Skip to main content

SPR Tailscale

· 2 min read

Introducing SPR-TailScale

We've released a new iteration of the TailScale integration for SPR! This plugin was put together with @willy_wong.


Under The Hood

Getting this plugin to work in the first place required some thinking. The first was addressing a key missing feature for SPR: interface-based firewall rules and routing.


This capability lets SPR perform container microsegmentation. Any interface can be treated this way actually. It allows for connecting interfaces with policies and groups that SPR has not been explicitly programmed for, as well as providing them API access.

The TailScale plugin sets up its own policy based routing and firewall rules, so being able to run it inside of its own network namespace is ideal. SPR then uses the custom interface rule to route to the container's network and let it do the forwarding on its own.

Next, setting it up was awkward, painful. To fix this the SPR team added UX for plugins, and the ability to install a plugin via a URL with an OTP code verification. And today we've released this capability for spr-tailscale! It's supported from SPR version 0.3.7


What can it do ?

This integration lets SPR devices selectively access TailScale peers. And similarly, TailScale peers can be joined to SPR groups to give them access to SPR devices.

The Plugin presents a React Based UI and simplifies the install. After the install, a user needs to present their Auth Key and they're good to go.

The container can run as an exit node as well.

You can check out the spr-tailscale integration here!