Blog

A combination of our newsletter and other posts, where we talk about Tailscale, WireGuard®, 2-factor auth, and other networking-related topics.

Subscribe via email, RSS or follow our Twitter.

Archive / Page 2

RBAC like it was meant to be

Photo of Avery Pennarun
Avery Pennarun on

Most of us have heard of role-based access control (RBAC) and its slightly updated successor, attribute-based access control (ABAC). But we don’t always appreciate all the great ideas they contain.

August Tailscale newsletter

Laura Franzese on
Photo of Laura Franzese
This month’s newsletter has guides on running Tailscale on a Mango Router, running a Minecraft server on Tailscale, how to manage a Windows Firewall from Go, and Tailscale v1.14.

Programming the Windows firewall

David Anderson on
Photo of David Anderson
An introduction to the Windows Filtering Platform, and how to make your software program the Windows firewall.

July Tailscale newsletter

Laura Franzese on
Photo of Laura Franzese
Lots of community contributions to highlight this month! Thank you to everyone writing and sharing their enthusiasm for Tailscale. This month includes a community AWS Lambda Layer for Tailscale, Tailscale v1.12, and Taildrop for Android.

How to set up a private Minecraft server

Laura Franzese on
Photo of Laura Franzese
This post will guide you through the process on how to set up a secure, fast, and private Minecraft server with Tailscale.

June Tailscale newsletter

Laura Franzese on
Photo of Laura Franzese
It has been another productive month for the team here at Tailscale, and we are brimming with community contributions including a getting started video tutorial from David Burgess and a new guide by Justin Rhee on setting up a Tailscale VPN on Kubernetes. Let us jump in!

New Pricing

David Carney, Ross Zurowski and Sonia Appasamy on
Photo of David Carney
Photo of Ross Zurowski
Photo of Sonia Appasamy

Today, we’re announcing a new pricing model for Tailscale that makes it less expensive for everyone, and easier to scale from a small test deployment to something your whole friend group, startup, or organization can use.

Check out the new pricing, or read on for details about what’s changed and why.

Tailscale v1.10 & GitHub Auth

Laura Franzese on
Photo of Laura Franzese
Tailscale 1.10 is now available on all platforms (pending iOS approval to the App Store — we expect it to go through this weekend). Learn how to update or read on for details. While this was generally a bug fix and cleanup release, a few noteworthy changes happened in and around this release worth highlighting.

Taildrop was kind of easy, actually

Avery Pennarun on
Photo of Avery Pennarun
Taildrop was the first test of an experimental p2p app discovery layer in Tailscale. Let’s talk about why it was so easy to build, and where we go from here.

How to access your NAS drive remotely

Laura Franzese on
Photo of Laura Franzese
Use Tailscale to set up your NAS for access from any device

NAS 101: An intro chat about Network Attached Storage

Naman Sood and Xe Iaso on
Photo of Naman Sood
Photo of Xe Iaso

A lot of people use Tailscale with Network Attached Storage (NAS) devices. In an effort to make this technology more accessible we’re publishing this transcript of a conversation about the basics of Network Attached Storage between our past co-op student Naman Sood, and our Archmage of Infrastructure, Xe Iaso. Enjoy!

May Tailscale newsletter

Laura Franzese on
Photo of Laura Franzese
This has been a busy month, with the launch of Tailscale v1.8 and a new feature, Taildrop, that lets you easily send files between your devices.

Sending Files with Taildrop

Sonia Appasamy on
Photo of Sonia Appasamy
Taildrop is a feature that makes it easy to send files between your personal devices on a Tailscale network. Unlike cloud-based file transfer services, Taildrop’s peer-to-peer design makes it well-suited for lots of kinds of files you might want to send.

The long wondrous life of a Tailscale packet

Photo of Josh Bleecher Snyder
Josh Bleecher Snyder on
We track a single packet from creation in one process to arrival in another, far away.

Using GitHub Actions and Tailscale to build and deploy applications securely

Naman Sood on
Photo of Naman Sood
Automating deployment of a web server using GitHub Actions should be DevOps 101, so as a university student, it is the perfect time for me to be learning this. But what if, for security reasons, the server is accessible only over Tailscale?

Tailscale v1.8 is here!

Laura Franzese on
Photo of Laura Franzese
The latest version of Tailscale is available today! Learn how to update or read the full release notes on Github. This release contains a lot of general improvements, along with support for some upcoming feature previews.

April Tailscale newsletter

Laura Franzese on
Photo of Laura Franzese
April has us hard at work on our 1.8 stable release. We’ve got lots of great community contributions to highlight this month.

The Sisyphean Task Of DNS Client Config on Linux

Xe Iaso and David Anderson on
Photo of Xe Iaso
Photo of David Anderson
A brief history of DNS on Linux systems and what steps we are taking to ensure it is configured consistently in Tailscale 1.8.

