An alphabetical list of terms or words found in or relating to a specific subject, text, or dialect, with explanations; a brief dictionary.


  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z


Admin console

The admin console is where you find detailed information about your tailnet. You can manage nodes on your network, users and their permissions, and settings such as key expiry. The admin console also informs you if an update to the Tailscale client is available for your device. Changes to your tailnet are immediately published to all relevant machines by the coordination server.

The admin console is located at

Access control lists

Tailscale uses network access control lists (ACLs), to precisely define what a particular user or device is permitted to access on your tailnet.


Corporate VPN

A corporate VPN extends the office network to remote locations. This used to mean accessing shared files on a workstation from home via a laptop, and as the business use of computing has increased in scope, so has the business VPN.

Read more →

Coordination server

All machines in a tailnet maintain a connection with a centralized coordination server in order to exchange metadata such as encryption keys, network topology changes, and access policy changes. The coordination server is part of the control plane only, not the data plane - it is not responsible for relaying traffic between machines and so avoids being a performance bottleneck.


IPv4 vs. IPv6

According to the history article on ARIN, IPv6 design began in the mid-1990s and the first IPv6 draft standard was published in 1998. The first public IPv6 address assignments were made in 1999, officially beginning the rollout process.

Read more →


Key expiry

Tailscale uses WireGuard to enable encrypted connections between machines. With Tailscale, private encryption keys are fully managed by clients, and the coordination server is only used to distribute public encryption keys.

Using Tailscale means you never have to manage encryption keys directly. Keys are set to automatically expire and must be regenerated at regular intervals. For long-lived cloud servers and other IoT devices, you may disable key expiry from the admin console.



While a Tailscale IP address uniquely identifies a machine in the tailnet, it is neither easy for humans to remember or type. [Tailscale’s MagicDNS service](Tailscale’s MagicDNS service) provides the ability to map a memorable hostname to the Tailscale IP address.


Network topology

A computer network is a set of machines that can communicate with one another either directly or indirectly through another machine. Traditional VPN technologies operate as a “hub-and-spoke” network where each machine communicates with another by having all traffic routed through a central gateway machine. Tailscale operates as a mesh network, where each machine is able to communicate directly with one another using NAT traversal.

NAT traversal

Most machines on the Internet are unable to naively communicate due to the presence of firewalls and devices that perform Network Address Translation. NAT traversal works around these barriers through a number of techniques. See “How NAT traversal works” for more details.



When a direct connection between two machines cannot be established, then the only way to communicate is through an intermediate relay that both machines are able to communicate with. Tailscale’s relay servers are known as Designated Encrypted Relay for Packets, or DERP. In a vast majority of cases, machines can establish a direct connection, and only a small amount of traffic must instead be routed through DERP.

Relays are distributed globally — New York City, Dallas, Seattle, London, San Francisco, Frankfurt, Tokyo, Sydney, Bangalore, Singapore… and we keep adding more relays as we go along.


Tailscale IP address

Each machine in a tailnet is assigned a unique IP address that never changes for your device, even when the machine device switches between home Ethernet, cellular hotspot, or coffee shop Wi-Fi networks. The address is assigned by the coordination server and always of the form 100.x.y.z (for example, 100.12.345.67). Use MagicDNS to automatically register memorable hostnames for machines in the network.


The set of machines in a Tailscale network is referred to as a tailnet. Each machine in the tailnet is considered a node and is assigned a unique Tailscale IP address by the coordination server. Nodes can directly communicate with one another unless the traffic is restricted by the tailnet’s access control lists (ACLs).


VPN built for the distributed workplace

If you’ve been working remotely lately, you may have noticed that the traditional VPN setup doesn’t hold up. Old VPNs connect to only one server at a time, which used to make sense– back when there was only one office to connect to. However, in today’s world devices and services are scattered all around the Internet: in multiple offices, data centers, cloud providers and continents.

Read more →


Zero Trust Networking

Zero Trust Networking (ZTN) is an architecture descended from Google’s BeyondCorp design.

Although many products now advertise “zero trust,” it is not always clear exactly what it means. We summarize it this way: zero trust means that you can’t trust the physical network anymore.

Read more →

Get started for free.

Try Tailscale out for free on your own devices.