Connections between Tailscale nodes are already secured with end-to-end encryption—that’s a huge benefit of being built on WireGuard. However, browsers are not aware of that because they rely on verifying the TLS certificate of a domain.
To protect a website with an HTTPS URL, you need a TLS certificate from a public Certificate Authority. Tailscale now makes that easily available for the machines in your Tailscale network, also known as a tailnet, with certificates provisioned from Let’s Encrypt.
Tailscale loves open source. We know that it can be tough to develop a project in the open, and collaborate with individuals and organizations around the world.
We’re excited to announce that Tailscale is free for GitHub organizations using Tailscale for open source projects. And given Tailscale is good at, well, making connections, friends and family who coordinate using GitHub organization accounts can also benefit from this free plan.
A few months back we released a GitHub Action to make it easier for you to access Tailscale. This allows a GitHub Action you’re running to first connect to Tailscale using an ephemeral authentication key, then perform other steps. Ephemeral auth keys clean up their state after the runner finishes, meaning you’re not persisting a connection to your network.
We’re excited that our GitHub Action is now available in the marketplace! This means that with the Connect Tailscale action, you can easily pull this into whatever actions you write.
Most of us have heard of role-based access control (RBAC) and its slightly updated successor, attribute-based access control (ABAC). But we don’t always appreciate all the great ideas they contain.
Today, we’re announcing a new pricing model for Tailscale that makes it less expensive for everyone, and easier to scale from a small test deployment to something your whole friend group, startup, or organization can use.
Check out the new pricing, or read on for details about what’s changed and why.
A lot of people use Tailscale with Network Attached Storage (NAS) devices. In an effort to make this technology more accessible we’re publishing this transcript of a conversation about the basics of Network Attached Storage between our past co-op student Naman Sood, and our Archmage of Infrastructure, Christine Dodrill. Enjoy!
Tailscale is split into a control plane and a data plane. The data plane is built out of direct WireGuard links that provides end-to-end encryption between any two machines on the network. The control plane is responsible for verifying the identity of users, validating machine keys, and delivering the public keys of peers to each machine in the network. This document focuses on the management of keys in the control plane. For a broader overview of Tailscale, see “How Tailscale Works.”
Lately, I get people asking me when microservices are a good idea. In systems design explains the world, I talked about big-picture issues like second system effect, innovator’s dilemmas, and more. Can systems design answer the microservices question?
Yes, but you might not like the answers. First, we'll need some history.
If you’re like most people, your answer to this is… “What? Why?”
When ssh was introduced back in the 1990s, its appeal was simple. Passwords are too short, too guessable, too phishable, too often stored incorrectly, too MITM-able, too brute-forceable. Also its primary competition was rsh’s classic “no authentication,” but we don’t talk about that.
The team has been hard at work making Tailscale more Tailscale-y. Today we’re announcing v1.2 is stable and ready for teams and hobbyists alike. Most notably, this release includes MagicDNS for everyone and major improvements for our Windows client.
How to update:
- Linux: update instructions (apt update, install, etc.)
- Windows: update instructions
- macOS: update via the Mac App Store*
- iOS: update via the App Store*
- Android: update via the Play Store
*For macOS and iOS, you may need to quit Tailscale first; the App Store doesn’t seem to update running VPN apps.
Did you know that our CEO, apenwarr, is something of a B-list Internet celebrity? Part of his claim to fame is a pithy-but-informational blog, which contains a pithy-but-informational post detailing exactly how to handle and parse a distributed logging system correctly. Tailscale’s logging infrastructure follows this system in broad strokes.