Tailscale 1.6 now has Exit Node feature which is great but it suffers the same ACL visibility issue as regular node list.
Expect:
Node N is assigned Exit Node status
User A does not have access to Node N via ACL
User B does have access to Node N via ACL
Only user B should have access to Node N Exit Node via Windows/Android/iOS/Mac GUI. Should not allow User B to activate Exit Node that violates ACL. Should not even show Node N as an option for Exit Node.
Actual
Both User A and B can select and activate the exit node but it will work work with User B. Activating Exit Node N for User A will just bring all packets offline as if network is completely off.
There is no visual feedback telling user A that this Exit Node is not usable.
Unlike the Node List ACL visibility issue, Exit Node visibility/activation issue is worsened by the fact the client activates the node in green color and the user fully expects to use it.
Tailscale 1.6 now has Exit Node feature which is great but it suffers the same ACL visibility issue as regular node list.
Expect:
Node N is assigned Exit Node status
User A does not have access to Node N via ACL
User B does have access to Node N via ACL
Only user B should have access to Node N Exit Node via Windows/Android/iOS/Mac GUI. Should not allow User B to activate Exit Node that violates ACL. Should not even show Node N as an option for Exit Node.
Actual
Both User A and B can select and activate the exit node but it will work work with User B. Activating Exit Node N for User A will just bring all packets offline as if network is completely off.
There is no visual feedback telling user A that this Exit Node is not usable.
Unlike the Node List ACL visibility issue, Exit Node visibility/activation issue is worsened by the fact the client activates the node in green color and the user fully expects to use it.