Using Tailscale to Share a Single Computer

| Comments

Last month, one of my friends asked me if I’d help him test an upcoming Tailscale VPN feature. I’m always willing to help out a friend, so I said yes, and he talked to the folks at Tailscale into giving out accounts access to their beta channel.

Before long I received an email from Tailscale letting me know that I now had access to the new machine-sharing feature. They were sure to let me know that the user interface is still rough around the edges, and this isn’t truly ready for consumption by the general public.

Sharing a machine with Tailscale

I feel like he was exaggerating a bit. The interface is fine, and machine sharing works exactly as expected. You just click the drop-down menu next to one of your machines, hit the sharing button, and you will be given a link that you can share with another Tailscale user.

They click the link, log in to Tailscale, and the machine you shared will show up on their Tailscale network. It couldn’t be simpler.

Can you restrict access to a specific port?

This seems like the part that needs polishing up.

Tailscale has access controls. I haven’t looked into exactly how these ACLs work, but the default rules show that you can restrict access based on a Tailscale user. It should be possible to restrict third parties access to your machines. I know I’d feel better if I were only opening up my SSH or HTTPS port instead of my entire machine.

It would be nice if this was built into the sharing interface. Tailscale could ask which ports you want to open, and it could build the access controls for you.

Tailscale Access Control

The problem is that access controls are meant to be a paid feature. Basic access controls are part of the $10 per month plan, and identity-based access controls are in the $20 per month plan. I believe that you can access all features using a free account today, but this will be changing in the future.

I’m not sure how they plan to implement this. It would be nice if a free user didn’t have to open up entire machines to their colleagues using Tailscale.

I’m also aware that this can already be accomplished with firewall rules on my end outside of the Tailscale service, but it would be friendlier if I could keep myself safe without leaving the Tailscale interface.

Why on Earth would I want to share a machine?!

I have a use case in mind. I have a virtual machine here at home. It has Jekyll installed, and it has all the right Ruby modules installed to render butterwhat.com and creativitycast.com.

The machine runs local previews of each blog. It also regularly pulls down changes from Gitlab, and if there are changes, it publishes those changes to real sites.

If someone else is writing for one of my sites, it would be nice to be able to share this machine with less technical users. I don’t want to help you get Jekyll up and running with the right modules so you can render the site. I can have a fresh instance up and running for you on my server in less than a minute. Why not just share that machine with you?

Why would I want to keep this on a private network?

I mentioned this use case to my friend that got us into the Tailscale beta. He wanted to know why I wouldn’t just set this up on Github and Netlify. It would be simple, and everything would just work. None of our blog posts are secrets. Who cares if someone manages to find them?

The trouble is that Google cares a lot about this sort of thing. If Google somehow manages to find one of the extra copies of my blogs out there, those copies will be indexed. Once they’re indexed, Google will be unhappy that there’s duplicate content. Google may direct some of my traffic to the oddball extra sites.

This would be a disaster for me. Especially if I didn’t see it right away. My search rankings would tank.

If I keep extra copies of my blogs safely behind Tailscale, Google won’t accidentally find them!

Would I pay for machine sharing? Should my users also have to pay?

I haven’t actually asked anyone at Tailscale which pricing tier they’re planning on including machine sharing in. I’m not exactly sure how much I’d be willing to pay for this feature, but that’s mostly because I don’t actually need to use it at the moment.

I hope machine sharing is included in the free tier, even if it is limited in some way. More importantly, though, I hope receiving machine-sharing links will always be free. I don’t want to manage anyone else’s network, but I most certainly would like to be able to invite others to work with things inside my organization.

I’m not sure I’d enjoy paying $120 per year to share a machine with one collaborator. By the third or fourth accomplice, it starts to seem like a more reasonable price.

What would you use machine sharing for?

I think it is quite awesome. I could safely share my NAS with friends who might want access to my collection of videos or music. I could share my PC so we could do some multiplayer gaming without punching holes in our firewalls. We could share our unused machines to speed up compile jobs with something like distcc.

These are just some of the things I’ve thought of. Tailscale is starting to change the way I think about my network’s topology, and machine sharing is going to add all sorts of new options.

What do you think? Are you using Tailscale heavily? Have you been able to try machine sharing? Do you have an interesting use for machine sharing that hasn’t occurred to me? Tell me about it in the comments, or stop by the Butter, What?! Discord server to chat with me about it!

Comments