Open source server #498
Comments
|
Thanks for filing. When we did our initial open source release earlier, the server was in no way releasable (full of hard-coded strings, URLs, customer policies, etc). It's getting better, but we're still planning a major protocol change before we'd want to release anything ourselves. We'd also have to decide which parts to release & how to refactor the code to make it more modular. It's a lot of work (and ongoing support) and we have tons of other priorities at the moment. But on Twitter the other day, an open source server ("Headscale") was announced: https://twitter.com/juanfont/status/1274652518128201728 ... maybe that'd work for you? As for a key that proves the server hasn't been compromised, yeah... we'd been discussing such a thing. Can you file a separate bug about that? (It's hard to have a single bug tracking separate things) |
|
@bradfitz that's amazing to hear. I understand the separation of priorities. But you do make a fair point with regards to headscale: Having a community edition would be wholesome. This way you only have to worry about tidying up your client-server interface and the OS free labor market will take care of the rest. #499 for the security related topic. |
apenwarr
added
L2 Few
|
One Year later. Any update on this? :-) would be awesome if you opensource it |
|
Would subscribe to personal pro if it was open source, FWIW |
|
Personally, I'd pay for this to be self-hostable, even if not OSS. |
Not a fan of this, what about selling binaries? Would be the best of both worlds, open to contribute but still a commercial product |
|
From https://tailscale.com/opensource Why does tailscale promote and support an open source alternative to their closed source coordination server, rather than releasing the code to their own server? It seems like an helpful but hypocritical position. Essentially, tailscale is encouraging the community to duplicate their work, rather than just giving out the "official" version, which is very similar. Could someone help me understand the point or reasoning of this approach? It's also worth noting, although I'm sure I'm in the minority here: not all tailscale users are capable of self-hosting headscale. I can't as I can't use port-forwarding, and the coordination server would need to be publicly accessible to work. That's why I use tailscale in the first place. It means though, that even if I wanted to, I wouldn't be able to take advantage of headscale's open source implementation of the tailscale coordination server. |
(Just a few comments up) |
That is not something an open source server can help with. One cannot use Tailscale to operate Tailscale. The coordination server needs to be publicly reachable. At this point, I'm going to close this issue as completed. We expect to continue to support the Headscale community, as described in https://tailscale.com/blog/opensource/ |
That's what I meant. I meant that, if the tailscale server was open source, then I would be able to use an open source server. As it isn't and I cannot self-host headscale, I'm unable to. In either case I would unable to host the open source server myself.
There's nothing wrong with that. But I hope that at some point in the future there will no longer be a need for two concurrent projects. Until then, I also support headscale. |
|
Many projects out there try to «reverse engineer» good software into open source. Unfortunately «closed source» is a strategic business decision, which bases on the fear of not being able to compete in an open source business model. But do you know Red Hat, SuSE, Canonical, etc..? (rhetorical question) |
|
https://tailscale.com/blog/opensource/ explains Tailscale's open source philosophy, including active support of Headscale. |
|
@sspreitzer, I've been involved with & speaking in the open source community for 25 years, just like you. Many of us at Tailscale are similar. We're huge fans and advocates of open source. We really don't need to be taught about open source or the free software movement or the pros and cons of different license types or business models. Especially with rhetorical snark. Everything we've written & linked above is still accurate. It doesn't make sense for us to open source our control plane when Headscale exists. We'd rather support Headscale at this point. It's an easier product for people to use & install than our huge multi-tenant control plane with a ton of moving parts. |
I think Tailscale is a beautiful project, it would be even more perfect if the server was open-source.
Are there ever going to be any plans for this?
If this is not planned, I'd like to propose a zero-trust extension, to mitigate the risk of the tailscale platform being compromised.
The simplest version would be
tailscale up <private signing key>. All servers publish their status (interface, public keys...) periodically, signed by this key. This way a compromised tailscale admin cannot forge anything.The text was updated successfully, but these errors were encountered: