I use almost plain old wireguard, hosting a wg-easy container that has a nice web gui wrapper that makes it easy with QR codes, no configuration files to create like just wireguard. It's the technology that Tailscale uses, so why would you complicate it, adding more risk?
The incident seems like it was never exploited, and it was fixed within 24 hours. However, in my opinion, the fact that this COULD happen, let alone that id DID happen, is too much risk, and why I switched immediately after hearing about it.
AI overview of the incident:
TS-2023-001:
Node Sharing Across Tailnets Without Authorization (January 2023)
A bug in Tailscale's node sharing logic allowed the creation of sharing invitations by unauthorized users. A malicious individual who knew a target node's database ID could generate and accept a sharing invite for that node without being an admin of the target node's tailnet — for any node in any tailnet. Circl
So in practice, a node from one unrelated tailnet could be pulled into another person's tailnet without the owner's consent. A node's ID is only visible in the API or admin console, by admins of either the node's tailnet or a tailnet to which that node has already been shared Circl — which limited exploitability, since you'd need to already know the target's internal database ID (a random 64-bit integer, not easily guessable).
Tailscale fixed it server-side on 2023-01-12 and stated they verified it was never exploited. The bug reporter (Benjamin Roberts, HN user tsujamin) noted it was discovered accidentally while managing their own tailnet. The Hacker News thread praised Tailscale for deploying a fix within 24 hours:
ACL Overwrites Across Tailnets (May 2023 – July 2024)
There's also a second related incident that's perhaps even more alarming in concept: an admin user could overwrite the ACLs of one tailnet with ACLs from another tailnet. Any user who was an Admin in multiple tailnets and edited ACLs in the admin console between May 22, 2023 and July 17th, 2024 could trigger this bug after switching the active tailnet. Tailscale
This one involved the tailnet-switching feature in the admin console accidentally "bleeding" policy configuration between separate, unrelated tailnets.
The incident seems like it was never exploited, and it was fixed within 24 hours. However, in my opinion, the fact that this COULD happen, let alone that id DID happen, is too much risk, and why I switched immediately after hearing about it.
AI overview of the incident:
TS-2023-001:
Node Sharing Across Tailnets Without Authorization (January 2023) A bug in Tailscale's node sharing logic allowed the creation of sharing invitations by unauthorized users. A malicious individual who knew a target node's database ID could generate and accept a sharing invite for that node without being an admin of the target node's tailnet — for any node in any tailnet. Circl So in practice, a node from one unrelated tailnet could be pulled into another person's tailnet without the owner's consent. A node's ID is only visible in the API or admin console, by admins of either the node's tailnet or a tailnet to which that node has already been shared Circl — which limited exploitability, since you'd need to already know the target's internal database ID (a random 64-bit integer, not easily guessable). Tailscale fixed it server-side on 2023-01-12 and stated they verified it was never exploited. The bug reporter (Benjamin Roberts, HN user tsujamin) noted it was discovered accidentally while managing their own tailnet. The Hacker News thread praised Tailscale for deploying a fix within 24 hours:
https://news.ycombinator.com/item?id=34420142
TS-2024-002:
ACL Overwrites Across Tailnets (May 2023 – July 2024) There's also a second related incident that's perhaps even more alarming in concept: an admin user could overwrite the ACLs of one tailnet with ACLs from another tailnet. Any user who was an Admin in multiple tailnets and edited ACLs in the admin console between May 22, 2023 and July 17th, 2024 could trigger this bug after switching the active tailnet. Tailscale This one involved the tailnet-switching feature in the admin console accidentally "bleeding" policy configuration between separate, unrelated tailnets.