zlacker

[parent] [thread] 3 comments
1. miki12+(OP)[view] [source] 2026-01-12 09:10:37
Now I wish there was some kind of global, single-network version of Tailscale...

TS is cool if you have a well-defined security boundary. This is you / your company / your family, they should have access. That is the rest of the world, they should not.

My use case is different. I do occasionally want to share access to otherwise personal machines around. Tailscale machine sharing sort of does what I want, but it's really inconvenient to use. I wish there was something like a Google Docs flow, where any Tailscale user could attempt to dial into my machine, but they were only allowed to do so after my approval.

replies(3): >>fartfe+C >>PLG88+U1 >>joseco+Nii
2. fartfe+C[view] [source] 2026-01-12 09:16:11
>>miki12+(OP)
Take a look at Zrok it might be what you want: https://zrok.io
3. PLG88+U1[view] [source] 2026-01-12 09:27:37
>>miki12+(OP)
You have more or less described OpenZiti. Just mint a new identity/JWT for the user, create a service, and viola, only that user has access to your machine. Fully open source and self-hostable.
4. joseco+Nii[view] [source] 2026-01-17 08:35:05
>>miki12+(OP)
Tailscale Funnel, no?

For the permissions, just add basic auth in the reverse proxy and choose whom to share the passwd with.

Now if you want OAuth or something like that... well tough luck, you need to set up OIDC or whatever and that's going to be taking you some time, but it still works how you want.

[go to top]