Skip to content

SimplyMinimal/tailscale-network-topology-mapper

Repository files navigation

Tailscale Network Topology Mapper

A visual way to view your ACL rules for Tailscale

I occasionally find myself just wanting to get a glance of how my ACL rules look without reading through the code. This is also useful for showing how our policies are set up to people who are not devs by trade.

alt text

Initial Set Up

  1. You will need Python3 and git installed.
  2. git clone https://github.com/SimplyMinimal/tailscale-network-topology-mapper
  3. cd tailscale-network-topology-mapper
  4. pip install -r requirements.txt
  5. Copy your ACL policy into the contents of the example policy.hujson
  6. Edit create-network-map.py and change COMPANY_DOMAIN="example.com" to your actual company domain

Execution

  1. Run python create-network-map.py to generate your network map. It should produce an updated network_topology.html file that you can open in your browser.

You can filter down to specific groups or nodes using the filter bar at the top or by clicking on a node on the graph.

Github Action Workflow

If you would like to have the network map be automatically updated whenever you push an update to your ACL file then take a look at this example workflow: .github/workflows/tailscale.yml

Limitations

  • This project is in an early alpha stage.
  • It can only map what is available in the ACL policy file. It is not an active scanning tool that will seek out other hosts.
  • It only focuses on the ACL rules themselves but eventually this may start capturing ALL the available valid ACL sections.

Pull requests welcome! :)

Experimental Ideas and TODOs

  • Use tailscale debug netmap to build a more in-depth map
  • Allow switching between layers such as port level, host level, user/group level