Blog

Most of us have heard of role-based access control (RBAC) and its slightly updated successor, attribute-based access control (ABAC). But we don’t always appreciate all the great ideas they contain.

Today, we’re announcing a new pricing model for Tailscale that makes it less expensive for everyone, and easier to scale from a small test deployment to something your whole friend group, startup, or organization can use.

Check out the new pricing, or read on for details about what’s changed and why.

A lot of people use Tailscale with Network Attached Storage (NAS) devices. In an effort to make this technology more accessible we’re publishing this transcript of a conversation about the basics of Network Attached Storage between our past co-op student Naman Sood, and our Archmage of Infrastructure, Xe Iaso. Enjoy!

Tailscale is split into a control plane and a data plane. The data plane is built out of direct WireGuard links that provides end-to-end encryption between any two machines on the network. The control plane is responsible for verifying the identity of users, validating machine keys, and delivering the public keys of peers to each machine in the network. This document focuses on the management of keys in the control plane. For a broader overview of Tailscale, see “How Tailscale Works.”

Lately, I get people asking me when microservices are a good idea. In systems design explains the world, I talked about big-picture issues like second system effect, innovator’s dilemmas, and more. Can systems design answer the microservices question?

Yes, but you might not like the answers. First, we'll need some history.

If you’re like most people, your answer to this is… “What? Why?”

When ssh was introduced back in the 1990s, its appeal was simple. Passwords are too short, too guessable, too phishable, too often stored incorrectly, too MITM-able, too brute-forceable. Also its primary competition was rsh’s classic “no authentication,” but we don’t talk about that.

The team has been hard at work making Tailscale more Tailscale-y. Today we’re announcing v1.2 is stable and ready for teams and hobbyists alike. Most notably, this release includes MagicDNS for everyone and major improvements for our Windows client.

How to update:

• Linux: update instructions (apt update, install, etc.)
• Windows: update instructions
• macOS: update via the Mac App Store*
• iOS: update via the App Store*
• Android: update via the Play Store

*For macOS and iOS, you may need to quit Tailscale first; the App Store doesn’t seem to update running VPN apps.

Did you know that our CEO, apenwarr, is something of a B-list Internet celebrity? Part of his claim to fame is a pithy-but-informational blog, which contains a pithy-but-informational post detailing exactly how to handle and parse a distributed logging system correctly. Tailscale’s logging infrastructure follows this system in broad strokes.

We covered a lot of ground in our post about How Tailscale Works. However, we glossed over how we can get through NATs (Network Address Translators) and connect your devices directly to each other, no matter what’s standing between them. Let’s talk about that now!

We’re once again happy to announce a new version of Tailscale.

What comes after 0.99? 0.100, of course!

This is a pretty notable release, containing a major rewrite of our “magicsock” connection code that sits between WireGuard and the network, finding the best path between peers and getting through NATs.

If you’ve had any connection woes previously, definitely give this a try.

One catch, though: the new 0.100 connectivity code only kicks in if two peers trying to connect to each other are both running 0.100 or later. So make sure you update all your devices.

How to update:

• Linux: see https://pkgs.tailscale.com/stable/ (apt-get update, upgrade, etc)
• Windows: from that same page, download tailscale-ipn-setup-0.100.0-107.exe
• macOS: update from the Mac App Store (you’ll likely need to stop Tailscale first; the App Store doesn’t seem to update VPN apps that are running)
• iOS: we’re giving it a few days until we mark 0.100 as our stable build on iOS, but you can join our TestFlight beta program to get it today
• Android: the latest Tailscale Android beta builds use the new 0.100 connectivity code

In addition to the connectivity improvements, there are a number of other fixes and cleanups:

• The Linux client now respects DNS settings set in the Tailscale admin console.
• The Windows client now has “About” and “Exit” menu options. The “About” dialog will show the current stable version. (No auto-update option yet, but it’s a start.) Windows service start-up errors are now also surfaced in the UI, which is still a sad experience if it happens but should make for better Windows bug reports at least. We’re working on those. Long tail is long.
• The macOS client now stays off when you turn it off via the OS network settings.
• The tailscale status subcommand (only currently included on Linux) now consistently shows asterisks around a peer endpoint address only when that path is active, and also now shows asterisks around DERP relays if that’s what’s being used.

Enjoy!

And as always, email us or tweet us (@tailscale) if you have any problems and we’ll try to help.

At the beginning of May we welcomed our first ever batch of interns to the Tailscale team! They’ve all been hard at work the past few weeks, and we want to formally introduce them.

Joining us from the University of Waterloo are Zijie, Wendi, and Dmytro:

Zijie Lu (@lzjluzijie) is a Mathematics student at Waterloo. Originally from Beijing, Zijie has experience writing Go, React, and Vue, and is most known for his websocks project, a secure WebSocket-based HTTP proxy. (As soon as we saw that project, we knew he’d be a great fit.)

Zijie has never used, let alone owned an Apple device, instead preferring to run a dual-boot Fedora / Windows machine. In his spare time, he plays DOTA2, and is currently ranked in the top 2000 players in the Americas!

This term, Zijie will improving our network admin console, to make managing devices and auth settings easier for teams.

Wendi Yu (@wendi-yu) is studying Software Engineering. She’s a member of Waterloo’s rocketry design team, building tools to model tank fill and P&ID systems for rocket launches. (Tailscale’s own rocketry fans are excited to have another member join.) And if that wasn’t enough, she’s also a sousaphonist for Waterloo’s concert band. As she puts it, “There’s something immensely liberating about being able to honk back at the geese who attack me when I walk through campus.”

Currently based in Edmonton, Wendi is working on real-time auditing and visualization of networks to help teams secure and monitor their devices.

Dmytro Shynkevych (@dshynkev) is pursuing his Computer Science degree, and has already completed internships at SideFX, Cognite, and Kik Interactive, working on machine learning and 3D rendering projects.

Originally from Ukraine, in his spare time, Dmytro pseudonymously translates online content, mostly songs:

Doing so well, which is to say, localizing instead of merely translating, and preserving the rhythm (if not the rhyme) of poems and songs is a fun challenge!

He’s also excited about cybersecurity, and regularly participates in CTF competitions on weekends. He’s particularly proud of his 2018 team’s work in the CSAW Quals: “we were motivated, efficient, and worked in perfect synchrony.”

While at Tailscale, Dmytro is developing our MagicDNS feature, letting teams access network devices with memorable names, in addition to Tailscale IP addresses.

We’re happy to have Wendi, Zijie, and Dmytro with us! You’ll likely see their contributions on our public repositories over the next few months.