Tailscale serve and sharing devices

Comments

• dan@upvote.au ⁨1⁩ ⁨day⁩ ago

  You can share the node with them, and use an ACL to control which ports they have access to.

  source
• rtxn@lemmy.world ⁨1⁩ ⁨day⁩ ago

  If the other person has a Tailscale account, it sounds like the most expedient method is to simply invite them to the tailnet as a non-admin user with strict access control.

  You could share a node with an outside user, but I don’t know how much the quarantine would affect its functionality. You could also use Funnel to expose the node to the internet, but there are obvious serious security considerations with that approach.

  source

  • Whooping_Seal@sh.itjust.works ⁨23⁩ ⁨hours⁩ ago

    That is what it seems like based on what I have read :/

    I guess the best option in my case then is likely to add them as a non-admin user to my tailnet. The only concern I have is with the potential of one user deactivating the VPN connection unkowingly, which is probably where Funnel comes in as a better option, but I would prefer to avoid serving stuff on the web when possible. (It is specifically a FreshRSS instance for now)

    source
• DougPiranha42@lemmy.world ⁨1⁩ ⁨day⁩ ago

  I don’t know the answer, just commenting because I’m curious. Can you just create a second tailnet and add your server but not your own devices to it?

  source

  • rtxn@lemmy.world ⁨23⁩ ⁨hours⁩ ago

    It’s problematic, but possible: jamesguthrie.ch/…/multi-tailnet-unlocking-access-…

    source
  • Whooping_Seal@sh.itjust.works ⁨23⁩ ⁨hours⁩ ago

    Yes, there is two ways you can go about this. The way that you are thinking of (and the way that I would ideally like to go about this) is as listed on this help article. This is perfect for sharing a home server to some friends, and letting them access a given service without seeing any of your personal devices.

    The other option is to have just one tailnet, but having multiple users as detailed here. Notably this can be a security regression (if you don’t limit access on a per-user basis with ACLs), but is ideal for sharing access to your entire network with your spouse / older children perhaps.

    For example, I have a friend who has shared a minecraft server with me and that is an ideal example of sharing one node to a seperate tailnet. I am an admin of the server, and can manage the docker container for it + the backup sidecar and the SMB share, but that is where my access to his network structure ends.

    This contrasts the situation with my partner for example, where we share a tailnet (with seperate user logins) to make things like gamestreaming just that much easier to setup. Hypothetically I can use ACLs to limit access to stuff like the Cockpit web-management portal, or block the SSH port, but I don’t feel like I need to in my specific case.

    source

    • DougPiranha42@lemmy.world ⁨17⁩ ⁨hours⁩ ago

      Cool, thanks! What do you use for RSS?

      source

      • -> View More Comments
  • irmadlad@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Yes, you can create a second Tailnet in Tailscale and add your server without including your personal devices. You’ll have to create a separate account with a separate email address. Then you can join this second Tailnet with your server while leaving your other devices out. The separation allows you to manage connectivity and network policies independently.

    source
• Decronym@lemmy.decronym.xyz ⁨23⁩ ⁨hours⁩ ago

  Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:

  Fewer Letters	More Letters
  SMB	Server Message Block protocol for file and printer sharing; Windows-native
  SSH	Secure Shell for remote terminal access
  VPN	Virtual Private Network

  ---

  [Thread #169 for this comm, first seen 16th Mar 2026, 00:10] [FAQ] [Full list] [Contact] [Source code]

  source