Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Go back

March Tailscale newsletter

March 17 2021

We’ve got lots of content and product updates to share this month, so we’ll jump right in.

Community Writing

From the Tailscale team

  • Modules, Monoliths, and Microservices
    The latest of several essays on systems design, Avery Pennarun weighs the trade-offs between isolation and modularity when building software systems.
  • netaddr.IP: a new IP address type for Go
    Brad Fitzpatrick explains the issues with the Go standard library’s net.IP type, and how we’ve improved upon it with our new netaddr.IP which is now used across Tailscale’s servers and clients.
  • How often should I rotate my SSH keys?
    SSH keys are a core part of contemporary authentication practices. Avery discusses the history behind them, why they’re not perfect, and how often you should rotate them.

Tailscale v1.6

The latest version of Tailscale is available today! Learn how to update or read the full release notes on GitHub.

The flagship feature for this release is IPv6 support inside the tunnel (v1.6… IPv6… get it?) Supporting IPv6 inside the tunnel means we can finally build a feature we’ve been excited to share for some time: exit nodes.

Screenshot of Tailscale v1.6

Exit Nodes

By default, Tailscale is an overlay network: it routes and secures traffic between devices running Tailscale, but doesn’t touch your public internet traffic, such as when you visit Google or Twitter. In most cases, this is the right move. Communication between private devices (company servers, home computers) needs to be secured, but there’s no need to add extra layers of encryption or latency for a public internet connection.

However, there may be times when you do want Tailscale to route your public internet traffic: in a cafe with untrusted Wi-Fi, or when traveling overseas and needing access to an online service (such as banking) only available in your home country.

Exit nodes lets you opt-in to routing all non-Tailscale internet traffic through a specific device (an “exit node”) on your network.

Learn more from our documentation, or watch our demo video to see it in action →

Admin Console Updates

Alongside our client changes, we’ve also made a few small updates to the admin console.

A set of devices, like from the admin console, some showing ACL tags like tag:server, and tag:production.

The admin console now shows any ACL tags claimed by machines on your network.

ACL Tags let you define custom permissions for machines without inheriting permissions from the user who authenticated it. For example, tagging web server machines with tag:server means you can restrict them to only see a database server, without applying those restrictions to the administrator who configured the server.

This addition should make it vastly easier to configure (and debug) tags across your network.

A green dot with the text 'connected' demonstrating the new last seen indicator in the admin console.

And a long-overdue update to the way we display the “last seen” timestamp on the machines page means you can quickly scan through the list to see which devices are currently connected.

We hope you enjoy this release. We’d love to hear any feedback you have about how we can make Tailscale better. Send us an email or reply to @Tailscale on Twitter.

That’s all for now — stay well!

Subscribe to Tailscale’s blog

We have a deep commitment to keeping your data safe.

Too much email?RSSX
Loading...

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacrt
Retool
duolingo
mercari