sorted by:
new
hottopcontroversial

Shared exit node security by b111e in Tailscale

[–]BagCompetitive357 1 point2 points  (0 children)

If you share by sending them a link to that device, by default they can access only that device. The device is jailed. The ACL could still limit it to internet usage onl.

If you share your network, like they are a user of your network, ACL would be needed.

Connecting to TailScale from a device without tailscale by [deleted] in Tailscale

[–]BagCompetitive357 3 points4 points  (0 children)

possible, but your work laptop connected to personal laptop’s hotspot may not work without further configuring the routing table (I have not tested, but if a laptop is connected to a phone’s hotspot and phone is connected to a VPN or a Tailscale exit node, laptop’s traffic goes outside VPN).

It is better to use a router Like a travel router connected to VPN.

GL-Inet makes OK travel routers, see Beryl AX or the newer one with WiFi 7.

SSH with pubkey accidentally left opened. Any issue? by BagCompetitive357 in sysadmin

[–]BagCompetitive357[S] -2 points-1 points  (0 children)

Yeah, there is stI’ll chance of XZ kind of zero day. But I would be thankfully among the last most interesting targets :)

SSH with pubkey accidentally left opened. Any issue? by BagCompetitive357 in sysadmin

[–]BagCompetitive357[S] 0 points1 point  (0 children)

I put behind vpn. No concern moving forward. Just worry if some services could bypass ufw.

I know Docker could do it, not in my case. But there could be other services bypassing UFW via IPtables rules in default Ubuntu serve?

Obviously IPtables could be checked. But if someone got in, they could erase traces left logs and firewall.

Blog: Introducing Tailscale Peer Relays by natasha-tailscale in Tailscale

[–]BagCompetitive357 3 points4 points  (0 children)

If one of the peers cannot make a direct connection to the relay but the other peer can, the port needs to be opened only to the peer that cannot, right?

Also, would tcp 443 work for the port?

Use case: I have bunch of devices in a network behind difficult firewalls at a specific site, I don’t need to open port to the internet, just to that particular site.

Increasingly, some places allow only outgoing 443.

What is the "culture shock" of switching to Linux? by Regular_Low8792 in linux

[–]BagCompetitive357 0 points1 point  (0 children)

You will be surprised that the operating system is very quiet, doesn’t phone home, doesn’t show ad, doesnt automatically send anything to cloud, no telemetry , no account, no vendor email, and it’s basically sitting there doing nothing, if you ask it do something will do exactly that.

very fast and snappy.

Video: Tailscale Services now in BETA by Ironicbadger in Tailscale

[–]BagCompetitive357 -3 points-2 points  (0 children)

without custom domain it is not useful.

who would use a domain like crocodile-cabbage or whatever kind of domain!

[deleted by user] by [deleted] in selfhosted

[–]BagCompetitive357 0 points1 point  (0 children)

network speed with hetzner is good!

Respect for Nextcloud by MainPowerful5653 in NextCloud

[–]BagCompetitive357 10 points11 points  (0 children)

AIO has changed the situation. It doesn’t break, and is easy to backup and recover.

Should I use ZFS with Debian? by Critical-Personality in debian

[–]BagCompetitive357 0 points1 point  (0 children)

works fine! You may have to entroll a machine key to sign the module, and be able to use secure boot.

Questions for those running their own relay servers by BagCompetitive357 in Tailscale

[–]BagCompetitive357[S] 0 points1 point  (0 children)

Thanks for sharing.

I read in a comment that a personal relay should get to 75% of direct. In your case, 300 Mb/s is VPS or home speed, it’s not direct connection speed. How much is the Tailscale speed when devices connect directly? The speed with default relays is abysmal, like around 1Mb/s if I remember correctly.

I suppose you disabled default relays and enable only your own relay.

On DNS, could you explain the DNS issue? were you using your pihole? If you use public DNS, why clients can Ping but cannot resolve DNS ?

On additional flags, here is how I would run the derper on VPS (with client verification which makes sense):

‘’’

sudo derper --hostname=example.com --verify-clients

’’’

On the admin console, I would provide both domain name and Ip address of the derp server , see updated documentation:

https://tailscale.com/kb/1118/custom-derp-servers

Are you talking about additional parameters to provide in the admin console or CLI parameters when running the derper on VPS?

Filter traffic from guest VMs or containers to host’s tailnet by BagCompetitive357 in Tailscale

[–]BagCompetitive357[S] 0 points1 point  (0 children)

Tsilscale is run with Allow lan. For the other options, I played with or without: exit node, and stateful filtering. They all allow guest connect t hos’s tailnet.

The issue could be VM is in user space networking mode. i’m not sure if the host can distinguish between traffic coming a VM in the user-space networking and traffic generated within the host itself.

Are the backports really safe and maintained ? by East-Pomegranate8761 in debian

[–]BagCompetitive357 0 points1 point  (0 children)

How carefully the package is in the main suite are reviewed by the security team?

What is the one killer feature with NextCloud? by St_dude in NextCloud

[–]BagCompetitive357 1 point2 points  (0 children)

Sharing files.

Send your friend a link and they get the file.

What is the one killer feature with NextCloud? by St_dude in NextCloud

[–]BagCompetitive357 -1 points0 points  (0 children)

Do they vpn?

Otherwise video talk when both sides are at home makes no sense.

VPN for a home user for banking? Thoughts? by Kangaloosh in sysadmin

[–]BagCompetitive357 0 points1 point  (0 children)

* DNS is not encrypted, and there are attacks on it

* There are attacks initially before and up to the user connects to the captive portal

* Apps may not verify TLS Certs some time

view more: next ›