Tailscale is a VPN... The context of the conversation is that the address becomes publicly visible...

godelski • last Monday at 10:40 PM • 1 reply • view on HN

Tailscale is a VPN...

The context of the conversation is that the address becomes publicly visible so you get hit with port scanners and script kiddies looking for vulns. Moving off standard ports does help but many of those are also going to look at ports like 2222 or 8022 and treat them as ssh.

It's not hard to just send something like `nmap -sV -p- <ADDRESS>` (or better, use like rustscan.) and you'll discover those ports and the services.

On the other hand, just install something like knocked and you don't have to do much. Knocking is not a difficult thing to set up.

Replies

yjftsjthsd-h • yesterday at 12:27 PM

> Tailscale is a VPN...

And if you use it as a VPN and don't turn on the funnel feature, your service won't be exposed.

> On the other hand, just install something like knocked and you don't have to do much. Knocking is not a difficult thing to set up.

Neither is wireguard.

➕ show 1 reply

alt Hacker News

Replies