Docs / Solutions

VPN from the couch to the office and HQ

A VPN built for the distributed workplace

If you’ve been working remotely lately, you may have noticed that the traditional VPN setup doesn’t hold up. Old VPNs connect to only one server at a time, which used to make sense– back when there was only one office to connect to. However, in today’s world devices and services are scattered all around the Internet: in multiple offices, data centers, cloud providers and continents.

This is where Tailscale fits in: Tailscale is an encrypted mesh network that connects to all your devices at once. It does so directly when it can, only using an encrypted relay when no other option is available. This minimizes latency and maximizes the security of your communications.

Here we’ll elaborate on Tailscale’s unique advantages as a modern VPN for a remote work environment.

Tailscale’s mesh network minimizes latency

With Tailscale, every node is directly connected to every other node, without having to pass through a central server. That means communications are low latency (high speed)– since there is no bottleneck– and more reliable. Tailscale takes care of NAT traversal so that devices can communicate directly. In fact, using Tailscale, users rarely need to open ports or reconfigure their firewalls. In the rare cases when NAT traversal fails, Tailscale relays encrypted traffic. This ensures that devices can always communicate if they need to (though this route is a bit slower).

Tailscale improves security

On each of your devices on your Tailscale network, Tailscale facilitates point-to-point traffic encryption. Since encrypted communications don’t pass through a relay, and each server acts as its own VPN gateway, unencrypted traffic is never exposed to the Internet. The connection between two servers is entirely facilitated by Tailscale, ensuring the security of users’ communications. Private keys never leave the device, so Tailscale cannot decrypt network traffic and nodes can never be impersonated.

On the coordination server, Tailscale offers a “shared dropbox” for public keys, where they can be found and exchanged by users. Public keys are distributed to every device that the node is permitted to talk to. Tailscale’s flexible role-based access control (RBAC) rules make this possible. Every user and every machine has a different view of the network according to their rights, and servers that shouldn’t be accessible don’t show up at all.

Multi-factor authentication (MFA) and Single sign-on (SSO) are also supported, as Tailscale integrates with commonly known identity providers.

Tailscale is easy to configure and maintain

Tailscale is designed to be a zero-configuration VPN, meaning a user can start a node without having to write configuration files or provide the IP addresses of other nodes. Users simply install and log into Tailscale on their device, and Tailscale takes over the job of configuration and secure key distribution. Network administrators also have access to the Tailscale administration console, letting them view all devices on their network and manually authorize or deauthorize devices, as needed.

In the modern workplace, Tailscale is a scalable VPN solution that simplifies the security, speed, and configuration needs of a range of users, from non-technical users to distributed corporations of any size. To learn about our product in more detail, check out our article, How Tailscale Works.

Last updated

WireGuard is a registered
trademark of Jason A. Donenfeld.

© 2021 Tailscale Inc.

Privacy & Terms