Tailscale runs DERP relay servers distributed around the world to link your Tailscale nodes peer-to-peer as a side channel during NAT traversal, and as a fallback in case NAT traversal fails and a direct connection cannot be established.
Because Tailscale private keys never leave the node where they were generated, there is never a way for a DERP server to decrypt your traffic. A DERP server just blindly forwards already-encrypted traffic from one node to another.
Tailscale runs DERP servers in many locations. As of September 2022, this list includes:
- Australia (Sydney)
- Brazil (São Paulo)
- Canada (Toronto)
- Dubai (Dubai)
- France (Paris)
- Germany (Frankfurt)
- Hong Kong (Hong Kong)
- India (Bangalore)
- Japan (Tokyo)
- Kenya (Nairobi)
- Netherlands (Amsterdam)
- Poland (Warsaw)
- Singapore (Singapore)
- South Africa (Johannesburg)
- Spain (Madrid)
- United Kingdom (London)
- United States (Chicago, Dallas, Denver, Honolulu, Los Angeles, Miami, New York City, San Francisco, and Seattle)
Tailscale clients automatically select the nearest relay for low latency. Tailscale is continually expanding and adding more DERP servers as needed in order to provide low-latency connections.
Generally, you don’t need to customize Tailscale DERP servers. However, in addition to or instead of using the Tailscale DERP servers, you can run your own custom DERP servers. Possible use cases are for policy compliance and lower latency.
- The devices running Tailscale gets the list of DERP servers from the coordination server, and this is saved locally.
- If the coordination server is down but the DERP servers are up, then the Tailscale client still has the last known state for list of DERP servers.
- If the Tailscale client restarts, it will still have the list of DERP servers and doesn’t need to fetch them from the coordination server.
- If a DERP server is added while the coordination server is down, it won’t get shared out. It will be added the next time the Tailscale client connects to the coordination server.
- If one DERP server in a region becomes unreachable, another server is chosen.
- If the DERP region becomes unreachable, then the Tailscale client will choose the next closest region.
- If all DERP servers go down, only existing direct connections can continue to be made.
Generally no, but an end user moving around (e.g. from home to the coffee shop) may intermittently use DERP servers to establish connections.