Tailscale

A Mesh VPN system I dearly wish had existed a few years prior.

Currently using the official control server with an MSOL account. Single tenant, not very pleased about it, but they won't give me a single-user enterprise account.

Honestly one of the best things about Tailscale. In use on all machines that support it.

• ICMP is allowed from anywhere to anywhere
• DNS lookups are allowed from anywhere to udp/53 on any machine tagged `nameserver`
• Any traffic is allowed from machines tagged `permit-tx` to machines tagged `permit-rx`
• SSH is allowed from machines tagged `permit-tx` or `permit-tx-ssh` to machines tagged `permit-rx` on tcp/22
• HTTP is allowed from machines tagged `permit-tx` or `permit-tx-web` to machines tagged `permit-rx` on tcp+udp/80 and tcp+udp/443
• Traffic is allowed from machines tagged `logsender` to machines tagged `logserver` on tcp+udp/514, tcp+udp/1514 and tcp+udp/12201

• Add ACLs for FTP, SMB and maybe others
• Figure out how to integrate it with docker
• Get DNS working properly (maybe write a script/daemon that updates a DO zone with IPs for each machine/endpoint?)
• VoIP!