
Tailscale now allows blocking incoming connections - archon810
https://tailscale.com/kb/1072/incoming-connections
======
archon810
The primary reason why I haven't started using Tailscale yet is there was no
easy way to enable one-way connectivity on some machines without paying for
ACLs ($20/mo minimum).

For example, I want my primary PC to be able to access all remote Tailscale
servers, but I don't want any of them to be able to access my PC. It's now
possible. From their newsletter I just got:

 _Tailscale v0.99 & Shields Up About a week ago we released Tailscale v0.99
(full release notes). v0.99 includes more bug fixes and a new feature we’ve
been calling “shields up.”

Tailscale can be used many ways, but it’s commonly used to connect to web
servers, Raspberry Pis, build servers, or other headless “utility” devices.

You want to connect to these devices, but just because they're on your network
doesn't mean you don't want to let these devices connect to you.

This new feature lets any device put its “shields up” and reject all incoming
connections over Tailscale. Outgoing connections will still work fine, so your
personal computer can continue to SSH to your servers who don't have their
shields up, but all incoming connections will be blocked.

You can enable this feature from Tailscale's menu bar icon, or by using
--shields-up flag on Linux.

Read more about “shields up” here

(Network admins can enforce network-wide connection restriction, including
blocking specific ports or allowing particular user groups with our ACL
features)_

[https://github.com/tailscale/tailscale/releases/tag/v0.99.0](https://github.com/tailscale/tailscale/releases/tag/v0.99.0)

[https://tailscale.com/kb/1072/incoming-
connections](https://tailscale.com/kb/1072/incoming-connections)

[https://tailscale.com/kb/1018/acls](https://tailscale.com/kb/1018/acls)

~~~
opqpo
What's wrong with using vanilla WireGuard? I tried this Tailscale recently and
it was a huge mess. It destroyed WireGuard's throughput compared to the kernel
implementation and the CPU usage was like I am running a game along with the
excessive logging in systemd. One of the worst software I've ever installed on
linux.

