A tailscale interface manager. This daemon listens for a Tailscale interface to come up (not the link itself, but for an address in 100.64.0.0/10) and will add other IP addresses as well as execute arbitrary commands.
It's a bit of a bastardisation of how Tailscale would like people to use the product, in my opinion, but it has its usecases. I use it to add an extra address to the tailscale0 interface, so that I can use that address when it is used as a subnet router. I also use it to control the tailscale0 interface with iptables. My example configuration is below.
Iface: tailscale0
Addrs:
- 172.24.24.1/32
ExecUp:
- iptables -D ts-input -i tailscale0 -j ACCEPT
- iptables -N ts-fw
- iptables -A ts-input -i tailscale0 -j ts-fw
- iptables -t nat -A POSTROUTING -s 100.64.0.0/10 -o eth0 -j MASQUERADE
ExecDown:
- iptables -D ts-input -i tailscale0 -j ts-fw
- iptables -t nat -D postrouting -s 100.64.0.0/10 -o eth0 -j MASQUERADEThis configuration adds the address 172.24.24.1/32 to the interface tailscale0 whenever it is connected to Tailscale. I can then use this, for example, with the --advertise-routes option. The last command allows this node to be an exit node on the external interface eth0.
The iptables commands in ExecUp remove the default accept all rule added by Tailscale every time the interface comes up and replaces it with a new table, called ts-fw. This can then be configured. E.g.,
-I ts-fw -i tailscale0 -p tcp --dport 22 -j ACCEPT
-A ts-fw -i tailscale0 -j DROPThis will allow me to connect to SSH via Tailscale and drop all other connections. I use this to allow SSH only from Tailscale.