|
|
|
|
|
|
by soSadm4n
1461 days ago
|
|
|
One of my clients, an industrial/commercial property realtor (to contextualize the environment; we’re not talking military secrets here), uses it. Day to day I interact with it like any other VPN client except I auth via the Google workspace account they gave me. It’s Tailscale, or hosted OpenVPN and cross your fingers they’re not snooping, or DIY Wireguard or OpenVPN and all the usual ups and downs of DIY. Software based infra is out of the unknown unknowns era these days and years of rising usability expectations means Oracle level nightmares to deal with do not gain enough momentum to survive anymore. Tailscale is plenty easy to deal with. The only consideration is do you believe your traffic is really secure? Otherwise “it just works” like anything else these days. That said, my project for them is deprecating the infra accessed via Tailscale (24/7 EC2 running web dashboards). The already Dockerized dashboards will run locally now and use an API to retrieve the data. Real people directly in your infra is probably best avoided. |
|
|
But I've yet to see a company where no one ever needs to ssh into a server. Using these ACLs to give a contractor access (and even visibility) to only the servers they're supposed to see is probably a big advantage over OpenVPN, where a contractor automatically becomes part of the inner network and can theoretically see all machines?