You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
So now currently:
Mifra's (admin's) machines are able to see all the network's machines.
BUT
Any user's machines are able to see Mifra's machines as well (aka discover via UI or tailscale status, providing information like IP and if they're up or not) although it seems that they're not able to ping nor ssh, etc.
Expected Behavior
I expect that the only rule in the ACL is considered.
That is, only the admin group members can see and access other machines and not viceversa.
Steps To Reproduce
Create 3 users at least and assign an ACL in the same matter as shown above.
Environment
- OS: Ubuntu 24.4
- Headscale version: 0.22.3
- Tailscale version: indifferent, but 1.64 for example
Runtime environment
Headscale is behind a (reverse) proxy
Headscale runs in a container
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Hi, this is intended behaviour, if one of two machines can reach each other, they will be visible in each others map (and therefore UI/status). Only nodes that cannot connect to each other at all will be fully removed from the list.
Access should be correctly limited, but they wont be removed from the list, from what I understand, they can see, but not access.
Is this a support request?
Is there an existing issue for this?
Current Behavior
I have this users as an example:
![image](https://private-user-images.githubusercontent.com/31111883/334515307-06f1e8a9-8b14-41fa-aec3-c9a19f49b667.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjEyMDg0NDAsIm5iZiI6MTcyMTIwODE0MCwicGF0aCI6Ii8zMTExMTg4My8zMzQ1MTUzMDctMDZmMWU4YTktOGIxNC00MWZhLWFlYzMtYzlhMTlmNDliNjY3LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTclMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE3VDA5MjIyMFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTUzNDk1NjhmNmQ5NmMyNDE1MDkxOWU1M2YxNmJiZTA0NzM1YTY0NjcyZjk3N2E2MzBhZmVkYTdjNDcwOGQzOTkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.t_IwewsUIU97WgBPbAd6btefIxdmQl-fRHuBBbFTzWU)
As well as this ACL:
![image](https://private-user-images.githubusercontent.com/31111883/334515481-1bc528cf-dd7f-4710-8118-d291d88cfd58.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjEyMDg0NDAsIm5iZiI6MTcyMTIwODE0MCwicGF0aCI6Ii8zMTExMTg4My8zMzQ1MTU0ODEtMWJjNTI4Y2YtZGQ3Zi00NzEwLTgxMTgtZDI5MWQ4OGNmZDU4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MTclMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzE3VDA5MjIyMFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTAxYmY3MjZiNTFjMzc1ZDQ0YjIyZjA0NzYyZTE1ZjAzNzExMzQzODgxZjc1YmE0NzQ0NTRiZDQ2OGRlZWNlZDYmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.gO2yEQm-r6HN6YILOmkDlqLOJklZHGCCLzajP4VLHq4)
So now currently:
Mifra's (admin's) machines are able to see all the network's machines.
BUT
Any user's machines are able to see Mifra's machines as well (aka discover via UI or tailscale status, providing information like IP and if they're up or not) although it seems that they're not able to ping nor ssh, etc.
Expected Behavior
I expect that the only rule in the ACL is considered.
That is, only the admin group members can see and access other machines and not viceversa.
Steps To Reproduce
Create 3 users at least and assign an ACL in the same matter as shown above.
Environment
Runtime environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: