add --verify-clients option to embedded DERP server as tailscale derper support it #414

New Issue

adam · 2025-12-29T01:28:34+01:00

adam commented

2025-12-29 01:28:34 +01:00

Originally created by @heygo1345678 on GitHub (Jan 17, 2023).

Anyone that knows the IP address of your DERP node could add it to their DERP map and route their tailnet traffic through your DERP node. To allow only your tailnet traffic through your DERP node, run tailscaled on the same machine as your DERP node, and start derper with the --verify-clients flag:

sudo derper --hostname=your-hostname.com --verify-clients

Originally created by @heygo1345678 on GitHub (Jan 17, 2023). Anyone that knows the IP address of your DERP node could add it to their DERP map and route their tailnet traffic through your DERP node. To allow only your tailnet traffic through your DERP node, run tailscaled on the same machine as your DERP node, and start derper with the --verify-clients flag: sudo derper --hostname=your-hostname.com --verify-clients

adam added the enhancement label 2025-12-29 01:28:34 +01:00

adam closed this issue

2025-12-29 01:28:34 +01:00

adam commented

2025-12-29 01:28:35 +01:00

@vampywiz17 commented on GitHub (Jan 27, 2023):

https://github.com/juanfont/headscale/issues/740

I think it impact a huge performance problem if that not add it to embedded DERP server.... Please do this.

@vampywiz17 commented on GitHub (Jan 27, 2023): https://github.com/juanfont/headscale/issues/740 I think it impact a huge performance problem if that not add it to embedded DERP server.... Please do this.

adam commented

2025-12-29 01:28:36 +01:00

@juanfont commented on GitHub (Feb 5, 2023):

This is a duplicate of #740

@juanfont commented on GitHub (Feb 5, 2023): This is a duplicate of #740

Sign in to join this conversation.

Branches Tags

main

update_flake_lock_action

gh-pages

kradalby/release-v0.27.2

dependabot/go_modules/golang.org/x/crypto-0.45.0

dependabot/go_modules/github.com/opencontainers/runc-1.3.3

copilot/investigate-headscale-issue-2788

copilot/investigate-visibility-issue-2788

copilot/investigate-issue-2833

copilot/debug-issue-2846

copilot/fix-issue-2847

dependabot/go_modules/github.com/go-viper/mapstructure/v2-2.4.0

dependabot/go_modules/github.com/docker/docker-28.3.3incompatible

kradalby/cli-experiement3

doc/0.26.1

doc/0.25.1

doc/0.25.0

doc/0.24.3

doc/0.24.2

doc/0.24.1

doc/0.24.0

kradalby/build-docker-on-pr

topic/docu-versioning

topic/docker-kos

juanfont/fix-crash-node-id

juanfont/better-disclaimer

update-contributors

topic/prettier

revert-1893-add-test-stage-to-docs

add-test-stage-to-docs

remove-node-check-interval

fix-empty-prefix

fix-ephemeral-reusable

bug_report-debuginfo

autogroups

logs-to-stderr

revert-1414-topic/fix_unix_socket

rename-machine-node

port-embedded-derp-tests-v2

port-derp-tests

duplicate-word-linter

update-tailscale-1.36

warn-against-apache

ko-fi-link

more-acl-tests

fix-typo-standalone

parallel-nolint

tparallel-fix

rerouting

ssh-changelog-docs

oidc-cleanup

web-auth-flow-tests

kradalby-gh-runner

fix-proto-lint

remove-funding-links

go-1.19

enable-1.30-in-tests

0.16.x

cosmetic-changes-integration

tmp-fix-integration-docker

fix-integration-docker

configurable-update-interval

show-nodes-online

hs2021

acl-syntax-fixes

ts2021-implementation

fix-spurious-updates

unstable-integration-tests

mandatory-stun

embedded-derp

prtemplate-fix

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/headscale#414