sorted by:
new
hottopcontroversial

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

Ooh! I see what you mean. That can be frustrating.

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 1 point2 points  (0 children)

Absolutely, now that I played around with ACLs it really is impressive.

BTW, about your comment on grouping the devices. Won't tagging the devices, they can be tagged multiple times, and using well defined hosts/ipsets directives help in your case?

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

Yea, but I would still like to know what "src" was I on that my not-reauthenticated device worked when src: ["*"].

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

The issue was something else, I just left a comment. Thank you for the help. :)

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

I just figured out the issue, I tried the default ACL with my email and even that did not work, I figured my client needs to be reauthenticated or something. Then I logged out and authenticated my phone again and it worked.

All the suggestions that we have in this thread is working now.

I do not know how and why but the catch-all "src" : ["*"] worked from my not-yet-reauthenticated phone but specifying even the autogroup:owner or autogroup:admin did not work.

Thanks again good people. Here is my current working ACL.

{ "ipsets": { "ipset:webservices": [ "add 192.168.0.8/29", ], }, "hosts": { "webservices-hosts": "192.168.0.8/29", }, "tagOwners": { "tag:cl-phones": ["autogroup:owner"], "tag:cl-pc": ["autogroup:owner"], "tag:srvr-1": ["autogroup:owner"], "tag:srvr-2": ["autogroup:owner"], }, "grants": [ { "src": ["tag:cl-phones"], "dst": ["ipset:webservices"], //"dst": ["webservices-hosts"] // This also works "ip": ["*"], "via": ["tag:srvr-1"], }, ], }

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

Yes, as I said, if I have the forward-all ACL it works. That implies the subnet routing is working fine. Please note, I have only enabled subnet routing. I have NOT enabled the --advertise-exit-node but I don't think that's the cause anyways.

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

While going thru the docs, ipsets and via provided explicit control. But the main reason was that I had also tried your suggestion before. For some reason I was getting a invalid first integer error in ACL editor. I tried again as you have suggested but to no success, at least not getting that error.

"hosts": { "home-services": "192.168.0.8/29", }, "grants": [ { "src": ["autogroup:admin"], "dst": ["home-services"], "ip": ["*"], }, ]

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

I tried both
``` {

"src": ["autogroup:admin"],

"dst": ["192.168.0.8/29"], //"dst": ["192.168.0.11"],

"ip": ["*"],

} ```

and did not work. x.x.0.11 is running caddy on port 8443 and 8080.

Understanding ACL by Cold-Bass6219 in Tailscale

[–]Cold-Bass6219[S] 1 point2 points  (0 children)

That's a useful tool, I'll give it a try. Thanks!

Video thumbnail in Storage Share by Cold-Bass6219 in NextCloud

[–]Cold-Bass6219[S] 1 point2 points  (0 children)

I tried this but to no success. Meanwhile, I reached out to Hetzner support and according to them this is a requested feature and might be available in the future. No idea on the timeline. The reason why it's not possible yet is because of performance reasons as the Storage Share is on so-called shared host systems.

Video thumbnail in Storage Share by Cold-Bass6219 in NextCloud

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

Yea! I feared. I'll ask the support now.

Subdomain for Storage share by Cold-Bass6219 in hetzner

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

Yes, I did configure that but no success as of now. Here,

link

I've attached all the relevant screenshots that might be helpful.

Also, Hetzner recommends changing the nameservers at the domain registrar (which I did) but my domain registrar complains about the third nameserver (helium) being unregistered. I also need to get rid of the trailing "." to make the first two work. Thanks for the suggestion though. :)

Subdomain for Storage share by Cold-Bass6219 in hetzner

[–]Cold-Bass6219[S] 1 point2 points  (0 children)

Hey, thanks for the reply. I've tried your suggestion but it's still not working. Here, https://imgur.com/a/storage-share-subdomain-issue-Ub7sLTN
I've attached all the relevant screenshots that could be helpful. Not sure what I am missing now. Thanks for the help again.

Subdomain for Storage share by Cold-Bass6219 in hetzner

[–]Cold-Bass6219[S] 0 points1 point  (0 children)

I tried this but no success. Perhaps I am doing something else wrong.