About WireGuard and 2FA/MFA login
WireGuard® is a modern and fast encrypted networking protocol that offers a number of performance benefits over traditional VPNs and TLS. Among other important features, WireGuard uses Curve25519 for key exchange, which keeps the negotiation phase extremely lightweight and fast. It also has a very low cost per live session, so it can keep direct connections open to a large number of nodes at once.
Tailscale builds on top of WireGuard by adding automatic mesh configuration, single sign-on (SSO), 2-factor/multi-factor authentication (2FA/MFA), NAT traversal, TCP transport, and centralized Access Control Lists (ACLs).
Tailscale’s client software includes the open source WireGuard-Go, which we regularly contribute to.
Wondering how it all fits together? Read How Tailscale Works.