Request for Configuration of --verify-clients Parameter in Built-in DERP #1836
Comments
|
I am considering migrating from Tailscale to Headscale, but I hesitated when I suddenly notice this issue because I cannot tolerate others freeloading on my server without my permission. |
|
Also interested in this future as using my own DERP server... |
|
When researching tailscale I noticed this fairly subtle codepath being used for it, it requires an active embedded tailscale client to be sending peer updates to the derp server, apparantly. |
|
This issue is stale because it has been open for 90 days with no activity. |
|
I would like to inquire if there is any new progress on this issue? This version hasn't been updated for more than a year. Will this problem be improved in the upcoming release? |
|
There are pull requests open, but we dont have the capacity to review and take in the amount of code for this release. I will try to review if to for the next cycle, but not sure if it will be included. |
|
This issue is stale because it has been open for 90 days with no activity. |
|
Since |
|
I think what you are waiting for is #2260, I need to circle back and check why that staled. |
and others
I am currently using the built-in DERP in Headscale and I noticed that the --verify-clients parameter is not configurable. This situation implies that the DERP I am using could be publicly accessible, which raises security concerns.
I am writing to inquire if there is a possibility to restrict the use of the built-in DERP to my clients only. This feature will greatly enhance the security of my connections and ensure that only authorized clients can use the DERP.
Looking forward to your response and potential solutions to this issue.
The text was updated successfully, but these errors were encountered: