * rule and tag every device in order to create explicit allow rules. This would become tedious quickly especially when using containerised applications.
Allow * to * but block tag:internet to * would be my solution but I understand from your video that the least permissive architecture makes this impossible.
This is not a typical enterprise use case where I could more effectively use multiple users and groups. Perhaps I'm underthinking it. An example would be nice.
I have a user who I want to access a machine on my Tailnet but only for using it as an exit node, is there a way I can do that?
Hi Alex and Tailscale team, is there any plans on giving a tutorial for creating custom DERP server? I love your ts tutorials theyre easy to understand. It would be great if you guys cover the custom DErp server as well since it’s very hard and theres little documentation about it
Could you give me some information on what you would like to create a custom DERP server for? Thanks !
long waited..
Do the Tailscale IP addresses ever change?
I'd like to see vid on GitOps Alex 😇
Give a tailscale for root Android too so we no need to use it through VPN client. It's works seamless by that way we can use our own VPN client app's.
I hope you understand thanks for the great services .
Just make a user friendly version already, ACLs are such so dev focused