"target":ip
mcfrojd opened this issue · 6 comments
I can not find any information on the "target" IP?
Is the ip in the example file an ip that work for everyone, or do you have to match it to your specific setup?
"nodeAttrs": [
{
// Funnel policy, which lets tailnet members control Funnel
// for their own devices.
// Learn more at https://tailscale.com/kb/1223/tailscale-funnel/
"target": ["autogroup:member"],
"attr": ["funnel"],
},
{"target": ["100.71.14.42"], "attr": ["funnel"]},
],
After reading some more i found out that the IP should be the tailscale ip of the tailscale machine.
How about if you have 2 machines with funnels, is this the correct syntax?
},
{"target": ["100.71.14.42"], "attr": ["funnel"]},
{"target": ["100.71.14.43"], "attr": ["funnel"]},
],
Or do you combine them on one line somehow?
In the default "funnel config" there seems to not use any ip as target.
Is there any way to make a "target ip wildcard"?
I found out that i can use:
"nodeAttrs": [
{"target": ["tag:container"], "ipPool": ["100.123.123.0/24"]},
],
To have all my containers use the ip range 100.123.123.***
But is there any way to have a "target ip wildcard" so that you dont have to update the access controls everytime i add a service or rebuild the containers so the machines get a new ip number?
I found out that this seems to work as "wildcard".
"nodeAttrs": [
{"target": ["tag:container"], "ipPool": ["100.123.123.0/24"]},
{"target": ["*"], "attr": ["funnel"]},
],
But does this expose all machines on the tailnet somehow?
Not only the ones in the ip range 100.123.123.0/24 ?
Or is it only the machines with the attr "funnel", and if so i guess i dont need to use the ipPool command?
I ended up using only this code:
"nodeAttrs": [
{"target": ["*"], "attr": ["funnel"]},
],
that seems to make all my "funnel" machines available online with my tailnet name as domainname.
Thank you for your service here! It was fun reading through the comments here and seeing you figure it out as you went.