When a device is shared with someone outside their network, the hostname is not automatically shared. This means the assumption of peerstash-<username> being a routable address (due to tailscale magic DNS) is incorrect. Instead, the actual tailscale IP address must be used to connect to the remote device.
Technically it works if you add each friend to your tailnet, but the whole point is that you share devices instead of adding users to access your entire tailnet. This defeats the whole purpose of using tailscale device sharing, and must be fixed before real use.
To resolve this issue, when the share key is generated (peerstash id), the container's tailscale IP should be grabbed from tailscale status --json and added to the share key. Then, while registering (peerstash register), the peer's IP will be stored in the database. This will be a breaking change to the database and to share keys.
When a device is shared with someone outside their network, the hostname is not automatically shared. This means the assumption of
peerstash-<username>being a routable address (due to tailscale magic DNS) is incorrect. Instead, the actual tailscale IP address must be used to connect to the remote device.Technically it works if you add each friend to your tailnet, but the whole point is that you share devices instead of adding users to access your entire tailnet. This defeats the whole purpose of using tailscale device sharing, and must be fixed before real use.
To resolve this issue, when the share key is generated (
peerstash id), the container's tailscale IP should be grabbed fromtailscale status --jsonand added to the share key. Then, while registering (peerstash register), the peer's IP will be stored in the database. This will be a breaking change to the database and to share keys.