March Tailscale newsletter

Ross Zurowski on
Photo of Ross Zurowski
March brings Tailscale v1.6, including IPv6 support, exit nodes, netstack integration, and more. We also have writing about using Tailscale to create a Dropbox-like system, and details about the new library Tailscale uses for IP addresses behind the scenes.

netaddr.IP: a new IP address type for Go

Brad Fitzpatrick on
Photo of Brad Fitzpatrick
The Go standard library’s net.IP type is problematic for a number of reasons. We wrote a new one.

Key management characteristics of the Tailscale Control Protocol

Photo of David Crawshaw
David Crawshaw on

Tailscale is split into a control plane and a data plane. The data plane is built out of direct WireGuard links that provides end-to-end encryption between any two machines on the network. The control plane is responsible for verifying the identity of users, validating machine keys, and delivering the public keys of peers to each machine in the network. This document focuses on the management of keys in the control plane. For a broader overview of Tailscale, see “How Tailscale Works.”

Modules, monoliths, and microservices

Avery Pennarun on
Photo of Avery Pennarun

Lately, I get people asking me when microservices are a good idea. In systems design explains the world, I talked about big-picture issues like second system effect, innovator’s dilemmas, and more. Can systems design answer the microservices question?

Yes, but you might not like the answers. First, we'll need some history.

How often should I rotate my ssh keys?

Photo of Avery Pennarun
Avery Pennarun on

If you’re like most people, your answer to this is… “What? Why?”

When ssh was introduced back in the 1990s, its appeal was simple. Passwords are too short, too guessable, too phishable, too often stored incorrectly, too MITM-able, too brute-forceable. Also its primary competition was rsh’s classic “no authentication,” but we don’t talk about that.

February Tailscale newsletter

Ross Zurowski on
Photo of Ross Zurowski
This past month we announced our sharing beta, released v1.4, and have a slew of new writing and podcasts about Tailscale to share with you all.

Philosophy of Tailscale: Social proximity networks

Photo of Xe Iaso
Xe Iaso on
Tailscale enables you to create networks between people you are close to. This article spells out our philosophy of social proximity networks as opposed to physical proximity networks you use today.

Sharing over Tailscale

Photo of Ross Zurowski
Ross Zurowski on
Today, we’re launching sharing as a public beta feature. Sharing lets you invite users outside your network to access your private devices securely. It makes it easy to host game servers with friends, host open-source software for family, collaborate with contractors, and much more.

Tailscale on NixOS: A new Minecraft server in ten minutes

Photo of Xe Iaso
Xe Iaso on
How to provision a new NixOS machine on Digital Ocean with nixos-infect and automatically connect it to your Tailscale network, then use that server to set up a fully private Minecraft world.

Hello 2021!

Laura Franzese on
Photo of Laura Franzese
As we start the new year, we want to take a moment to thank the community around Tailscale for making 2020 a stand out year, reflect on where we’ve been, and where we’re headed next…

An unlikely database migration

Brad Fitzpatrick and David Crawshaw on
Photo of Brad Fitzpatrick
Photo of David Crawshaw
When I first joined Tailscale, I was horrified to learn that “the database” was a single JSON file that was rewritten on any change. We migrated to something better.

Tailscale v1.2 is here

Brad Fitzpatrick and David Anderson on
Photo of Brad Fitzpatrick
Photo of David Anderson

The team has been hard at work making Tailscale more Tailscale-y. Today we’re announcing v1.2 is stable and ready for teams and hobbyists alike. Most notably, this release includes MagicDNS for everyone and major improvements for our Windows client.

How to update:

*For macOS and iOS, you may need to quit Tailscale first; the App Store doesn’t seem to update running VPN apps.

The next milestone for Tailscale

Photo of Avery Pennarun
Avery Pennarun on
Big news today! We’ve raised US$12 million in Series A funding led by Accel, with participation from Heavybit and Uncork Capital. The new funding follows the seed round we announced just a few months ago in April, and will allow us to build out our team and product at a faster pace, given the level of demand accompanying the world’s shift to remote work.

October Tailscale newsletter

Ross Zurowski on
Photo of Ross Zurowski
October brings two exciting new features courtesy of our summer co-op students, and some writing about Tailscale on Wi-Fi routers & NixOS from the community.

The Log Blog

Photo of Wendi Yu
Wendi Yu on

Did you know that our CEO, apenwarr, is something of a B-list Internet celebrity? Part of his claim to fame is a pithy-but-informational blog, which contains a pithy-but-informational post detailing exactly how to handle and parse a distributed logging system correctly. Tailscale’s logging infrastructure follows this system in broad strokes.

August Tailscale newsletter

Ross Zurowski on
Photo of Ross Zurowski
August brings Tailscale v1.0, now available for all platforms. It also brings new relay servers in Bangalore and Tokyo, and a new “guides” section to our knowledgebase, inspired by members of our community.

How NAT traversal works

Photo of David Anderson
David Anderson on

We covered a lot of ground in our post about How Tailscale Works. However, we glossed over how we can get through NATs (Network Address Translators) and connect your devices directly to each other, no matter what’s standing between them. Let’s talk about that now!

