Archive / Page 4
Rolling out the red carpet for remote meetings
The world doesn’t need more words about remote meetings. So here’s a picture:

Tailscale joins the Synology Package Center
Tailscale is officially supported in the Synology package center. Tailscale + Synology makes it effortless to securely access your Synology NAS from anywhere in the world, on any device. You can also use it as a relay back to other devices on your LAN.
You can use Tailscale with Kubernetes, you know


Given that this week is the epic all-things-cloud-native reunion in LA, we thought we might crash your little party and mention that Tailscale already works well with containers and Kubernetes. Many of us here at Tailscale used to work on Kubernetes, and keep it close to our hearts even if we’re not at KubeCon this week (and sorry, we love YAML, but use HuJSON now).
Tailscale v1.16
Tailscale 1.16 is out! The latest Linux, Windows, and Android clients are available today (see our update instructions), while macOS and iOS will be available over the next few days, pending App Store reviews.
We break down the work that’s happened in and around the release of Tailscale 1.16.
Enable device approval and set key expiry in the admin console


We’ve made a few settings easier for you to manage in the admin console: device approval and key expiry.

Hey linker, can you spare a meg?
Tailscale on iOS runs as a special kind of app, a Network Extension. This lets us run in the background, so we can secure traffic from all of your applications, without them having to change anything. But with this power comes a memory straightjacket. Normal iOS apps can use 5GB or so of memory before iOS kills them. We get 15MB. With an “M”.
That has been a constant pain point for our users—and especially for us. When we use too much memory, iOS snipes our network extension, and your VPN access goes down. And the knowledge that doing more work caused more crashes caused us to leave important improvements out of the iOS app, like http2 and UPnP support. It was a constant low level drain on our engineering team and our product.
This blog post is about how we tackled the problem, with a bit of philosophizing and a surprise twist at the end.
September Tailscale newsletter
Action required: Upgrade Tailscale to 1.14.4+ prior to updating Windows
Due to recent changes in Windows Update, upgrading the operating system on a Windows 10 or Windows 11 machine running Tailscale may break Tailscale connectivity. If this happens, your machine will no longer be able to connect to your tailnet. To avoid this issue, upgrade Tailscale on your Windows machines to Tailscale 1.14.4 or later before running Windows Update.
Provision TLS certificates for your internal Tailscale services
Connections between Tailscale nodes are already secured with end-to-end encryption—that’s a huge benefit of being built on WireGuard®. However, browsers are not aware of that because they rely on verifying the TLS certificate of a domain.
To protect a website with an HTTPS URL, you need a TLS certificate from a public Certificate Authority. Tailscale now makes that easily available for the machines in your Tailscale network, also known as a tailnet, with certificates provisioned from Let’s Encrypt.
Even more for free: Tailscale for open source projects
Tailscale loves open source. We know that it can be tough to develop a project in the open, and collaborate with individuals and organizations around the world.
We’re excited to announce that Tailscale is free for GitHub organizations using Tailscale for open source projects. And given Tailscale is good at, well, making connections, friends and family who coordinate using GitHub organization accounts can also benefit from this free plan.
We get stuck opening the socket
Private DNS with MagicDNS


Connect a GitHub Action to your Tailscale network — now in GitHub marketplace!
A few months back we released a GitHub Action to make it easier for you to access Tailscale. This allows a GitHub Action you’re running to first connect to Tailscale using an ephemeral authentication key, then perform other steps. Ephemeral auth keys clean up their state after the runner finishes, meaning you’re not persisting a connection to your network.
We’re excited that our GitHub Action is now available in the marketplace! This means that with the Connect Tailscale action, you can easily pull this into whatever actions you write.
RBAC like it was meant to be
Most of us have heard of role-based access control (RBAC) and its slightly updated successor, attribute-based access control (ABAC). But we don’t always appreciate all the great ideas they contain.
August Tailscale newsletter
Programming the Windows firewall
July Tailscale newsletter
How to set up a private Minecraft server
June Tailscale newsletter
New Pricing



Tailscale v1.10 & GitHub Auth
Taildrop was kind of easy, actually
How to access your NAS drive remotely
NAS 101: An intro chat about Network Attached Storage


A lot of people use Tailscale with Network Attached Storage (NAS) devices. In an effort to make this technology more accessible we’re publishing this transcript of a conversation about the basics of Network Attached Storage between our past co-op student Naman Sood, and our Archmage of Infrastructure, Xe Iaso. Enjoy!
May Tailscale newsletter
Sending Files with Taildrop
The long wondrous life of a Tailscale packet
Using GitHub Actions and Tailscale to build and deploy applications securely

Tailscale v1.8 is here!
April Tailscale newsletter
The Sisyphean Task Of DNS Client Config on Linux


March Tailscale newsletter
netaddr.IP: a new IP address type for Go
Key management characteristics of the Tailscale Control Protocol
Tailscale is split into a control plane and a data plane. The data plane is built out of direct WireGuard links that provides end-to-end encryption between any two machines on the network. The control plane is responsible for verifying the identity of users, validating machine keys, and delivering the public keys of peers to each machine in the network. This document focuses on the management of keys in the control plane. For a broader overview of Tailscale, see “How Tailscale Works.”
Modules, monoliths, and microservices
Lately, I get people asking me when microservices are a good idea. In systems design explains the world, I talked about big-picture issues like second system effect, innovator’s dilemmas, and more. Can systems design answer the microservices question?
Yes, but you might not like the answers. First, we'll need some history.
How often should I rotate my ssh keys?
If you’re like most people, your answer to this is… “What? Why?”
When ssh was introduced back in the 1990s, its appeal was simple. Passwords are too short, too guessable, too phishable, too often stored incorrectly, too MITM-able, too brute-forceable. Also its primary competition was rsh’s classic “no authentication,” but we don’t talk about that.
February Tailscale newsletter
Philosophy of Tailscale: Social proximity networks

Sharing over Tailscale
Tailscale on NixOS: A new Minecraft server in ten minutes
