headscale
headscale copied to clipboard

Published 20 hours ago •

Reame
Issues

Security audit?

Open marcelmindemann opened this issue 2 years ago • 11 comments

Hi, as an avid but paranoid self-hoster, I am considering hosting headscale on a cheap VPS in order to establish VPN connections between my devices. The distrust of the closed-source Tailscale coordination server has driven me in this direction. However, I realize that self-hosting headscale makes this thing a single point of failure for my network infrastructure. An authentication bypass vulnerability in headscale could allow an attacker to infiltrate my network easily.

As headscale grows in popularity, and even got endorsed by Tailscale multiple times, I wonder if a security audit would be a worthwhile undertaking? It would certainly provide a lot more trust when opening up my headscale process to the public internet. Alas, it's the only thing I cannot hide behind a VPN, for obvious chicken-and-egg reasons :)

Dec 19 '22 11:12 marcelmindemann

Hi,

Yes, I agree with you, but in the meantime, you could filter some ports to access only by specific IP: office & datacenters.

headscale_ports

node_key is another history...

Dec 23 '22 14:12 jgonzm

This issue is stale because it has been open for 180 days with no activity.

Sep 27 '23 01:09 github-actions[bot]

This shouldn't get stale botted.

Oct 01 '23 00:10 svenstaro

This issue is stale because it has been open for 90 days with no activity.

Dec 31 '23 01:12 github-actions[bot]

maybe you can use the taillock to lock you devices

Jan 15 '24 06:01 fortitudepub

This issue is stale because it has been open for 90 days with no activity.

Apr 15 '24 02:04 github-actions[bot]

Anti-Stale comment

Apr 15 '24 08:04 marek22k

This issue is stale because it has been open for 90 days with no activity.

Jul 15 '24 01:07 github-actions[bot]

Bump

Jul 15 '24 08:07 marek22k

Not stale.

(Honestly, the stale bot is annoying.)

Jul 15 '24 09:07 GalaxySnail

Stale bots are always annoying!

Jul 15 '24 09:07 marek22k