Tailscale for Android is Here

Laura Franzese on
Photo of Laura Franzese

Tailscale is the easiest way to create simple, secure networks for teams of any size.

Today we are announcing our Android App is officially out of beta and generally available in the Google Play Store. Android support has been one of our most requested features, and we are genuinely excited to bring it to everyone.

Tailscale v0.100

Brad Fitzpatrick on
Photo of Brad Fitzpatrick

We’re once again happy to announce a new version of Tailscale.

What comes after 0.99? 0.100, of course!

This is a pretty notable release, containing a major rewrite of our “magicsock” connection code that sits between WireGuard and the network, finding the best path between peers and getting through NATs.

If you’ve had any connection woes previously, definitely give this a try.

One catch, though: the new 0.100 connectivity code only kicks in if two peers trying to connect to each other are both running 0.100 or later. So make sure you update all your devices.

How to update:

In addition to the connectivity improvements, there are a number of other fixes and cleanups:

  • The Linux client now respects DNS settings set in the Tailscale admin console.
  • The Windows client now has “About” and “Exit” menu options. The “About” dialog will show the current stable version. (No auto-update option yet, but it’s a start.) Windows service start-up errors are now also surfaced in the UI, which is still a sad experience if it happens but should make for better Windows bug reports at least. We’re working on those. Long tail is long.
  • The macOS client now stays off when you turn it off via the OS network settings.
  • The tailscale status subcommand (only currently included on Linux) now consistently shows asterisks around a peer endpoint address only when that path is active, and also now shows asterisks around DERP relays if that’s what’s being used.

Enjoy!

And as always, email us or tweet us (@tailscale) if you have any problems and we’ll try to help.

IPv4, IPv6, and a sudden change in attitude

Avery Pennarun on
Photo of Avery Pennarun

A few years ago I wrote The World in Which IPv6 was a Good Design. I’m still pretty proud of that article, but I thought I should update it a bit.

No, I’m not switching sides. IPv6 is just as far away from universal adoption, or being a “good design” for our world, as it was three years ago. But since then I co-founded a company that turned out to be accidentally based on the principles I outlined in that article. Or rather, from turning those principles upside-down.

In that article, I explored the overall history of networking and the considerations that led to IPv6. I’m not going to cover that ground again. Instead, I want to talk about attitude.

June Tailscale newsletter

Ross Zurowski on
Photo of Ross Zurowski
Another month brings another round of updates: we released Tailscale v0.99, improved memory usage of our iOS app, and now have a public Android beta.

Meet Wendi, Zijie, and Dmytro

Ross Zurowski on
Photo of Ross Zurowski

At the beginning of May we welcomed our first ever batch of interns to the Tailscale team! They’ve all been hard at work the past few weeks, and we want to formally introduce them.

Joining us from the University of Waterloo are Zijie, Wendi, and Dmytro:

Zijie Lu (@lzjluzijie) is a Mathematics student at Waterloo. Originally from Beijing, Zijie has experience writing Go, React, and Vue, and is most known for his websocks project, a secure WebSocket-based HTTP proxy. (As soon as we saw that project, we knew he’d be a great fit.)

Zijie has never used, let alone owned an Apple device, instead preferring to run a dual-boot Fedora / Windows machine. In his spare time, he plays DOTA2, and is currently ranked in the top 2000 players in the Americas!

This term, Zijie will improving our network admin console, to make managing devices and auth settings easier for teams.

Wendi Yu (@wendi-yu) is studying Software Engineering. She’s a member of Waterloo’s rocketry design team, building tools to model tank fill and P&ID systems for rocket launches. (Tailscale’s own rocketry fans are excited to have another member join.) And if that wasn’t enough, she’s also a sousaphonist for Waterloo’s concert band. As she puts it, “There’s something immensely liberating about being able to honk back at the geese who attack me when I walk through campus.”

Currently based in Edmonton, Wendi is working on real-time auditing and visualization of networks to help teams secure and monitor their devices.

Dmytro Shynkevych (@dshynkev) is pursuing his Computer Science degree, and has already completed internships at SideFX, Cognite, and Kik Interactive, working on machine learning and 3D rendering projects.

Originally from Ukraine, in his spare time, Dmytro pseudonymously translates online content, mostly songs:

Doing so well, which is to say, localizing instead of merely translating, and preserving the rhythm (if not the rhyme) of poems and songs is a fun challenge!

He’s also excited about cybersecurity, and regularly participates in CTF competitions on weekends. He’s particularly proud of his 2018 team’s work in the CSAW Quals: “we were motivated, efficient, and worked in perfect synchrony.”

While at Tailscale, Dmytro is developing our MagicDNS feature, letting teams access network devices with memorable names, in addition to Tailscale IP addresses.

We’re happy to have Wendi, Zijie, and Dmytro with us! You’ll likely see their contributions on our public repositories over the next few months.

Subscribe for monthly updates

Product updates, blog posts, company news, and more.

Too much email? RSS Twitter